To be licit, every processing of personal data has to fulfil certain requirements regarding the form and the content. The amended Act of 2 August 2002 sets certain criteria that have to be met when processing personal data.
The Data Protection Act determines about 4 main aspects that must be taken into account by the data controller to guarantee an adequate protection of privacy:
- Legitimacy and lawfulness of processing personal data,
- Respect of the data subjects' rights,
- Data security and confidentiality measures,
- Prior declaration of processing to the National Commission.