Regulated Entities

National Cyber Governance and Assurance Affairs has developed a set of guidelines to support regulated entities in understanding their obligations under the PDPPL and to provide a degree of clarity around these requirements as well as where possible providing checklists and template documents to support controllers with compliance with the PDPPL. All Guidelines are available through the data privacy guidance hub.

The PDPPL requires that certain processing to be authorized, in advance from the competent department and certain situations to be reported to the competent department. The below forms have been developed to communicate the requests and notifications by the regulated entities to the Competent department.

Personal Data Breach Notification

This form needs to be filled by controllers to notify National Cyber Governance and Assurance Affairs of a personal data breach that they have suffered. This form should be read and completed in conjunction with National Cyber Governance and Assurance Affair’s Personal Data Breach Notification Guidelines for Regulated Entities to understand the PDPPL requirements for personal data breach notifications.

Special Nature Permissions Request

This form will need to be filled out when requesting permission from the Competent department National Cyber Governance and Assurance Affairs for processing personal data of a special nature. This form should be read and completed in conjunction with National Cyber Governance and Assurance Affair’s Special Nature Processing Guidelines for Regulated Entities to ascertain the adequacy of data protection measures around the special nature processing.