Data Protection rights in Mauritius
Did you know that on the 15 January 2018, the new data protection act was enforced in Mauritius?
The Act has the objective to strengthen the control and personal autonomy of data subjects (You) over their personal data in line with current relevant international standards and for matters related thereto.
This means that the regulation was amended to allow you to have the possibility of controlling your personal information, in accordance to international laws.
Personal data are information like name, date of birth, phone number, residential address, photo and CCTV recordings among others.
Those information are generally kept by organisations (Data controllers) such as your Current & Previous Employers, Shops, Shopping Malls and Service Providers.
Here below are some of your rights.
1. Right to be informed
The organisation that hold personal information, must inform you about the types of personal data being processed and why they are being processed. You have the right to know who has and will have access to their personal information, as well as how long that information will be kept. If it is not possible to establish how long the data will be kept, the data subject has the right to know the criteria used to determine how long personal data will be kept.
2. Right to access
You have the right to request, free of charge, confirmation from the relevant organisation as to whether the organisation is processing personal data on them and, if so, a copy of that data. The request has a one-month deadline for the controller to comply. You may also object to the processing of his or her personal data at any time in writing, unless the organisation can demonstrate compelling grounds for the processing that would override the data subject's right.
3. Right to rectification and erasure.
In addition, you have the right to request that the organisation correct any erroneous personal data that the controller may have. You can also ask the organisation to delete personal data on them if the reason for their collection has expired, or if you withdraw your consent that is the basis for the processing and there are no other legal grounds for the processing. You have the right to object to the processing in writing at any time unless the organisation has compelling legitimate grounds for doing so.
4. Right to object/opt-out
Unless the organisation has compelling legitimate grounds for the processing that override your interests, or the processing is required for the establishment, exercise, or defense of a legal claim, you have the right to object to the processing of personal data concerning him at any time.
5. Right not to be subject to automated decision-making
You have the right under the Act not to be subjected to a decision based exclusively on automated processing, including profiling, that has legal consequences for him or has a significant impact on him. This prohibition does not apply if the decision is made with the explicit consent of the data subject or under any other conditions set forth in the Act.
Special categories of personal data must not be used in an automated processing of personal data designed to evaluate specific elements relating to you.
6. Other rights
You have the right to lodge a complaint with the Data Protection Comission (DPC) if you have concerns with the manner your personal data are being processed.