GDPR Compliance Act 2018

In accordance with the Supreme Directive of the Empire of Adammia, on the authority of the Ruling Council and His Imperial Majesty the Emperor, this following Act of Council is hereby enacted, with the purpose of making the Imperial Government compliant with the European Union's General Data Protection Regulation (GDPR), and requiring other Adammic corporate bodies to be similarly compliant.

Section 1

• a) The Ministry of Citizenship and Information must ensure that all of its personal records of Adammic citizens are securely held, such that only employees of the Imperial Government, the Office of the Emperor and the Office of State may see these records.
• b) If any employee of the Imperial Government causes any data relating to personal records of Adammic citizens to be accessible by any person or organisation outside of the Imperial Government, the Office of the Emperor, and the Office of State, then that employee has committed an offence of criminal negligence. A court which finds an employee guilty of this offence in this manner may order that the offender pay a fine of up to £10 to His Majesty's Imperial Treasury and may order the Imperial Government to fire the offender from their job.
• c) If any employee of the Imperial Government causes any data relating to personal records of Adammic citizens to be accessible by any person or organisation outside of the Imperial Government, the Office of the Emperor, and the Office of state, so that it can be used to commit a crime, then that employee has committed an offence of corruption. A court which finds an employee guilty of this offence in this manner may order that the offender pay a fine of up to £40 to His Majesty's Imperial Treasury, may order the Imperial Government to fire the offender from their job, may order titles and honours to be stripped from the offender, and may order for the offender's citizenship to be revoked.
• d) It is defined that the Imperial Government holds data on citizens of Adammia for the purposes of:
  • i) implementing Adammic law;
  • ii) compiling statistics, which do not identify any individual citizens based on that data.

Section 2

• a) All persons who apply for Adammic citizenship, as part of their application, must confirm that they consent for the data they provide to be stored for the duration of their citizenship and for that data to be used in accordance with Section 1 Subsection (d) of this Act, in order for their application to be accepted.
• b) Citizenship applications made by persons under the age of 13 must not be accepted, unless their parent or guardian has consented in accordance with subsection (a) on their behalf.

Section 3

• a) All full and honourary citizens have the right to ask the Ministry of Citizenship and Information what data is held on them by the Imperial Government and what it is being used for. The Ministry of Citizenship and Information must reply truthfully within a reasonable time frame.
• b) All full and honourary citizens have the right to request that any data held on them by the Imperial Government be rectified by the Ministry of Citizenship and Information. The Ministry of Citizenship and Information must comply with this request within a reasonable time frame.
• c) All full and honourary citizens have the right to request that any data held on them by the Imperial Government be deleted. The Ministry of Citizenship and Information must comply with this request within a reasonable time frame, but may require that the citizenship of the citizen in question be downgraded or rescinded if the data being deleted would be required for the purposes of implementing Adammic law were that citizen to continue their citizenship.

Section 4

• a) For the purposes of this section, a “corporate legal entity” is any legal entity within Adammia that is not an individual citizen and is not part of the Imperial Government, the Office of State, and the Office of the Emperor; this can include all privately-owned companies, local and colonial governments, political parties, sports associations et cetera.
• b) All corporate legal entities shall have the responsibility of implementing the General Data Protection Regulation.
• c) Any corporate legal entity found by a court to have failed to comply with subsection (b) may be ordered by the court to pay a fine of up to £40 to His Majesty's Imperial Treasury, as well as damages to any Adammic citizens negatively affected by this failure.
• d) Any corporate legal entity found by a court to have deliberately failed to comply with subsection (b) for the purposes of committing a crime may be ordered by the court to pay a fine of up to £60 to His Majesty's Imperial Treasury, as well as damages to any Adammic citizens negatively affected by this failure.
• e) If any individual employee of a corporate legal entity causes data held on Adammic citizens by that entity to be made accessible by persons or organisations outside of that entity, without the permission of the citizens on whom the data is held, then that employee has committed an offence of criminal negligence. A court which finds an employee guilty of this offence in this manner may order that the offender pay a fine of up to £10 to His Majesty's Imperial Treasury and may order the offender's employer to fire the offender from their job.
• f) If any individual employee of a corporate legal entity causes data held on Adammic citizens by that entity to be made accessible by persons or organisations outside of that entity, for the purposes of committing a crime, then that employee has committed an offence of data smuggling. A court which finds an employee guilty of this offence in this manner may order that the offender pay a fine of up to £40 to His Majesty's Imperial Treasury, may order the offender's employer to fire the offender from their job, and may order titles and honours to be stripped from the offender.
• g) For the purposes of the General Data Protection Regulation, the Ministry of Citizenship and Information shall be considered the supervisory authority for all corporate legal entities in Adammia. In the event of a data breach, the corporate legal entity responsible must report the breach to the Ministry of Citizenship and Information, and all citizens affected by the breach, within 72 hours; else, it will not be considered compliant with subsection (b).

Written and tabled by His Imperial Majesty Emperor Adam I: Adamus Primus Imperator

PASSED
6 in favour
4 not present

Signed,
Adamus Primus Imperator

29th April 2018 14:55
XXIX.IV.MMXVIII
CXIX.VI.ADAMVS I