- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Pwynt Penodol mewn Amser (23/02/2017)
- Gwreiddiol (Fel y'i Deddfwyd)
Point in time view as at 23/02/2017.
There are currently no known outstanding effects for the Coroners and Justice Act 2009, Part 8 .
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
After section 41 of the Data Protection Act 1998 (c. 29) insert—
(1)The Commissioner may serve a data controller within subsection (2) with a notice (in this Act referred to as an “assessment notice”) for the purpose of enabling the Commissioner to determine whether the data controller has complied or is complying with the data protection principles.
(2)A data controller is within this subsection if the data controller is—
(a)a government department,
(b)a public authority designated for the purposes of this section by an order made by the Secretary of State, or
(c)a person of a description designated for the purposes of this section by such an order.
(3)An assessment notice is a notice which requires the data controller to do all or any of the following—
(a)permit the Commissioner to enter any specified premises;
(b)direct the Commissioner to any documents on the premises that are of a specified description;
(c)assist the Commissioner to view any information of a specified description that is capable of being viewed using equipment on the premises;
(d)comply with any request from the Commissioner for—
(i)a copy of any of the documents to which the Commissioner is directed;
(ii)a copy (in such form as may be requested) of any of the information which the Commissioner is assisted to view;
(e)direct the Commissioner to any equipment or other material on the premises which is of a specified description;
(f)permit the Commissioner to inspect or examine any of the documents, information, equipment or material to which the Commissioner is directed or which the Commissioner is assisted to view;
(g)permit the Commissioner to observe the processing of any personal data that takes place on the premises;
(h)make available for interview by the Commissioner a specified number of persons of a specified description who process personal data on behalf of the data controller (or such number as are willing to be interviewed).
(4)In subsection (3) references to the Commissioner include references to the Commissioner's officers and staff.
(5)An assessment notice must, in relation to each requirement imposed by the notice, specify—
(a)the time at which the requirement is to be complied with, or
(b)the period during which the requirement is to be complied with.
(6)An assessment notice must also contain particulars of the rights of appeal conferred by section 48.
(7)The Commissioner may cancel an assessment notice by written notice to the data controller on whom it was served.
(8)Where a public authority has been designated by an order under subsection (2)(b) the Secretary of State must reconsider, at intervals of no greater than 5 years, whether it continues to be appropriate for the authority to be designated.
(9)The Secretary of State may not make an order under subsection (2)(c) which designates a description of persons unless—
(a)the Commissioner has made a recommendation that the description be designated, and
(b)the Secretary of State has consulted—
(i)such persons as appear to the Secretary of State to represent the interests of those that meet the description;
(ii)such other persons as the Secretary of State considers appropriate.
(10)The Secretary of State may not make an order under subsection (2)(c), and the Commissioner may not make a recommendation under subsection (9)(a), unless the Secretary of State or (as the case may be) the Commissioner is satisfied that it is necessary for the description of persons in question to be designated having regard to—
(a)the nature and quantity of data under the control of such persons, and
(b)any damage or distress which may be caused by a contravention by such persons of the data protection principles.
(11)Where a description of persons has been designated by an order under subsection (2)(c) the Secretary of State must reconsider, at intervals of no greater than 5 years, whether it continues to be necessary for the description to be designated having regard to the matters mentioned in subsection (10).
(12)In this section—
“public authority” includes any body, office-holder or other person in respect of which—
an order may be made under section 4 or 5 of the Freedom of Information Act 2000, or
an order may be made under section 4 or 5 of the Freedom of Information (Scotland) Act 2002;
“specified” means specified in an assessment notice.
(1)A time specified in an assessment notice under section 41A(5) in relation to a requirement must not fall, and a period so specified must not begin, before the end of the period within which an appeal can be brought against the notice, and if such an appeal is brought the requirement need not be complied with pending the determination or withdrawal of the appeal.
(2)If by reason of special circumstances the Commissioner considers that it is necessary for the data controller to comply with a requirement in an assessment notice as a matter of urgency, the Commissioner may include in the notice a statement to that effect and a statement of the reasons for that conclusion; and in that event subsection (1) applies in relation to the requirement as if for the words from “within” to the end there were substituted “ of 7 days beginning with the day on which the notice is served ”.
(3)A requirement imposed by an assessment notice does not have effect in so far as compliance with it would result in the disclosure of—
(a)any communication between a professional legal adviser and the adviser's client in connection with the giving of legal advice with respect to the client's obligations, liabilities or rights under this Act, or
(b)any communication between a professional legal adviser and the adviser's client, or between such an adviser or the adviser's client and any other person, made in connection with or in contemplation of proceedings under or arising out of this Act (including proceedings before the Tribunal) and for the purposes of such proceedings.
(4)In subsection (3) references to the client of a professional legal adviser include references to any person representing such a client.
(5)Nothing in section 41A authorises the Commissioner to serve an assessment notice on—
(a)a judge,
(b)a body specified in section 23(3) of the Freedom of Information Act 2000 (bodies dealing with security matters), or
(c)the Office for Standards in Education, Children's Services and Skills in so far as it is a data controller in respect of information processed for the purposes of functions exercisable by Her Majesty's Chief Inspector of Eduction, Children's Services and Skills by virtue of section 5(1)(a) of the Care Standards Act 2000.
(6)In this section “judge” includes —
(a)a justice of the peace (or, in Northern Ireland, a lay magistrate),
(b)a member of a tribunal, and
(c)a clerk or other officer entitled to exercise the jurisdiction of a court or tribunal;
and in this subsection “tribunal” means any tribunal in which legal proceedings may be brought.
(1)The Commissioner must prepare and issue a code of practice as to the manner in which the Commissioner's functions under and in connection with section 41A are to be exercised.
(2)The code must in particular—
(a)specify factors to be considered in determining whether to serve an assessment notice on a data controller;
(b)specify descriptions of documents and information that—
(i)are not to be examined or inspected in pursuance of an assessment notice, or
(ii)are to be so examined or inspected only by persons of a description specified in the code;
(c)deal with the nature of inspections and examinations carried out in pursuance of an assessment notice;
(d)deal with the nature of interviews carried out in pursuance of an assessment notice;
(e)deal with the preparation, issuing and publication by the Commissioner of assessment reports in respect of data controllers that have been served with assessment notices.
(3)The provisions of the code made by virtue of subsection (2)(b) must, in particular, include provisions that relate to—
(a)documents and information concerning an individual's physical or mental health;
(b)documents and information concerning the provision of social care for an individual.
(4)An assessment report is a report which contains—
(a)a determination as to whether a data controller has complied or is complying with the data protection principles,
(b)recommendations as to any steps which the data controller ought to take, or refrain from taking, to ensure compliance with any of those principles, and
(c)such other matters as are specified in the code.
(5)The Commissioner may alter or replace the code.
(6)If the code is altered or replaced, the Commissioner must issue the altered or replacement code.
(7)The Commissioner may not issue the code (or an altered or replacement code) without the approval of the Secretary of State.
(8)The Commissioner must arrange for the publication of the code (and any altered or replacement code) issued under this section in such form and manner as the Commissioner considers appropriate.
(9)In this section “social care” has the same meaning as in Part 1 of the Health and Social Care Act 2008 (see section 9(3) of that Act).”
Commencement Information
I1S. 173 in force at 1.2.2010 for specified purposes by S.I. 2010/145, art. 2(2), Sch. para. 15
I2S. 173 in force at 6.4.2010 in so far as not already in force by S.I. 2010/816, art. 2, Sch. para. 12
(1)After section 52 of the Data Protection Act 1998 (c. 29) insert—
(1)The Commissioner must prepare a code of practice which contains—
(a)practical guidance in relation to the sharing of personal data in accordance with the requirements of this Act, and
(b)such other guidance as the Commissioner considers appropriate to promote good practice in the sharing of personal data.
(2)For this purpose “good practice” means such practice in the sharing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, and includes (but is not limited to) compliance with the requirements of this Act.
(3)Before a code is prepared under this section, the Commissioner must consult such of the following as the Commissioner considers appropriate—
(a)trade associations (within the meaning of section 51);
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(4)In this section a reference to the sharing of personal data is to the disclosure of the data by transmission, dissemination or otherwise making it available.
(1)When a code is prepared under section 52A, it must be submitted to the Secretary of State for approval.
(2)Approval may be withheld only if it appears to the Secretary of State that the terms of the code could result in the United Kingdom being in breach of any of its Community obligations or any other international obligation.
(3)The Secretary of State must—
(a)if approval is withheld, publish details of the reasons for withholding it;
(b)if approval is granted, lay the code before Parliament.
(4)If, within the 40-day period, either House of Parliament resolves not to approve the code, the code is not to be issued by the Commissioner.
(5)If no such resolution is made within that period, the Commissioner must issue the code.
(6)Where—
(a)the Secretary of State withholds approval, or
(b)such a resolution is passed,
the Commissioner must prepare another code of practice under section 52A.
(7)Subsection (4) does not prevent a new code being laid before Parliament.
(8)A code comes into force at the end of the period of 21 days beginning with the day on which it is issued.
(9)A code may include transitional provision or savings.
(10)In this section “the 40-day period” means the period of 40 days beginning with the day on which the code is laid before Parliament (or, if it is not laid before each House of Parliament on the same day, the later of the 2 days on which it is laid).
(11)In calculating the 40-day period, no account is to be taken of any period during which Parliament is dissolved or prorogued or during which both Houses are adjourned for more than 4 days.
(1)The Commissioner—
(a)must keep the data-sharing code under review, and
(b)may prepare an alteration to that code or a replacement code.
(2)Where, by virtue of a review under subsection (1)(a) or otherwise, the Commissioner becomes aware that the terms of the code could result in the United Kingdom being in breach of any of its Community obligations or any other international obligation, the Commissioner must exercise the power under subsection (1)(b) with a view to remedying the situation.
(3)Before an alteration or replacement code is prepared under subsection (1), the Commissioner must consult such of the following as the Commissioner considers appropriate—
(a)trade associations (within the meaning of section 51);
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(4)Section 52B (other than subsection (6)) applies to an alteration or replacement code prepared under this section as it applies to the code as first prepared under section 52A.
(5)In this section “the data-sharing code” means the code issued under section 52B(5) (as altered or replaced from time to time).
(1)The Commissioner must publish the code (and any replacement code) issued under section 52B(5).
(2)Where an alteration is so issued, the Commissioner must publish either—
(a)the alteration, or
(b)the code or replacement code as altered by it.
(1)A failure on the part of any person to act in accordance with any provision of the data-sharing code does not of itself render that person liable to any legal proceedings in any court or tribunal.
(2)The data-sharing code is admissible in evidence in any legal proceedings.
(3)If any provision of the data-sharing code appears to—
(a)the Tribunal or a court conducting any proceedings under this Act,
(b)a court or tribunal conducting any other legal proceedings, or
(c)the Commissioner carrying out any function under this Act,
to be relevant to any question arising in the proceedings, or in connection with the exercise of that jurisdiction or the carrying out of those functions, in relation to any time when it was in force, that provision of the code must be taken into account in determining that question.
(4)In this section “the data-sharing code” means the code issued under section 52B(5) (as altered or replaced from time to time).”
(2)In section 51 of the Data Protection Act 1998 (c. 29) (general duties of Commissioner), after subsection (5) insert—
“(5A)In determining the action required to discharge the duties imposed by subsections (1) to (4), the Commissioner may take account of any action taken to discharge the duty imposed by section 52A (data-sharing code).”
Commencement Information
I3S. 174 in force at 1.2.2010 by S.I. 2010/145, art. 2(2), Sch. para. 16
Schedule 20 contains further amendments of the Data Protection Act 1998 (c. 29).
Commencement Information
I4S. 175 in force at 1.2.2010 for specified purposes by S.I. 2010/145, art. 2(2), Sch. para. 17
I5S. 175 in force at 6.4.2010 for specified purposes by S.I. 2010/816, art. 2, Sch. para. 13
The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
Y Ddeddf Gyfan you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Y Ddeddf Gyfan heb Atodlenni you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Y Rhestrau you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.
Pwynt Penodol mewn Amser: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Testun a grëwyd gan yr adran o’r llywodraeth oedd yn gyfrifol am destun y Ddeddf i esbonio beth mae’r Ddeddf yn ceisio ei wneud ac i wneud y Ddeddf yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol. Cyflwynwyd Nodiadau Esboniadol ym 1999 ac maent yn cyd-fynd â phob Deddf Gyhoeddus ac eithrio Deddfau Adfeddiannu, Cronfa Gyfunol, Cyllid a Chyfnerthiad.
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
Impact Assessments generally accompany all UK Government interventions of a regulatory nature that affect the private sector, civil society organisations and public services. They apply regardless of whether the regulation originates from a domestic or international source and can accompany primary (Acts etc) and secondary legislation (SIs). An Impact Assessment allows those with an interest in the policy area to understand:
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys