The Regulations define specific principles and obligations with which both Data Controllers and Data Processors must comply. In particular, the Regulations specify six principles upon which all Processing of Personal Data must comply; these are:
QFC Data Controllers have no obligation to register with the Data Protection Office. However, they must report all Personal Data Breaches within 72 hours of becoming aware of them. See the Data Protection Resources page for the breach reporting form.