s.45Enforcement orders
45
Section 45Part 6ENFORCEMENT

Enforcement orders

←→ Navigate  ·  Click subsection badges to collapse  ·  Press ? for help

If the Commissioner is satisfied that there are reasonable grounds for believing that a data controller has contravened, is contravening or is likely to contravene any provision of this Law, the Commissioner may, with a view to effecting the data controller’s compliance with the provision, by way of an order served on the data controller, require that data controller to —
take specified steps within a specified time, or to refrain from taking specified steps after a specified time;
refrain from processing any personal data, or any personal data of a specified description;
refrain from processing data for a specified purpose or in a specified manner, after a specified time; or
do anything which appears to the Commissioner to be incidental or conducive to the carrying out of the Commissioner’s functions under this Law.
An enforcement order shall include —
a statement of the provision which the Commissioner is satisfied has been or is being contravened and the reasons for reaching that conclusion; and
particulars of the right to seek judicial review conferred by section 47.
If —
an order requires a data controller to rectify, block, erase or destroy any personal data; or
the Commissioner is satisfied that personal data that have been rectified, blocked, erased or destroyed had been processed in contravention of any of the data protection principles,
that order may, if it is reasonably practicable, require the data controller to notify third parties to whom the data have been disclosed of the rectification, blocking, erasure or destruction.
The Commissioner shall, in determining whether it is reasonably practicable to require an enforcement order under subsection (3), have regard in particular to the number of persons who would have to be notified.

Cross References

Referenced By