We assist you with the registration as controller or processor with the Data Protection Office (DPO). We also assist you with the renewal of the registration certificate before its expiry.

Registration

Registration as controller or processor with the Data Protection Commissioner is an obligation for every person who controls and/or processes personal data.

A controller is a person who determines the purposes and means of the processing of personal data and has decision making power with respect to the collection, processing, storage, transfer and handling of personal data.

A processor means a person who processes personal data on behalf of a controller.

Failure to register as data controller or processor is an offence under the Data Protection Act 2017 (DPA). A fine not exceeding Rs 200,000 and an imprisonment for a term not exceeding 5 years may be imposed if convicted.

Personal Data

Personal data is any information relating to a specific individual such as his name, address, ID/passport number, phone number.

Sensitive personal data means personal data in relation to racial or ethnic origin, political opinion or adherence, religious or philosophical beliefs, membership of a trade union, physical or mental health, sexual orientation, genetic or biometric data, commission or alleged commission of an offence, proceedings for an offence committed or alleged to have been committed.

Registration Certificate

Every person who controls and/or processes personal data shall be registered as controller and/or processor.

Upon successful registration, a registration certificate is issued which is valid for 3 years.

Request for renewal of the certificate shall be made at least 3 months before its expiry date.

Contact us to register your company as a data controller and/or data processor.