For the purposes of this law, “personal data” refers to any information relating to an identified or identifiable natural person. This includes, but is not limited to, names, identification numbers, location data, and other identifiers. “Data subject” refers to the individual whose personal data is being processed. “Data controller” is defined as the entity that determines the purposes and means of processing personal data, while a “data processor” refers to any entity that processes data on behalf of the data controller. “Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressing agreement to the processing of their personal data.
2. Scope
This law applies to all entities, both public and private, that collect, process, or store personal data within the jurisdiction. It covers a wide range of activities, including the collection, storage, and sharing of personal data by businesses, government agencies, non-governmental organizations, and other entities. The law extends to both digital and physical data processing, ensuring that personal information is protected across various mediums and platforms. Additionally, it applies to data processing activities carried out by both domestic and foreign entities if they affect individuals within the jurisdiction.
1. Purpose
The primary purpose of this Law on the Protection of Personal Data is to safeguard the privacy and rights of individuals by regulating the collection, storage, and processing of personal data. This law seeks to ensure that personal information is handled responsibly and transparently, promoting trust between individuals and organizations. It also aims to establish clear guidelines for data controllers and processors to prevent misuse of personal data and to establish measures for the secure processing and transfer of data, in compliance with international standards and best practices.