The Regulations define specific principles and obligations with which both Data Controllers and Data Processors must comply. In particular, the Regulations specify six principles upon which all Processing of Personal Data must comply; these are:

• Lawfulness, fairness and transparency;
• Specific purpose;
• Data minimisation;
• Accuracy;
• Storage limitation; and
• Integrity and confidentiality of Processing.

QFC Data Controllers have no obligation to register with the Data Protection Office. However, they must report all Personal Data Breaches within 72 hours of becoming aware of them. See the Data Protection Resources page for the breach reporting form.