54.
(1) For the purposes of section 51(2) (b) of the Act, the processing of personal data by a national security organ referred to in Article 239 (1) of the Constitution in furtherance of their mandate constitutes a processing for national security.
(2) Despite sub-regulation (1), a data controller or data processor who processes personal data for national security and wishes to be exempt on that ground shall apply to the Cabinet Secretary for an exemption.
(3) The Cabinet Secretary shall, upon being satisfied that the grounds supporting the application are sufficient, issue a certificate of exemption.
(4) The Cabinet Secretary may revoke a certificate of exemption issued, at any time, where the grounds on which the certificate was issued no longer apply.