Jump to content

Page:Personal Data Protection Act 2012.pdf/27

From Wikisource
This page has been proofread, but needs to be validated.
28
NO. 26 OF 2012


Power to review

28.—(1) On the application of a complainant, the Commission may review—

(a) a refusal to provide access to personal data requested by the complainant under section 21, or a failure to provide such access within a reasonable time;
(b) a fee required from the complainant by an organisation in relation to a request by the complainant under section 21 or 22; or
(c) a refusal to correct personal data in accordance with a request by the complainant under section 22, or a failure to make such correction within a reasonable time.

(2) Upon completion of its review under subsection (1), the Commission may—

(a) confirm the refusal to provide access to the personal data, or direct the organisation to provide access to the personal data, within such time as the Commission may specify;
(b) confirm, reduce or disallow a fee, or direct the organisation to make a refund to the complainant; or
(c) confirm the refusal to correct the personal data, or direct the organisation to correct the personal data, in such manner and within such time as the Commission may specify.

Power to give directions

29.—(1) The Commission may, if it is satisfied that an organisation is not complying with any provision in Parts III to VI, give the organisation such directions as the Commission thinks fit in the circumstances to ensure compliance with that provision.

(2) Without prejudice to the generality of subsection (1), the Commission may, if it thinks fit in the circumstances to ensure compliance with Parts III to VI, give the organisation all or any of the following directions:

(a) to stop collecting, using or disclosing personal data in contravention of this Act;