10.
(1) Where the Data Commissioner declines to approve an
application for registration, the Data Commissioner shall within
twenty-one days from the date of such decision—
(a) notify, in writing, the applicant of the refusal; and
(b) provide reasons for such refusal.
(2) The Data Commissioner may decline to grant an application
for registration, where the—
(a) particulars provided for inclusion in an entry in the register
are insufficient;
(b) appropriate safeguards for the protection of the privacy of
the data subject have not been provided by the data
controller or a data processor; or
(c) the data controller or data processor is in violation of any
provisions of the Act and these Regulations.
(3) A data controller or data processor whose application for
registration has been declined under these Regulations may make a
fresh application upon complying with the requirements specified in the
refusal notice.
(4) An application under sub-regulation (3) shall be processed as
any other application and in the manner specified under these
Regulations.