Page:Personal Data Protection Act 2012.pdf/17

18 terms that correspond to the provisions of any written law concerning the disclosure of that information by the Commission.

(4) The Commission may give an undertaking to a foreign data protection body that it will comply with terms specified in a requirement made of the Commission by the foreign data protection body to give such an undertaking where—
 * (a) those terms correspond to the provisions of any law in force in the country or territory in which the foreign data protection body is established, being provisions which concern the disclosure by the foreign data protection body of the information referred to in paragraph (b); and
 * (b) compliance with the requirement is a condition imposed by the foreign data protection body for furnishing information in its possession to the Commission pursuant to a co‑operation agreement.

(5) In this section—
 * “foreign data protection body” means a body in whom there are vested functions under the law of another country or territory with respect to the enforcement or the administration of provisions of law of that country or territory concerning data protection;
 * “regulatory authority” includes the Commission and any foreign data protection body.

PART III GENERAL RULES WITH RESPECT TO PROTECTION OF PERSONAL DATA Compliance with Act

11.—(1) In meeting its responsibilities under this Act, an organisation shall consider what a reasonable person would consider appropriate in the circumstances.

(2) An organisation is responsible for personal data in its possession or under its control.