(1) The Commissioner may require a department of government to prepare a privacy impact assessment if the initiatives covered by the privacy impact assessment are of a wide scope, or use personal data of a nature that may require the protection of the personal data of an individual.
(2) A privacy impact assessment shall be in the prescribed form and shall be submitted to the Commissioner for approval.
(3) Where a privacy impact assessment is submitted in accordance with subsection (2), the Commissioner shall evaluate the privacy impact assessment in accordance with the Data Protection Principles and where necessary, make recommendations to the department of government for revision and amendment of the privacy impact assessment.
(4) A privacy impact assessment approved by the Commissioner shall be implemented by the department of government in the manner directed by the Commissioner.
(Inserted by Act 2 of 2015)
2nd Floor Francis Compton Building, Waterfront,Castries, Saint Lucia