Chwilio Deddfwriaeth

Data Protection Act 2018

 Help about what version

Pa Fersiwn

  • Y Diweddaraf sydd Ar Gael (Diwygiedig)
  • Gwreiddiol (Fel y'i Deddfwyd)
 Help about advanced features

Nodweddion Uwch

Changes over time for: SCHEDULE 21

 Help about opening options

Alternative versions:

Changes to legislation:

Data Protection Act 2018, SCHEDULE 21 is up to date with all changes known to be in force on or before 27 November 2024. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.

View outstanding changes

Changes and effects yet to be applied to the whole Act associated Parts and Chapters:

Whole provisions yet to be inserted into this Act (including any effects on those provisions):

Section 213

[F1SCHEDULE 21U.K.Further transitional provision etc

This Atodlen has no associated Nodiadau Esboniadol

Part 1U.K.Interpretation

The applied GPDRU.K.

1In this Schedule, “the applied GDPR” means the EU GDPR as applied by Chapter 3 of Part 2 before IP completion day.

Part 2U.K.Continuation of existing acts etc

Merger of the directly applicable GDPR and the applied GDPRU.K.

2(1)On and after IP completion day, references in an enactment to the UK GDPR (including the reference in the definition of “the data protection legislation” in section 3(9)) include—

(a)the EU GDPR as it was directly applicable to the United Kingdom before IP completion day, read with Chapter 2 of Part 2 of this Act as it had effect before IP completion day, and

(b)the applied GDPR, read with Chapter 3 of Part 2 of this Act as it had effect before IP completion day.

(2)On and after IP completion day, references in an enactment to, or to a provision of, Chapter 2 of Part 2 of this Act (including general references to this Act or to Part 2 of this Act) include that Chapter or that provision as applied by Chapter 3 of Part 2 of this Act as it had effect before IP completion day.

(3)Sub-paragraphs (1) and (2) have effect—

(a)in relation to references in this Act, except as otherwise provided;

(b)in relation to references in other enactments, unless the context otherwise requires.

3(1)Anything done in connection with the EU GDPR as it was directly applicable to the United Kingdom before IP completion day, the applied GDPR or this Act—U.K.

(a)if in force or effective immediately before IP completion day, continues to be in force or effective on and after IP completion day, and

(b)if in the process of being done immediately before IP completion day, continues to be done on and after IP completion day.

(2)References in this paragraph to anything done include references to anything omitted to be done.

Part 3U.K.Transfers to third countries and international organisations

UK GDPR: adequacy decisions and adequacy regulationsU.K.

4(1)On and after IP completion day, for the purposes of the UK GDPR and Part 2 of this Act, a transfer of personal data to a third country or an international organisation is based on adequacy regulations if, at the time of the transfer, paragraph 5 specifies, or specifies a description which includes—

(a)in the case of a third country, the country or a relevant territory or sector within the country, or

(b)in the case of an international organisation, the organisation.

(2)Sub-paragraph (1) has effect subject to provision in paragraph 5 providing that only particular transfers to the country, territory, sector or organisation may rely on a particular provision of paragraph 5 for the purposes of sub-paragraph (1).

(3)The Secretary of State may by regulations—

(a)repeal sub-paragraphs (1) and (2) and paragraph 5;

(b)amend paragraph 5 so as to omit a third country, territory, sector or international organisation specified, or of a description specified, in that paragraph;

(c)amend paragraph 5 so as to replace a reference to, or description of, a third country, territory, sector or organisation with a narrower reference or description, including by specifying or describing particular transfers of personal data and making provision described in sub-paragraph (2).

(4)Regulations under this paragraph may, among other things——

(a)identify a transfer of personal data by any means, including by reference to the controller or processor, the recipient, the personal data transferred or the means by which the transfer is made or by reference to relevant legislation, lists or other documents, as they have effect from time to time;

(b)confer a discretion on a person.

(5)Regulations under this paragraph are subject to the negative resolution procedure.

(6)Sub-paragraphs (1) and (2) have effect in addition to section 17A(2) and (3).

5(1)The following are specified for the purposes of paragraph 4(1)—U.K.

(a)an EEA state;

(b)Gibraltar;

(c)a Union institution, body, office or agency set up by, or on the basis of, the Treaty on the European Union, the Treaty on the Functioning of the European Union or the Euratom Treaty;

(d)an equivalent institution, body, office or agency set up by, or on the basis of, the Treaties establishing the European Economic Area;

(e)a third country which is the subject of a decision listed in sub-paragraph (2), other than a decision that, immediately before IP completion day, had been repealed or was suspended;

(f)a third country, territory or sector within a third country or international organisation which is the subject of an adequacy decision made by the European Commission before IP completion day on the basis of Article 45(3) of the EU GDPR, other than a decision that, immediately before IP completion day, had been repealed or was suspended.

(2)The decisions mentioned in sub-paragraph (1)(e) are the following—

(a)Commission Decision 2000/518/EC of 26th July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland;

(b)Commission Decision 2002/2/EC of 20th December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act;

(c)Commission Decision 2003/490/EC of 30th June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina;

(d)Commission Decision 2003/821/EC of 21st November 2003 on the adequate protection of personal data in Guernsey;

(e)Commission Decision 2004/411/EC of 28th April 2004 on the adequate protection of personal data in the Isle of Man;

(f)Commission Decision 2008/393/EC of 8th May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey;

(g)Commission Decision 2010/146/EU of 5th March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data;

(h)Commission Decision 2010/625/EU of 19th October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra;

(i)Commission Decision 2011/61/EU of 31st January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data;

(j)Commission Implementing Decision 2012/484/EU of 21st August 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data;

(k)Commission Implementing Decision 2013/65/EU of 19th December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand;

(m)Commission Implementing Decision (EU) 2019/419 of 23rd January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information.

(3)Where a decision described in sub-paragraph (1)(e) or (f) states that an adequate level of protection of personal data is ensured only for a transfer specified or described in the decision, only such a transfer may rely on that provision and that decision for the purposes of paragraph 4(1).

(4)The references to a decision in sub-paragraphs (1)(e) and (f) and (2) are to the decision as it had effect in EU law immediately before IP completion day, subject to sub-paragraphs (5) and (6).

(5)For the purposes of this paragraph, where a reference to legislation, a list or another document in a decision described in sub-paragraph (1)(e) or (f) is a reference to the legislation, list or document as it has effect from time to time, it is to be treated as a reference to the legislation, list or other document as it has effect at the time of the transfer.

(6)For the purposes of this paragraph, where a decision described in sub-paragraph (1)(e) or (f) relates to—

(a)transfers from the European Union (or the European Community) or the European Economic Area, or

(b)transfers to which the EU GDPR applies,

it is to be treated as relating to equivalent transfers to or from the United Kingdom or transfers to which the UK GDPR applies (as appropriate).

6(1)In the provisions listed in sub-paragraph (2)—U.K.

(a)references to regulations made under section 17A (other than references to making such regulations) include the provision made in paragraph 5;

(b)references to the revocation of such regulations include the repeal of all or part of paragraph 5.

(2)Those provisions are—

(a)Articles 13(1)(f), 14(1)(f), 45(1) and (7), 46(1) and 49(1) of the UK GDPR;

(b)sections 17B(1), (3), (6) and (7) and 18(2) of this Act.

UK GDPR: transfers subject to appropriate safeguards provided by standard data protection clausesU.K.

7(1)Subject to paragraph 8, the appropriate safeguards referred to in Article 46(1) of the UK GDPR may be provided for on and after IP completion day as described in this paragraph.

(2)The safeguards may be provided for by any standard data protection clauses included in an arrangement which, if the arrangement had been entered into immediately before IP completion day, would have provided for the appropriate safeguards referred to in Article 46(1) of the EU GDPR by virtue of Article 46(2)(c) or (d) or (5) of the EU GDPR.

(3)The safeguards may be provided for by a version of standard data protection clauses described in sub-paragraph (2) incorporating changes where—

(a)all of the changes are made in consequence of the withdrawal of the United Kingdom from the EU or provision made by regulations under section 8 or 23 of the European Union (Withdrawal) Act 2018 (or both), and

(b)none of the changes alters the effect of the clauses.

(4)The following changes are to be treated as falling within sub-paragraph (3)(a) and (b)—

(a)changing references to adequacy decisions made by the European Commission into references to equivalent provision made by regulations under section 17A or by or under paragraphs 4 to 6 of this Schedule;

(b)changing references to transferring personal data outside the European Union or the European Economic Area into references to transferring personal data outside the United Kingdom.

(5)In the case of a transfer of personal data made under arrangements entered into before IP completion day, the safeguards may be provided for on and after IP completion day by standard data protection clauses not falling within sub-paragraph (2) which—

(a)formed part of the arrangements immediately before IP completion day, and

(b)at that time, provided for the appropriate safeguards referred to in Article 46(1) of the EU GDPR by virtue of Article 46(2)(c) or (d) or (5) of the EU GDPR.

(6)The Secretary of State and the Commissioner must keep the operation of this paragraph under review.

(7)In this paragraph, “adequacy decision” means a decision made on the basis of—

(a)Article 45(3) of the EU GDPR, or

(b)Article 25(6) of Directive 95/46/EC of the European Parliament and of the Council of 24th October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

(8)This paragraph has effect in addition to Article 46(2) and (3) of the UK GDPR.

8(1)Paragraph 7 does not apply to the extent that it has been disapplied by—U.K.

(a)regulations made by the Secretary of State, or

(b)a document issued by the Commissioner.

(2)Regulations under this paragraph are subject to the negative resolution procedure.

(3)Subsections (3) to (8) and (10) to (12) of section 119A apply in relation to a document issued by the Commissioner under this paragraph as they apply to a document issued by the Commissioner under section 119A(2).

UK GDPR: transfers subject to appropriate safeguards provided by binding corporate rulesU.K.

9(1)The appropriate safeguards referred to in Article 46(1) of the UK GDPR may be provided for on and after IP completion day as described sub-paragraphs (2) to (4), subject to sub-paragraph (5).

(2)The safeguards may be provided for by any binding corporate rules authorised by the Commissioner which, immediately before IP completion day, provided for the appropriate safeguards referred to in Article 46(1) of the EU GDPR by virtue of Article 46(5) of the EU GDPR.

(3)The safeguards may be provided for by a version of binding corporate rules described in sub-paragraph (2) incorporating changes where—

(a)all of the changes are made in consequence of the withdrawal of the United Kingdom from the EU or provision made by regulations under section 8 or 23 of the European Union (Withdrawal) Act 2018 (or both), and

(b)none of the changes alters the effect of the rules.

(4)The following changes are to be treated as falling within sub-paragraph (3)(a) and (b)—

(a)changing references to adequacy decisions made by the European Commission into references to equivalent provision made by regulations under section 17A or by or under paragraphs 4 to 6 of this Schedule;

(b)changing references to transferring personal data outside the European Union or the European Economic Area into references to transferring personal data outside the United Kingdom.

(5)Sub-paragraphs (2) to (4) cease to apply in relation to binding corporate rules if, on or after IP completion day, the Commissioner withdraws the authorisation of the rules (or, where sub-paragraph (3) is relied on, the authorisation of the rules mentioned in sub-paragraph (2)).

(5A)For the purposes of sub-paragraph (2), binding corporate rules which, immediately before IP completion day, provided for the appropriate safeguards referred to in Article 46(1) of the EU GDPR by virtue of Article 46(5) of the EU GDPR but which were authorised other than by the Commissioner are to be treated as authorised by the Commissioner where—

(a)a valid notification of the rules has been made to the Commissioner,

(b)the Commissioner has approved them, and

(c)that approval has not been withdrawn.

(5B)A notification is valid if it—

(a)is made by a controller or processor established in the United Kingdom,

(b)is made to the Commissioner before the end of the period of 6 months beginning with IP completion day, and

(c)includes—

(i)the name and contact details of the data protection officer or other contact point for the controller or processor, and

(ii)such other information as the Commissioner may reasonably require.

(5C)Where a valid notification is made the Commissioner must, without undue delay—

(a)decide whether or not to approve the rules, and

(b)notify the controller or processor of that decision.

(6)The Commissioner must keep the operation of this paragraph under review.

(7)In this paragraph—

  • adequacy decision” means a decision made on the basis of—

    (a)

    Article 45(3) of the EU GDPR, or

    (b)

    Article 25(6) of Directive 95/46/EC of the European Parliament and of the Council of 24th October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;

  • binding corporate rules” has the meaning given in Article 4(20) of the UK GDPR.

(8)This paragraph has effect in addition to Article 46(2) and (3) of the UK GDPR.

Part 3 (law enforcement processing): adequacy decisions and adequacy regulationsU.K.

10(1)On and after IP completion day, for the purposes of Part 3 of this Act, a transfer of personal data to a third country or an international organisation is based on adequacy regulations if, at the time of the transfer, paragraph 11 specifies, or specifies a description which includes—

(a)in the case of a third country, the country or a relevant territory or sector within the country, or

(b)in the case of an international organisation, the organisation.

(2)Sub-paragraph (1) has effect subject to provision in paragraph 11 providing that only particular transfers to the country, territory, sector or organisation may rely on a particular provision of paragraph 11 for the purposes of sub-paragraph (1).

(3)The Secretary of State may by regulations—

(a)repeal sub-paragraphs (1) and (2) and paragraph 11;

(b)amend paragraph 11 so as to omit a third country, territory, sector or international organisation specified, or of a description specified, in that paragraph;

(c)amend paragraph 11 so as to replace a reference to, or description of, a third country, territory, sector or organisation with a narrower reference or description, including by specifying or describing particular transfers of personal data and by making provision described in sub-paragraph (2).

(4)Regulations under this paragraph may, among other things—

(a)identify a transfer of personal data by any means, including by reference to the controller or processor, the recipient, the personal data transferred or the means by which the transfer is made or by reference to relevant legislation, lists or other documents, as they have effect from time to time;

(b)confer a discretion on a person.

(5)Regulations under this paragraph are subject to the negative resolution procedure.

(6)Sub-paragraphs (1) and (2) have effect in addition to section 74A(2) and (3).

11(1)The following are specified for the purposes of paragraph 10(1)—U.K.

(a) an EEA state;

(aa)Switzerland;

(b)Gibraltar;

(c)a third country, a territory or sector within a third country or an international organisation which is the subject of an adequacy decision made by the European Commission before IP completion day on the basis of Article 36(3) of the Law Enforcement Directive, other than a decision that, immediately before IP completion day, had been repealed or was suspended.

(2)Where a decision described in sub-paragraph (1)(c) states that an adequate level of protection of personal data is ensured only for a transfer specified or described in the decision, only such a transfer may rely on that provision and that decision for the purposes of paragraph 10(1).

(3)The reference to a decision in sub-paragraph (1)(c) is to the decision as it had effect in EU law immediately before IP completion day, subject to sub-paragraphs (4) and (5).

(4)For the purposes of this paragraph, where a reference to legislation, a list or another document in a decision described in sub-paragraph (1)(c) is a reference to the legislation, list or document as it has effect from time to time, it is to be treated as a reference to the legislation, list or other document as it has effect at the time of the transfer.

(5)For the purposes of this paragraph, where a decision described in sub-paragraph (1)(c) relates to—

(a)transfers from the European Union (or the European Community) or the European Economic Area, or

(b)transfers to which the Law Enforcement Directive applies,

it is to be treated as relating to equivalent transfers from the United Kingdom or transfers to which Part 3 of this Act applies (as appropriate).

12U.K.In section 74B(1), (3), (6) and (7)—

(a)references to regulations made under section 74A (other than references to making such regulations) include the provision made in paragraph 11;

(b)references to the revocation of such regulations include the repeal of all or part of paragraph 11.

Part 4U.K.Repeal of provisions in Chapter 3 of Part 2

Applied GDPR: power to make provision in consequence of GDPR regulationsU.K.

13(1)Regulations made under section 23 before IP completion day continue in force until they are revoked, despite the repeal of that section by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

(2)The provisions listed in section 186(3) include regulations made under section 23 before IP completion day (and not revoked).

(3)Sub-paragraphs (1) and (2) do not have effect so far as otherwise provided by the law of England and Wales, Scotland or Northern Ireland.

Applied GDPR: national security certificatesU.K.

14(1)This paragraph applies to a certificate issued under section 27 of this Act which has effect immediately before IP completion day.

(2)A reference in the certificate to a provision of the applied GDPR has effect, on and after IP completion day, as it if were a reference to the corresponding provision of the UK GDPR or this Act.

Part 5U.K.The Information Commissioner

Confidentiality of informationU.K.

15The repeal of section 132(2)(d) by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 has effect only in relation to a disclosure of information made on or after IP completion day.

Part 6U.K.Enforcement

GDPR: maximum amount of penaltiesU.K.

16In relation to an infringement, before IP completion day, of a provision of the EU GDPR (as it was directly applicable to the United Kingdom) or the applied GDPR—

(a)Article 83(5) and (6) of the UK GDPR and section 157(5)(a) and (b) of this Act have effect as if for “£17,500,000” there were substituted “ 20 million Euros ”;

(b)Article 83(4) of the UK GDPR and section 157(6)(a) and (b) of this Act have effect as if for “£8,700,000” there were substituted “ 10 million Euros ”;

(c)the maximum amount of a penalty in sterling must be determined by applying the spot rate of exchange set by the Bank of England on the day on which the penalty notice is given under section 155 of this Act.

GDPR: right to an effective remedy against the CommissionerU.K.

17(1)This paragraph applies where—

(a)proceedings are brought against a decision made by the Commissioner before IP completion day, and

(b)the Commissioner's decision was preceded by an opinion or decision of the European Data Protection Board in accordance with the consistency mechanism referred to in Article 63 of the EU GDPR.

(2)The Commissioner must forward the Board's opinion or decision to the court or tribunal dealing with the proceedings.]

Yn ôl i’r brig

Options/Help

Print Options

You have chosen to open The Whole Act

The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open The Whole Act as a PDF

The Whole Act you have selected contains over 200 provisions and might take some time to download.

Would you like to continue?

You have chosen to open y Ddeddf Gyfan

Y Ddeddf Gyfan you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open y Ddeddf Gyfan heb Atodlenni

Y Ddeddf Gyfan heb Atodlenni you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open Schedules only

Y Rhestrau you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

Close

Mae deddfwriaeth ar gael mewn fersiynau gwahanol:

Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.

Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.

Close

Gweler y wybodaeth ychwanegol ochr yn ochr â’r cynnwys

Rhychwant ddaearyddol: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.

Dangos Llinell Amser Newidiadau: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.

Close

Dewisiadau Agor

Dewisiadau gwahanol i agor deddfwriaeth er mwyn gweld rhagor o gynnwys ar y sgrin ar yr un pryd

Close

Nodiadau Esboniadol

Testun a grëwyd gan yr adran o’r llywodraeth oedd yn gyfrifol am destun y Ddeddf i esbonio beth mae’r Ddeddf yn ceisio ei wneud ac i wneud y Ddeddf yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol. Cyflwynwyd Nodiadau Esboniadol ym 1999 ac maent yn cyd-fynd â phob Deddf Gyhoeddus ac eithrio Deddfau Adfeddiannu, Cronfa Gyfunol, Cyllid a Chyfnerthiad.

Close

Rhagor o Adnoddau

Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:

  • y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • slipiau cywiro
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill
Close

Llinell Amser Newidiadau

This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.

Close

Rhagor o Adnoddau

Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:

  • y PDF print gwreiddiol y fel deddfwyd fersiwn a ddefnyddiwyd am y copi print
  • slipiau cywiro

liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys

  • rhestr o newidiadau a wnaed gan a/neu yn effeithio ar yr eitem hon o ddeddfwriaeth
  • manylion rhoi grym a newid cyffredinol
  • pob fformat o’r holl ddogfennau cysylltiedig
  • dolenni i ddeddfwriaeth gysylltiedig ac adnoddau gwybodaeth eraill