Oct 17 2005 onwardsA Data Controller which seeks a permit from the QFC Authority to Process Sensitive Personal Data pursuant to Article 8(2) of the Data Protection Regulations must apply in writing to the QFC Authority setting out:
(A) the name of the Data Controller;
(B) the address of the Data Controller;
(C) the name, address, telephone number and e-mail address of the Person within the Data Controller responsible for making the application for the permit;
(D) a description of the Processing of Sensitive Personal Data for which the permit is being sought, including a description of the nature of the Sensitive Personal Data involved;
(E) the purpose of the Processing of the Sensitive Personal Data;
(F) the identity of the Data Subjects to whom the relevant Sensitive Personal Data relates, or in the event of classes of Data Subjects being affected, a description of the class of Data Subjects;
(G) the identity of any Person to whom the Data Controller intends disclosing the Sensitive Personal Data;
(H) to which jurisdictions, if known, such Sensitive Personal Data must be transferred outside of the QFC; and
(I) a description of the safeguards put into place by the Data Controller, to ensure the security of the Sensitive Personal Data.
| Derived from QFC RM01/2005 (as from 17th October 2005). |
