Data Controllers’ Registry
(1) Under the supervision of the Board, the Data Controllers’ Registry shall be kept by the Presidency and be made publicly available.
(2) Natural or legal persons who process personal data shall register with the Data Controllers’ Registry prior to the start of data processing. However, by taking into account the objective criteria set by the Board such as the nature and quantity of the data processed, that data processing is laid down in a law, or transferring the data to third parties, the Board may provide derogation from the obligation of registration with the Data Controllers’ Registry.
(3) Application for registration with the Data Controllers’ Registry shall be made with a notification including:
- a) The identity and address of the data controller and of its representative, if any,
- b) The purpose for which the personal data will be processed,
- c) The explanations relating to group(s) of persons subject to the data and the data categories of these persons,
- ç) The recipients or groups of recipients to whom the personal data may be transferred,
- d) The personal data which are envisaged to be transferred abroad,
- e) The measures taken concerning the security of personal data.
- f) The maximum storage period necessary for the purpose for which personal data are processed.
(4) Any changes in the information given pursuant to the third paragraph shall be immediately notified to the Presidency
(5) Other procedures and principles relating to the Data Controllers’ Registry shall be laid down through a by-law.