Rules no. 231/2012

RULES

no. 231/2012

on division of tasks between the Board and employees of the Data Protection Authority.

Article 1.

Division of duties between the Board and the Commissioner.

The Commissioner is in charge of daily management, hires other employees and is responsible for financial matters and personnel management for the Authority. 

The Board of the Data Protection Authority makes decisions, regarding handling of cases and the activities of the Authority, that are put before the Board for approval or dismissal according to these rules.  

 

Article 2.

Division of duties between the Board and the Secretariat.

The Secretariat, under the supervision of the Commissioner, is responsible for the following tasks:

1.      General monitoring of the application of the Data Protection Act.

  1. Providing answers to general inquiries.
  2. Handling applications for permits, receiving notifications and giving orders/instructions, pursuant to Art. 37, Para. 3, Point 1 of the Data Protection Act.
  3. To guide those who plan to process personal data, pursuant to Art. 37, Para. 3, Point 5 on the Data Protection Act.
  4. Making decisions or giving orders following a tip or an inspection on the Authority's own initiative.
  5. Deciding on a dismissal of a case.
  6. Deciding on the payment of costs resulting from monitoring, including costs regarding an audit, pursuant to Art. 37, Para. 4, of the Data Protection Act. 
  7. International co-operation
  8. Other tasks that the Board entrusts the Commissioner with. 

The following decisions and results of case-handling shall be put before the Board of the Data Protection Authority for approval or dismissal:

1.      Rulings on cases of dispute concerning the processing of personal data, pursuant to Art. 37, Para. 2, of the Data Protection Act.

  1. Opinions on draft bills and other rules regarding the processing of personal data, pursuant to Art. 37, Para. 3, Point 6, of the Data Protection Act.
  2. Decisions to impose daily fines, pursuant to Art. 41 of the Data Protection Act.
  3. Decisions on bringing a charge against a controller or processor to the police for violating the provisions of the Data Protection Act or rules passed in accordance with the Act.
  4. Rules that are passed in accordance with the Data Protection Act and changes to those rules. 
  5. The Commissioner can decide to put before the Board other cases that are important for policy making as regards the interpretation of the provisions of the Data Protection Act or issues which are considered important for other reasons.  

Article 3

The operating budget and monitoring of the Authority's operations.

The Board monitors the operations of the Authority. The Commissioner presents before the Board the operating budget of the Authority for the following year. The Commissioner is responsible for all communication with the Ministry and the budgetary authority regarding the Authority's budget.

The Commissioner shall put the annual report of the Data Protection Authority before the Board for approval.

 

Article 4

Qualifications of Members of the Board.

A substitute Member shall take the place of a Member of the Board of the Data Protection Authority, if he has been asked to attend the meeting due to the disqualification of a Board Member, pursuant to Art. 3 of the Administrative Procedures Act, No 37/1993. The disqualified Board Member does not take part in the preparation, handling or the decision-making regarding the case in question and the substitute takes his place.

Members of the Board shall in all respect consider their qualification when participating in preparations, handling or decision-making in each case. Members of the Board shall notify the Secretariat as soon as possible if they consider themselves to be disqualified from participating in case proceedings that are to be discussed during the next meeting of the Board. In order to be able to assess their qualifications, Members of the Board shall notify the Commissioner or Chairman of the Board if they are in doubt whether or not they are disqualified from discussing the case. If either the Commissioner or the Chairman considers that the Member of the Board in question is disqualified, they are allowed to demand that he disqualifies himself before the contents of the case are introduced.

The Board decides on how to move forward when the Commissioner considers himself disqualified in handling a case.

In other regards, the Administrative Procedures Act applies.                       

 

Article 5.

Meetings of the Board.

Meetings of the Board shall in principle be held on a monthly basis unless absence or summer vacations prevent it. Substitute Members are allowed to attend Board meetings. Members of the Board shall notify the Secretariat as soon as possible if they cannot attend a meeting. The Secretariat is responsible for assembling substitutes. 

The Chairman of the Board prepares cases before meetings in consultation with the Secretariat and chairs the meeting.

The Commissioner attends the meetings with the right to speak and put forward proposals.

The Board is qualified to make decisions if three Board Members attend the meeting or their substitutes, in their absence. If Board Members do not agree, the decision shall be determined by majority vote. The vote of the Chairman determines the decision if the votes are even. If a decision on a certain case cannot wait until the next meeting and there is not enough time to call a meeting, it is allowed to ask for the confirmation of the majority of the Board outside a meeting. For a decision to be considered approved at least three Members of the Board have to agree to it. 

Documents regarding cases to be decided on during a meeting shall be sent to the Board at least five days before each meeting.

Minutes of Board meetings shall be recorded. The minutes shall attest who attend the meetings, the subject matters of the meetings, decisions that are taken and other information that is considered necessary. The minutes shall also contain the documentation that is put forward during the meetings.

Article 6

Confidentiality

Those who attend a Board meeting, and those who have access to documentation provided before the meetings, are obliged to observe confidentiality in regard to matters of which they gain knowledge in their work and shall be regarded as confidential according to law. The obligation of confidentiality remains even if the Board Member leaves his post.

 

Article 7

Entry into force

These rules are passed in accordance with Art. 36, Para. 8, of the Data Protection Act and shall enter into force immediately.

 

As agreed upon at a meeting of the Board on 14 February 2012. 

Björg Thorarensen,

Chairman of the Board of  the Data Protection Authority

Was the content helpful? Yes No