Explanatory Note
(This note is not part of the Order)
Section 37 of the Data Protection Act 1984 provides that the Data Protection Registrar (“the Registrar”) shall be the designated authority in the United Kingdom for the purposes of Article 13 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data which was opened for signature on 28th January 1981 (“the European Convention”). It also provides that the Secretary of State may by Order make provision as to the functions to be discharged by the Registrar in that capacity.
This Order specifies those functions. In particular, paragraph 2 of the Schedule requires the Registrar to furnish certain information to the designated authorities in other Convention countries and also provides that he may request such authorities to furnish him with information. Paragraph 3 requires the Registrar to assist the persons resident outside the United Kingdom in exercising their right of access to personal data under the Act. It also requires him to notify a resident outside the United Kingdom of the rights and remedies available under Part III of the Act and in certain circumstances to treat any request made to him by such a resident as a complaint to be dealt with under section 36(2) of the Act. Paragraph 4 provides that if a request for assistance in exercising rights of access to personal data in a Convention country is made by a person resident in the United Kingdom and submitted to the Registrar, the Registrar shall send the request to the designated authority in that country.
The European Convention is published by the Council of Europe, Strasbourg, France and is available from Her Majesty’s Stationery Office. It enters into force in respect of the United Kingdom on 1st December 1987.