The revision of the Data Protection Act, in force since 2008, allows companies to self-regulate. If they appoint a data protection officer and inform the FDPIC of this, they may in future refrain from registering their data collections with us. However, the position and person of the data protection officer must meet certain criteria.