Ministries, high-risk data processors mandated to register with OIC by June 1
WITH LESS than three weeks before data controllers are required to conform to the requirements of the Data Protection Act (DPA), the minister with responsibility for skills and digital transformation is urging government entities and data controllers in high-risk sectors to comply with the June 1, 2024 deadline for registration with the Office of the Information Commissioner (OIC).
In a ministerial statement in the Upper House yesterday, Senator Dr Dana Morris Dixon, minister without portfolio in the Office of the Prime Minister with responsibility for skills and digital transformation, said there will be no exemption to government ministries, departments and agencies to comply with the DPA.
Other categories of data controllers that Morris Dixon said must comply by June 1, next month, are data controllers in high-risk sectors such as financial, health, education, tourism and the information communication technology services.
In addition, Morris Dixon said that data controllers who are required to appoint a data protection officer and other controllers processing personal data for in excess of 10,000 data subjects are also required to be in compliance by the beginning of June.
“You may have a small business with two people who may be very data heavy in their data processing, it could be a third party data processor, they will have to comply,” she said.
Morris Dixon said the data controllers identified for prioritisation represent large stakeholder groupings that are important for the protection of consumers, who undertake transactions locally, regionally, and internationally.
“For these consumers, data protection and privacy practices are paramount in the conduct of their day-to-day business,” she added.
SAFEGUARD PERSONAL DATA
The Data Protection Act was enacted to safeguard personal data processed by organisations and individuals. It mandates that personal data must be collected for specific, lawful purposes and with explicit consent. This ensures that individuals have control over their personal information, significantly reducing the risk of misuse and unauthorised access.
The minister with responsibility for skills and digital transformation said the OIC will, over time, require other data controllers not previously listed to register and ensure their full compliance with the DPA.
The DPA was slated for implementation on December 1, 2023. However, Morris Dixon said through consultation the government acknowledged that most data controllers were not sufficiently prepared to meet the requirements for compliance with the law.
A six-month grace period was granted for all data controllers to become fully compliant with the provisions of the Act.