UK free legal information and UK free legal articles
 

Data Protection Act 1998

Home Free legal articles County courts Magistrate courts Crown courts UK parliament Acts
 
 
Free legal articles
Bulk Center
County court list
Combined court list
Magistrate court list
County and Magistrate court list
Crown court list
UK legal Acts
Sources of legal information
UK Acts Categories
Agriculture
Company and partnership
Data Protection
Environment
Finance and Tax
Health and safety
Land and Property
Trade and commerce
Wills and probate
 
Data Protection Act 1998 List of acts
 Selected UK Acts and Regulations
    Wills and probate
 
Crown Copyright Acknowledged
CONTENTS

Part I

Preliminary

1. Basic interpretative provisions.

2. Sensitive personal data.

3. The special purposes.

4. The data protection principles.

5. Application of Act.

6. The Commissioner and the Tribunal.

Part II

Rights of data subjects and others

7. Right of access to personal data.

8. Provisions supplementary to section 7.

9. Application of section 7 where data controller is credit reference agency.

10. Right to prevent processing likely to cause damage or distress.

11. Right to prevent processing for purposes of direct marketing.

12. Rights in relation to automated decision-taking.

13. Compensation for failure to comply with certain requirements.

14. Rectification, blocking, erasure and destruction.

15. Jurisdiction and procedure.

Part III

Notification by data controllers

16. Preliminary.

17. Prohibition on processing without registration.

18. Notification by data controllers.

19. Register of notifications.

20. Duty to notify changes.

21. Offences.

22. Preliminary assessment by Commissioner.

23. Power to make provision for appointment of data protection supervisors.

24. Duty of certain data controllers to make certain information available.

25. Functions of Commissioner in relation to making of notification regulations.

26. Fees regulations.

Part IV

Exemptions

27. Preliminary.

28. National security.

29. Crime and taxation.

30. Health, education and social work.

31. Regulatory activity.

32. Journalism, literature and art.

33. Research, history and statistics.

34. Information available to the public by or under enactment.

35. Disclosures required by law or made in connection with legal proceedings etc.

36. Domestic purposes.

37. Miscellaneous exemptions.

38. Powers to make further exemptions by order.

39. Transitional relief.

Part V

Enforcement

40. Enforcement notices.

41. Cancellation of enforcement notice.

42. Request for assessment.

43. Information notices.

44. Special information notices.

45. Determination by Commissioner as to the special purposes.

46. Restriction on enforcement in case of processing for the special purposes.

47. Failure to comply with notice.

48. Rights of appeal.

49. Determination of appeals.

50. Powers of entry and inspection.

Part VI

Miscellaneous and General

Functions of Commissioner

51. General duties of Commissioner.

52. Reports and codes of practice to be laid before Parliament.

53. Assistance by Commissioner in cases involving processing for the special purposes.

54. International co-operation.

Unlawful obtaining etc. of personal data

55. Unlawful obtaining etc. of personal data.

Records obtained under data subject’s right of access

56. Prohibition of requirement as to production of certain records.

57. Avoidance of certain contractual terms relating to health records.

Information provided to Commissioner or Tribunal

58. Disclosure of information.

59. Confidentiality of information.

General provisions relating to offences

60. Prosecutions and penalties.

61. Liability of directors etc.

Amendments of Consumer Credit Act 1974

62. Amendments of Consumer Credit Act 1974.

General

63. Application to Crown.

64. Transmission of notices etc. by electronic or other means.

65. Service of notices by Commissioner.

66. Exercise of rights in Scotland by children.

67. Orders, regulations and rules.

68. Meaning of “accessible record”.

69. Meaning of “health professional”.

70. Supplementary definitions.

71. Index of defined expressions.

72. Modifications of Act.

73. Transitional provisions and savings.

74. Minor and consequential amendments and repeals and revocations.

75. Short title, commencement and extent.

Schedules:

Schedule 1: The data protection principles.

Part I: The principles.

Part II: Interpretation of the principles in Part I.

Schedule 2: Conditions relevant for purposes of the first principle: processing of any personal data.

Schedule 3: Conditions relevant for purposes of the first principle: processing of sensitive personal data.

Schedule 4: Cases where the eighth principle does not apply.

Schedule 5: The Data Protection Commissioner and the Data Protection Tribunal.

Part I: The Commissioner.

Part II: The Tribunal.

Part III: Transitional provisions.

Schedule 6: Appeal proceedings.

Schedule 7: Miscellaneous exemptions.

Schedule 8: Transitional relief.

Part I: Interpretation of Schedule.

Part II: Exemptions available before 24th October 2001.

Part III: Exemptions available after 23rd October 2001 but before 24th October 2007.

Part IV: Exemptions after 23rd October 2001 for historical research.

Part V: Exemption from section 22.

Schedule 9: Powers of entry and inspection.

Schedule 10: Further provisions relating to assistance under section 53.

Schedule 11: Educational records.

Schedule 12: Accessible public records.

Schedule 13: Modifications of Act having effect before 24th October 2007.

Schedule 14: Transitional provisions and savings.

Schedule 15: Minor and consequential amendments.

Schedule 16: Repeals and revocations.

Part I: Repeals.

Part II: Revocations.

 

Part I
 
Preliminary
 
1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires—

“data” means information which—

(a) is being processed by means of equipment operating automatically in response to instructions given for that purpose,

(b) is recorded with the intention that it should be processed by means of such equipment,

(c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, or

(d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68;

“data controller” means, subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed;
“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller;
“data subject” means an individual who is the subject of personal data;
“personal data” means data which relate to a living individual who can be identified—

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

“processing”, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—

(a) organisation, adaptation or alteration of the information or data,

(b) retrieval, consultation or use of the information or data,

(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or

(d)alignment, combination, blocking, erasure or destruction of the information or data;
“relevant filing system” means any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operating automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible.

(2) In this Act, unless the context otherwise requires—

(a) “obtaining” or “recording”, in relation to personal data, includes obtaining or recording the information to be contained in the data, and

(b) “using” or “disclosing”, in relation to personal data, includes using or disclosing the information contained in the data.

(3) In determining for the purposes of this Act whether any information is recorded with the intention—

(a) that it should be processed by means of equipment operating automatically in response to instructions given for that purpose, or

(b) that it should form part of a relevant filing system,
it is immaterial that it is intended to be so processed or to form part of such a system only after being transferred to a country or territory outside the European Economic Area.

(4) Where personal data are processed only for purposes for which they are required by or under any enactment to be processed, the person on whom the obligation to process the data is imposed by or under that enactment is for the purposes of this Act the data controller. 

2 Sensitive personal data

In this Act “sensitive personal data” means personal data consisting of information as to—

(a) the racial or ethnic origin of the data subject,

(b) his political opinions,

(c) his religious beliefs or other beliefs of a similar nature,

(d) whether he is a member of a trade union (within the meaning of the [1992 c. 52.] Trade Union and Labour Relations (Consolidation) Act 1992),

(e) his physical or mental health or condition,

(f) his sexual life,

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

3 The special purposes

In this Act “the special purposes” means any one or more of the following—

(a) the purposes of journalism,

(b) artistic purposes, and

(c) literary purposes.

4 The data protection principles

(1) References in this Act to the data protection principles are to the principles set out in Part I of Schedule 1.

(2) Those principles are to be interpreted in accordance with Part II of Schedule 1.

(3) Schedule 2 (which applies to all personal data) and Schedule 3 (which applies only to sensitive personal data) set out conditions applying for the purposes of the first principle; and Schedule 4 sets out cases in which the eighth principle does not apply.

(4) Subject to section 27(1), it shall be the duty of a data controller to comply with the data protection principles in relation to all personal data with respect to which he is the data controller.

5 Application of Act

(1) Except as otherwise provided by or under section 54, this Act applies to a data controller in respect of any data only if—

(a) the data controller is established in the United Kingdom and the data are processed in the context of that establishment, or

(b) the data controller is established neither in the United Kingdom nor in any other EEA State but uses equipment in the United Kingdom for processing the data otherwise than for the purposes of transit through the United Kingdom.

(2) A data controller falling within subsection (1)(b) must nominate for the purposes of this Act a representative established in the United Kingdom.

(3) For the purposes of subsections (1) and (2), each of the following is to be treated as established in the United Kingdom—

(a) an individual who is ordinarily resident in the United Kingdom,

(b) a body incorporated under the law of, or of any part of, the United Kingdom,

(c) a partnership or other unincorporated association formed under the law of any part of the United Kingdom, and

(d) any person who does not fall within paragraph (a), (b) or (c) but maintains in the United Kingdom—

(i) an office, branch or agency through which he carries on any activity, or

(ii) a regular practice;
and the reference to establishment in any other EEA State has a corresponding meaning.

6 The Commissioner and the Tribunal

(1) The office originally established by section 3(1)(a) of the [1984 c. 35.] Data Protection Act 1984 as the office of Data Protection Registrar shall continue to exist for the purposes of this Act but shall be known as the office of Data Protection Commissioner; and in this Act the Data Protection Commissioner is referred to as “the Commissioner”.

(2) The Commissioner shall be appointed by Her Majesty by Letters Patent.

(3) For the purposes of this Act there shall continue to be a Data Protection Tribunal (in this Act referred to as “the Tribunal”).

(4) The Tribunal shall consist of—

(a) a chairman appointed by the Lord Chancellor after consultation with the Lord Advocate,

(b) such number of deputy chairmen so appointed as the Lord Chancellor may determine, and

(c) such number of other members appointed by the Secretary of State as he may determine.

(5) The members of the Tribunal appointed under subsection (4)(a) and (b) shall be—

(a) persons who have a 7 year general qualification, within the meaning of section 71 of the [1990 c. 41.] Courts and Legal Services Act 1990,

(b) advocates or solicitors in Scotland of at least 7 years' standing, or

(c) members of the bar of Northern Ireland or solicitors of the Supreme Court of Northern Ireland of at least 7 years' standing.

(6) The members of the Tribunal appointed under subsection (4)(c) shall be—

(a) persons to represent the interests of data subjects, and

(b) persons to represent the interests of data controllers.

(7) Schedule 5 has effect in relation to the Commissioner and the Tribunal.

 
See more for Data Protection Act 1998
 
Crown Copyright Acknowledged
 
 

Web Developers
Copyright © 2017 Agreement Desk. All right reserved