Search Legislation

Data Protection Act 2018

Changes to legislation:

Data Protection Act 2018 is up to date with all changes known to be in force on or before 21 November 2024. There are changes that may be brought into force at a future date. Help about Changes to Legislation

Close

Changes to Legislation

Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the affected provisions when you open the content using the Table of Contents below.

View outstanding changes

Changes and effects yet to be applied to :

Changes and effects yet to be applied to the whole Act associated Parts and Chapters:

Whole provisions yet to be inserted into this Act (including any effects on those provisions):

  1. Introductory Text

  2. PART 1 Preliminary

    1. 1.Overview

    2. 2.Protection of personal data

    3. 3.Terms relating to the processing of personal data

  3. PART 2 General processing

    1. CHAPTER 1 Scope and definitions

      1. 4.Processing to which this Part applies

      2. 5.Definitions

    2. CHAPTER 2 The UK GDPR

      1. Meaning of certain terms used in the UK GDPR

        1. 6.Meaning of “controller”

        2. 7.Meaning of “public authority” and “public body”

      2. Lawfulness of processing

        1. 8.Lawfulness of processing: public interest etc

        2. 9.Child's consent in relation to information society services

      3. Special categories of personal data

        1. 10.Special categories of personal data and criminal convictions etc data

        2. 11.Special categories of personal data etc: supplementary

      4. Rights of the data subject

        1. 12.Limits on fees that may be charged by controllers

        2. 13.Obligations of credit reference agencies

        3. 14.Automated decision-making authorised by law: safeguards

      5. Exemptions etc

        1. 15.Exemptions etc

        2. 16.Power to make further exemptions etc by regulations

      6. Certification

        1. 17.Accreditation of certification providers

      7. Transfers of personal data to third countries etc

        1. 17A.Transfers based on adequacy regulations

        2. 17B.Transfers based on adequacy regulations: review etc

        3. 17C.Standard data protection clauses

        4. 18.Transfers of personal data to third countries etc : public interest

      8. Specific processing situations

        1. 19.Processing for archiving, research and statistical purposes: safeguards

      9. Minor definition

        1. 20.Meaning of “court”

    3. CHAPTER 3 Exemptions for manual unstructured processing and for national security and defence purposes

      1. Definitions

        1. 21.Definitions

      2. Application of the GDPR

        1. 22.Application of the GDPR to processing to which this Chapter applies

        2. 23.Power to make provision in consequence of regulations related to the GDPR

      3. Exemptions etc

        1. 24.Manual unstructured data held by FOI public authorities

        2. 25.Manual unstructured data used in longstanding historical research

        3. 26.National security and defence exemption

        4. 27.National security: certificate

        5. 28.National security and defence: modifications to Articles 9 and 32 of the UK GDPR

  4. PART 3 Law enforcement processing

    1. CHAPTER 1 Scope and definitions

      1. Scope

        1. 29.Processing to which this Part applies

      2. Definitions

        1. 30.Meaning of “competent authority”

        2. 31.“The law enforcement purposes”

        3. 32.Meaning of “controller” and “processor”

        4. 33.Other definitions

    2. CHAPTER 2 Principles

      1. 34.Overview and general duty of controller

      2. 35.The first data protection principle

      3. 36.The second data protection principle

      4. 37.The third data protection principle

      5. 38.The fourth data protection principle

      6. 39.The fifth data protection principle

      7. 40.The sixth data protection principle

      8. 41.Safeguards: archiving

      9. 42.Safeguards: sensitive processing

    3. CHAPTER 3 Rights of the data subject

      1. Overview and scope

        1. 43.Overview and scope

      2. Information: controller's general duties

        1. 44.Information: controller's general duties

      3. Data subject's right of access

        1. 45.Right of access by the data subject

      4. Data subject's rights to rectification or erasure etc

        1. 46.Right to rectification

        2. 47.Right to erasure or restriction of processing

        3. 48.Rights under section 46 or 47: supplementary

      5. Automated individual decision-making

        1. 49.Right not to be subject to automated decision-making

        2. 50.Automated decision-making authorised by law: safeguards

      6. Supplementary

        1. 51.Exercise of rights through the Commissioner

        2. 52.Form of provision of information etc

        3. 53.Manifestly unfounded or excessive requests by the data subject

        4. 54.Meaning of “applicable time period”

    4. CHAPTER 4 Controller and processor

      1. Overview and scope

        1. 55.Overview and scope

      2. General obligations

        1. 56.General obligations of the controller

        2. 57.Data protection by design and default

        3. 58.Joint controllers

        4. 59.Processors

        5. 60.Processing under the authority of the controller or processor

        6. 61.Records of processing activities

        7. 62.Logging

        8. 63.Co-operation with the Commissioner

        9. 64.Data protection impact assessment

        10. 65.Prior consultation with the Commissioner

      3. Obligations relating to security

        1. 66.Security of processing

      4. Obligations relating to personal data breaches

        1. 67.Notification of a personal data breach to the Commissioner

        2. 68.Communication of a personal data breach to the data subject

      5. Data protection officers

        1. 69.Designation of a data protection officer

        2. 70.Position of data protection officer

        3. 71.Tasks of data protection officer

    5. CHAPTER 5 Transfers of personal data to third countries etc

      1. Overview and interpretation

        1. 72.Overview and interpretation

      2. General principles for transfers

        1. 73.General principles for transfers of personal data

        2. 74.Transfers on the basis of an adequacy decision

        3. 74A.Transfers based on adequacy regulations

        4. 74B.Transfers based on adequacy regulations: review etc

        5. 75.Transfers on the basis of appropriate safeguards

        6. 76.Transfers on the basis of special circumstances

      3. Transfers to particular recipients

        1. 77.Transfers of personal data to persons other than relevant authorities

      4. Subsequent transfers

        1. 78.Subsequent transfers

    6. CHAPTER 6 Supplementary

      1. 79.National security: certificate

      2. 80.Special processing restrictions

      3. 81.Reporting of infringements

  5. PART 4 Intelligence services processing

    1. CHAPTER 1 Scope and definitions

      1. Scope

        1. 82.Processing to which this Part applies

      2. Definitions

        1. 83.Meaning of “controller” and “processor”

        2. 84.Other definitions

    2. CHAPTER 2 Principles

      1. Overview

        1. 85.Overview

      2. The data protection principles

        1. 86.The first data protection principle

        2. 87.The second data protection principle

        3. 88.The third data protection principle

        4. 89.The fourth data protection principle

        5. 90.The fifth data protection principle

        6. 91.The sixth data protection principle

    3. CHAPTER 3 Rights of the data subject

      1. Overview

        1. 92.Overview

      2. Rights

        1. 93.Right to information

        2. 94.Right of access

        3. 95.Right of access: supplementary

        4. 96.Right not to be subject to automated decision-making

        5. 97.Right to intervene in automated decision-making

        6. 98.Right to information about decision-making

        7. 99.Right to object to processing

        8. 100.Rights to rectification and erasure

    4. CHAPTER 4 Controller and processor

      1. Overview

        1. 101.Overview

      2. General obligations

        1. 102.General obligations of the controller

        2. 103.Data protection by design

        3. 104.Joint controllers

        4. 105.Processors

        5. 106.Processing under the authority of the controller or processor

      3. Obligations relating to security

        1. 107.Security of processing

      4. Obligations relating to personal data breaches

        1. 108.Communication of a personal data breach

    5. CHAPTER 5 Transfers of personal data outside the United Kingdom

      1. 109.Transfers of personal data outside the United Kingdom

    6. CHAPTER 6 Exemptions

      1. 110.National security

      2. 111.National security: certificate

      3. 112.Other exemptions

      4. 113.Power to make further exemptions

  6. PART 5 The Information Commissioner

    1. The Commissioner

      1. 114.The Information Commissioner

    2. General functions

      1. 115.General functions under the UK GDPR and safeguards

      2. 116.Other general functions

      3. 117.Competence in relation to courts etc

    3. International role

      1. 118.Co-operation between parties to the Data Protection Convention

      2. 119.Inspection of personal data in accordance with international obligations

      3. 119A.Standard clauses for transfers to third countries etc

      4. 120.Further international role

    4. Codes of practice

      1. 121.Data-sharing code

      2. 122.Direct marketing code

      3. 123.Age-appropriate design code

      4. 124.Data protection and journalism code

      5. 125.Approval of codes prepared under sections 121 to 124

      6. 126.Publication and review of codes issued under section 125(4)

      7. 127.Effect of codes issued under section 125(4)

      8. 128.Other codes of practice

    5. Consensual audits

      1. 129.Consensual audits

    6. Records of national security certificates

      1. 130.Records of national security certificates

    7. Information provided to the Commissioner

      1. 131.Disclosure of information to the Commissioner

      2. 132.Confidentiality of information

      3. 133.Guidance about privileged communications

    8. Fees

      1. 134.Fees for services

      2. 135.Manifestly unfounded or excessive requests by data subjects etc

      3. 136.Guidance about fees

    9. Charges

      1. 137.Charges payable to the Commissioner by controllers

      2. 138.Regulations under section 137: supplementary

    10. Reports etc

      1. 139.Reporting to Parliament

      2. 140.Publication by the Commissioner

      3. 141.Notices from the Commissioner

  7. PART 6 Enforcement

    1. Information notices

      1. 142.Information notices

      2. 143.Information notices: restrictions

      3. 144.False statements made in response to information notices

      4. 145.Information orders

    2. Assessment notices

      1. 146.Assessment notices

      2. 147.Assessment notices: restrictions

    3. Information notices and assessment notices: destruction of documents etc

      1. 148.Destroying or falsifying information and documents etc

    4. Enforcement notices

      1. 149.Enforcement notices

      2. 150.Enforcement notices: supplementary

      3. 151.Enforcement notices: rectification and erasure of personal data etc

      4. 152.Enforcement notices: restrictions

      5. 153.Enforcement notices: cancellation and variation

    5. Powers of entry and inspection

      1. 154.Powers of entry and inspection

    6. Penalties

      1. 155.Penalty notices

      2. 156.Penalty notices: restrictions

      3. 157.Maximum amount of penalty

      4. 158.Fixed penalties for non-compliance with charges regulations

      5. 159.Amount of penalties: supplementary

    7. Guidance

      1. 160.Guidance about regulatory action

      2. 161.Approval of first guidance about regulatory action

    8. Appeals etc

      1. 162.Rights of appeal

      2. 163.Determination of appeals

      3. 164.Applications in respect of urgent notices

    9. Complaints

      1. 165.Complaints by data subjects

      2. 166.Orders to progress complaints

    10. Remedies in the court

      1. 167.Compliance orders

      2. 168.Compensation for contravention of the UK GDPR

      3. 169.Compensation for contravention of other data protection legislation

    11. Offences relating to personal data

      1. 170.Unlawful obtaining etc of personal data

      2. 171.Re-identification of de-identified personal data

      3. 172.Re-identification: effectiveness testing conditions

      4. 173.Alteration etc of personal data to prevent disclosure to data subject

    12. The special purposes

      1. 174.The special purposes

      2. 175.Provision of assistance in special purposes proceedings

      3. 176.Staying special purposes proceedings

      4. 177.Guidance about how to seek redress against media organisations

      5. 178.Review of processing of personal data for the purposes of journalism

      6. 179.Effectiveness of the media's dispute resolution procedures

    13. Jurisdiction of courts

      1. 180.Jurisdiction

    14. Definitions

      1. 181.Interpretation of Part 6

  8. PART 7 Supplementary and final provision

    1. Regulations under this Act

      1. 182.Regulations and consultation

    2. Changes to the Data Protection Convention

      1. 183.Power to reflect changes to the Data Protection Convention

    3. Rights of the data subject

      1. 184.Prohibition of requirement to produce relevant records

      2. 185.Avoidance of certain contractual terms relating to health records

      3. 186.Data subject's rights and other prohibitions and restrictions

    4. Representation of data subjects

      1. 187.Representation of data subjects with their authority

      2. 188.Representation of data subjects with their authority: collective proceedings

      3. 189.Duty to review provision for representation of data subjects

      4. 190.Post-review powers to make provision about representation of data subjects

    5. Framework for Data Processing by Government

      1. 191.Framework for Data Processing by Government

      2. 192.Approval of the Framework

      3. 193.Publication and review of the Framework

      4. 194.Effect of the Framework

    6. Data-sharing: HMRC and reserve forces

      1. 195.Reserve forces: data-sharing by HMRC

    7. Offences

      1. 196.Penalties for offences

      2. 197.Prosecution

      3. 198.Liability of directors etc

      4. 199.Recordable offences

      5. 200.Guidance about PACE codes of practice

    8. The Tribunal

      1. 201.Disclosure of information to the Tribunal

      2. 202.Proceedings in the First-tier Tribunal: contempt

      3. 203.Tribunal Procedure Rules

    9. Interpretation

      1. 204.Meaning of “health professional” and “social work professional”

      2. 205.General interpretation

      3. 206.Index of defined expressions

    10. Territorial application

      1. 207.Territorial application of this Act

    11. General

      1. 208.Children in Scotland

      2. 209.Application to the Crown

      3. 210.Application to Parliament

      4. 211.Minor and consequential provision

    12. Final

      1. 212.Commencement

      2. 213.Transitional provision

      3. 214.Extent

      4. 215.Short title

  9. SCHEDULES

    1. SCHEDULE 1

      Special categories of personal data and criminal convictions etc data

      1. PART 1 Conditions relating to employment, health and research etc

        1. Employment, social security and social protection

          1. 1.(1) This condition is met if— (a) the processing is...

        2. Health or social care purposes

          1. 2.(1) This condition is met if the processing is necessary...

        3. Public health

          1. 3.This condition is met if the processing—

        4. Research etc

          1. 4.This condition is met if the processing—

      2. PART 2 Substantial public interest conditions

        1. Requirement for an appropriate policy document when relying on conditions in this Part

          1. 5.(1) Except as otherwise provided, a condition in this Part...

        2. Statutory etc and government purposes

          1. 6.(1) This condition is met if the processing—

        3. Administration of justice and parliamentary purposes

          1. 7.This condition is met if the processing is necessary—

        4. Equality of opportunity or treatment

          1. 8.(1) This condition is met if the processing—

        5. Racial and ethnic diversity at senior levels of organisations

          1. 9.(1) This condition is met if the processing—

        6. Preventing or detecting unlawful acts

          1. 10.(1) This condition is met if the processing—

        7. Protecting the public against dishonesty etc

          1. 11.(1) This condition is met if the processing—

        8. Regulatory requirements relating to unlawful acts and dishonesty etc

          1. 12.(1) This condition is met if— (a) the processing is...

        9. Journalism etc in connection with unlawful acts and dishonesty etc

          1. 13.(1) This condition is met if— (a) the processing consists...

        10. Preventing fraud

          1. 14.(1) This condition is met if the processing—

        11. Suspicion of terrorist financing or money laundering

          1. 15.This condition is met if the processing is necessary for...

        12. Support for individuals with a particular disability or medical condition

          1. 16.(1) This condition is met if the processing—

        13. Counselling etc

          1. 17.(1) This condition is met if the processing—

        14. Safeguarding of children and of individuals at risk

          1. 18.(1) This condition is met if— (a) the processing is...

        15. Safeguarding of economic well-being of certain individuals

          1. 19.(1) This condition is met if the processing—

        16. Insurance

          1. 20.(1) This condition is met if the processing—

        17. Occupational pensions

          1. 21.(1) This condition is met if the processing—

        18. Political parties

          1. 22.(1) This condition is met if the processing—

        19. Elected representatives responding to requests

          1. 23.(1) This condition is met if— (a) the processing is...

        20. Disclosure to elected representatives

          1. 24.(1) This condition is met if— (a) the processing consists...

        21. Informing elected representatives about prisoners

          1. 25.(1) This condition is met if— (a) the processing consists...

        22. Publication of legal judgments

          1. 26.This condition is met if the processing—

        23. Anti-doping in sport

          1. 27.(1) This condition is met if the processing is necessary—...

        24. Standards of behaviour in sport

          1. 28.(1) This condition is met if the processing—

      3. PART 3 Additional conditions relating to criminal convictions etc

        1. Consent

          1. 29.This condition is met if the data subject has given...

        2. Protecting individual's vital interests

          1. 30.This condition is met if— (a) the processing is necessary...

        3. Processing by not-for-profit bodies

          1. 31.This condition is met if the processing is carried out—...

        4. Personal data in the public domain

          1. 32.This condition is met if the processing relates to personal...

        5. Legal claims

          1. 33.This condition is met if the processing—

        6. Judicial acts

          1. 34.This condition is met if the processing is necessary when...

        7. Administration of accounts used in commission of indecency offences involving children

          1. 35.(1) This condition is met if— (a) the processing is...

        8. Extension of conditions in Part 2 of this Schedule referring to substantial public interest

          1. 36.This condition is met if the processing would meet a...

        9. Extension of insurance conditions

          1. 37.This condition is met if the processing—

      4. PART 4 Appropriate policy document and additional safeguards

        1. Application of this Part of this Schedule

          1. 38.This Part of this Schedule makes provision about the processing...

        2. Requirement to have an appropriate policy document in place

          1. 39.The controller has an appropriate policy document in place in...

        3. Additional safeguard: retention of appropriate policy document

          1. 40.(1) Where personal data is processed in reliance on a...

        4. Additional safeguard: record of processing

          1. 41.A record maintained by the controller, or the controller's representative,...

    2. SCHEDULE 2

      Exemptions etc from the UK GDPR

      1. PART 1 Adaptations and restrictions as described in Articles 6(3) and 23(1)

        1. UK GDPR provisions to be adapted or restricted: “the listed GDPR provisions”

          1. 1.In this Part of this Schedule, “the listed GDPR provisions”...

        2. Crime and taxation: general

          1. 2.(1) The listed GDPR provisions and Article 34(1) and (4)...

        3. Crime and taxation: risk assessment systems

          1. 3.(1) The UK GDPR provisions listed in sub-paragraph (3) do...

        4. Immigration

          1. 4.(1) The relevant UK GDPR provisions do not apply to...

        5. Immigration: safeguards: immigration exemption decisions

          1. 4A.(1) A decision under paragraph 4(1) as to whether, and...

        6. Immigration: safeguard: record of decision that exemption applies

          1. 4B.(1) Where the Secretary of State makes a decision mentioned...

        7. Information required to be disclosed by law etc or in connection with legal proceedings

          1. 5.(1) The listed GDPR provisions do not apply to personal...

      2. PART 2 Restrictions as described in Article 23(1): restrictions of rules in Articles 13 to 21 and 34

        1. UK GDPR provisions to be restricted: “the listed GDPR provisions”

          1. 6.In this Part of this Schedule, “the listed GDPR provisions”...

        2. Functions designed to protect the public etc

          1. 7.The listed GDPR provisions do not apply to personal data...

        3. Audit functions

          1. 8.(1) The listed GDPR provisions do not apply to personal...

        4. Functions of the Bank of England

          1. 9.(1) The listed GDPR provisions do not apply to personal...

        5. Regulatory functions relating to legal services, the health service and children's services

          1. 10.(1) The listed GDPR provisions do not apply to personal...

        6. Regulatory functions of certain other persons

          1. 11.The listed GDPR provisions do not apply to personal data...

          2. 12.In the Table in paragraph 11— “ consumer protection enforcer...

        7. Parliamentary privilege

          1. 13.The listed GDPR provisions and Article 34(1) and (4) of...

        8. Judicial appointments, judicial independence and judicial proceedings

          1. 14.(1) The listed GDPR provisions do not apply to personal...

        9. Crown honours, dignities and appointments

          1. 15.(1) The listed GDPR provisions do not apply to personal...

      3. PART 3 Restriction for the protection of rights of others

        1. Protection of the rights of others: general

          1. 16.(1) Article 15(1) to (3) of the UK GDPR (confirmation...

        2. Assumption of reasonableness for health workers, social workers and education workers

          1. 17.(1) For the purposes of paragraph 16(2)(b), it is to...

      4. PART 4 Restrictions as described in Article 23(1): restrictions of rules in Articles 13 to 15

        1. UK GDPR provisions to be restricted: “the listed GDPR provisions”

          1. 18.In this Part of this Schedule, “the listed GDPR provisions”...

        2. Legal professional privilege

          1. 19.The listed GDPR provisions do not apply to personal data...

        3. Self incrimination

          1. 20.(1) A person need not comply with the listed GDPR...

        4. Corporate finance

          1. 21.(1) The listed GDPR provisions do not apply to personal...

        5. Management forecasts

          1. 22.The listed GDPR provisions do not apply to personal data...

        6. Negotiations

          1. 23.The listed GDPR provisions do not apply to personal data...

        7. Confidential references

          1. 24.The listed GDPR provisions do not apply to personal data...

        8. Exam scripts and exam marks

          1. 25.(1) The listed GDPR provisions do not apply to personal...

      5. PART 5 Exemptions etc based on Article 85(2) for reasons of freedom of expression and information

        1. Journalistic, academic, artistic and literary purposes

          1. 26.(1) In this paragraph, “the special purposes” means one or...

      6. PART 6 Derogations etc based on Article 89 for research, statistics and archiving

        1. Research and statistics

          1. 27.(1) The listed GDPR provisions do not apply to personal...

        2. Archiving in the public interest

          1. 28.(1) The listed GDPR provisions do not apply to personal...

    3. SCHEDULE 3

      Exemptions etc from the UK GDPR: health, social work, education and child abuse data

      1. PART 1 UK GDPR provisions to be restricted

        1. 1.In this Schedule “the listed GDPR provisions” means the following...

      2. PART 2 Health data

        1. Definitions

          1. 2.(1) In this Part of this Schedule— “the appropriate health...

        2. Exemption from the listed GDPR provisions: data processed by a court

          1. 3.(1) The listed GDPR provisions do not apply to data...

        3. Exemption from the listed GDPR provisions: data subject's expectations and wishes

          1. 4.(1) This paragraph applies where a request for data concerning...

        4. Exemption from Article 15 of the UK GDPR: serious harm

          1. 5.(1) Article 15(1) to (3) of the UK GDPR (confirmation...

        5. Restriction of Article 15 of the UK GDPR: prior opinion of appropriate health professional

          1. 6.(1) Article 15(1) to (3) of the UK GDPR (confirmation...

      3. PART 3 Social work data

        1. Definitions

          1. 7.(1) In this Part of this Schedule— “education data” has...

          2. 8.(1) This paragraph applies to personal data falling within any...

        2. Exemption from the listed GDPR provisions: data processed by a court

          1. 9.(1) The listed GDPR provisions do not apply to data...

        3. Exemption from the listed GDPR provisions: data subject's expectations and wishes

          1. 10.(1) This paragraph applies where a request for social work...

        4. Exemption from Article 15 of the UK GDPR: serious harm

          1. 11.Article 15(1) to (3) of the UK GDPR (confirmation of...

        5. Restriction of Article 15 of the UK GDPR: prior opinion of Principal Reporter

          1. 12.(1) This paragraph applies where— (a) a question arises as...

      4. PART 4 Education data

        1. Educational records

          1. 13.In this Part of this Schedule “educational record” means a...

          2. 14.(1) This paragraph applies to a record of information which—...

          3. 15.(1) This paragraph applies to a record of information which...

          4. 16.(1) This paragraph applies to a record of information which—...

        2. Other definitions

          1. 17.(1) In this Part of this Schedule— “education authority” and...

        3. Exemption from the listed GDPR provisions: data processed by a court

          1. 18.(1) The listed GDPR provisions do not apply to education...

        4. Exemption from Article 15 of the UK GDPR: serious harm

          1. 19.Article 15(1) to (3) of the UK GDPR (confirmation of...

        5. Restriction of Article 15 of the UK GDPR: prior opinion of Principal Reporter

          1. 20.(1) This paragraph applies where— (a) a question arises as...

      5. PART 5 Child abuse data

        1. Exemption from Article 15 of the UK GDPR: child abuse data

          1. 21.(1) This paragraph applies where a request for child abuse...

    4. SCHEDULE 4

      Exemptions etc from the UK GDPR: disclosure prohibited or restricted by an enactment

      1. UK GDPR provisions to be restricted: “the listed GDPR provisions”

        1. 1.In this Schedule “the listed GDPR provisions” means the following...

      2. Human fertilisation and embryology information

        1. 2.The listed GDPR provisions do not apply to personal data...

      3. Adoption records and reports

        1. 3.(1) The listed GDPR provisions do not apply to personal...

      4. Statements of special educational needs

        1. 4.(1) The listed GDPR provisions do not apply to personal...

      5. Parental order records and reports

        1. 5.(1) The listed GDPR provisions do not apply to personal...

      6. Information provided by Principal Reporter for children's hearing

        1. 6.The listed GDPR provisions do not apply to personal data...

    5. SCHEDULE 5

      Accreditation of certification providers: reviews and appeals

      1. Introduction

        1. 1.(1) This Schedule applies where— (a) a person (“the applicant”)...

      2. Review

        1. 2.(1) The applicant may ask the accreditation authority to review...

      3. Right to appeal

        1. 3.(1) If the applicant is dissatisfied with the decision on...

      4. Appeal panel

        1. 4.(1) If the applicant makes a request in accordance with...

      5. Hearing

        1. 5.(1) If the appeal panel considers it necessary, a hearing...

      6. Decision following referral to appeal panel

        1. 6.(1) The appeal panel must, before the end of the...

      7. Meaning of “working day”

        1. 7.In this Schedule, “working day” means any day other than—...

    6. SCHEDULE 6

      The applied GDPR and the applied Chapter 2

      1. PART 1 Modifications to the GDPR

        1. Introductory

          1. 1.In its application by virtue of section 22(1), the GDPR...

        2. References to the GDPR and its provisions

          1. 2.(1) References to “this Regulation” and to provisions of the...

        3. References to Union law and Member State law

          1. 3.(1) References to “Union law”, “Member State law”, “the law...

        4. References to the Union and to Member States

          1. 4.(1) References to “the Union”, “a Member State” and “Member...

        5. References to supervisory authorities

          1. 5.(1) References to a “supervisory authority”, a “competent supervisory authority”...

        6. References to the national parliament

          1. 6.References to “the national parliament” have effect as references to...

        7. Chapter I of the GDPR (general provisions)

          1. 7.For Article 2 (material scope) substitute— This Regulation applies to the processing of personal data to...

          2. 8.For Article 3 substitute— Article 3 Territorial application Subsections (1),...

          3. 9.In Article 4 (definitions)— (a) in paragraph (7) (meaning of...

        8. Chapter II of the GDPR (principles)

          1. 10.In Article 6 (lawfulness of processing)— (a) omit paragraph 2;...

          2. 11.In Article 8 (conditions applicable to child's consent in relation...

          3. 12.In Article 9 (processing of special categories of personal data)—...

          4. 13.In Article 10 (processing of personal data relating to criminal...

        9. Section 1 of Chapter III of the GDPR (rights of the data subject: transparency and modalities)

          1. 14.In Article 12 (transparent information etc for the exercise of...

        10. Section 2 of Chapter III of the GDPR (rights of the data subject: information and access to personal data)

          1. 15.In Article 13 (personal data collected from data subject: information...

          2. 16.In Article 14 (personal data collected other than from data...

        11. Section 3 of Chapter III of the GDPR (rights of the data subject: rectification and erasure)

          1. 17.In Article 17 (right to erasure (‘right to be forgotten’))—...

          2. 18.In Article 18 (right to restriction of processing), in paragraph...

        12. Section 4 of Chapter III of the GDPR (rights of the data subject: right to object and automated individual decision-making)

          1. 19.In Article 21 (right to object), in paragraph 5, omit...

          2. 20.In Article 22 (automated individual decision-making, including profiling), for paragraph...

        13. Section 5 of Chapter III of the GDPR (rights of the data subject: restrictions)

          1. 21.In Article 23 (restrictions), in paragraph 1—

        14. Section 1 of Chapter IV of the GDPR (controller and processor: general obligations)

          1. 22.In Article 26 (joint controllers), in paragraph 1, for “Union...

          2. 23.Omit Article 27 (representatives of controllers or processors not established...

          3. 24.In Article 28 (processor)— (a) in paragraph 3, in point...

          4. 25.In Article 30 (records of processing activities)—

          5. 26.In Article 31 (co-operation with the supervisory authority), omit “and,...

        15. Section 3 of Chapter IV of the GDPR (controller and processor: data protection impact assessment and prior consultation)

          1. 27.In Article 35 (data protection impact assessment), omit paragraphs 4,...

          2. 28.In Article 36 (prior consultation)— (a) for paragraph 4 substitute—...

        16. Section 4 of Chapter IV of the GDPR (controller and processor: data protection officer)

          1. 29.In Article 37 (designation of data protection officers), omit paragraph...

          2. 30.In Article 39 (tasks of the data protection officer), in...

        17. Section 5 of Chapter IV of the GDPR (controller and processor: codes of conduct and certification)

          1. 31.In Article 40 (codes of conduct)— (a) in paragraph 1,...

          2. 32.In Article 41 (monitoring of approved codes of conduct), omit...

          3. 33.In Article 42 (certification)— (a) in paragraph 1—

          4. 34.In Article 43 (certification bodies)— (a) in paragraph 1, in...

        18. Chapter V of the GDPR (transfers of data to third countries or international organisations)

          1. 35.In Article 45 (transfers on the basis of an adequacy...

          2. 36.In Article 46 (transfers subject to appropriate safeguards)—

          3. 37.In Article 47 (binding corporate rules)— (a) in paragraph 1,...

          4. 38.In Article 49 (derogations for specific situations)—

          5. 39.In Article 50 (international co-operation for the protection of personal...

        19. Section 1 of Chapter VI of the GDPR (independent supervisory authorities: independent status)

          1. 40.In Article 51 (supervisory authority)— (a) in paragraph 1—

          2. 41.In Article 52 (independence)— (a) in paragraph 2—

          3. 42.Omit Article 53 (general conditions for the members of the...

          4. 43.Omit Article 54 (rules on the establishment of the supervisory...

        20. Section 2 of Chapter VI of the GDPR (independent supervisory authorities: competence, tasks and powers)

          1. 44.In Article 55 (competence)— (a) in paragraph 1, omit “on...

          2. 45.Omit Article 56 (competence of the lead supervisory authority).

          3. 46.In Article 57 (tasks)— (a) in paragraph 1, in the...

          4. 47.In Article 58 (powers)— (a) in paragraph 1, in point...

          5. 48.In Article 59 (activity reports)— (a) for “, the government...

        21. Chapter VII of the GDPR (co-operation and consistency)

          1. 49.For Articles 60 to 76 substitute— Article 61 Co-operation with...

        22. Chapter VIII of the GDPR (remedies, liability and penalties)

          1. 50.In Article 77 (right to lodge a complaint with a...

          2. 51.In Article 78 (right to an effective judicial remedy against...

          3. 52.In Article 79 (right to an effective judicial remedy against...

          4. 53.In Article 80 (representation of data subjects)—

          5. 54.Omit Article 81 (suspension of proceedings).

          6. 55.In Article 82 (right to compensation and liability), for paragraph...

          7. 56.In Article 83 (general conditions for imposing administrative fines)—

          8. 57.In Article 84 (penalties)— (a) for paragraph 1 substitute— The rules on other penalties applicable to infringements of this...

        23. Chapter IX of the GDPR (provisions relating to specific processing situations)

          1. 58.In Article 85 (processing and freedom of expression and information)—...

          2. 59.In Article 86 (processing and public access to official documents),...

          3. 60.Omit Article 87 (processing of national identification number).

          4. 61.Omit Article 88 (processing in the context of employment).

          5. 62.In Article 89 (safeguards and derogations relating to processing for...

          6. 63.Omit Article 90 (obligations of secrecy).

          7. 64.Omit Article 91 (existing data protection rules of churches and...

        24. Chapter X of the GDPR (delegated acts and implementing acts)

          1. 65.Omit Article 92 (exercise of the delegation).

          2. 66.Omit Article 93 (committee procedure).

        25. Chapter XI of the GDPR (final provisions)

          1. 67.Omit Article 94 (repeal of Directive 95/46/EC).

          2. 68.Omit Article 95 (relationship with Directive 2002/58/EC).

          3. 69.In Article 96 (relationship with previously concluded Agreements), for “by...

          4. 70.Omit Article 97 (Commission reports).

          5. 71.Omit Article 98 (Commission reviews).

          6. 72.Omit Article 99 (entry into force and application).

      2. PART 2 Modifications to Chapter 2 of Part 2

        1. Introductory

          1. 73.In its application by virtue of section 22(2), Chapter 2...

        2. General modifications

          1. 74.(1) References to Chapter 2 of Part 2 and the...

        3. Exemptions

          1. 75.In section 16 (power to make further exemptions etc by...

    7. SCHEDULE 7

      Competent authorities

      1. 1.Any United Kingdom government department other than a non-ministerial government...

      2. 2.The Scottish Ministers.

      3. 3.Any Northern Ireland department.

      4. 4.The Welsh Ministers.

      5. Chief officers of police and other policing bodies

        1. 5.The chief constable of a police force maintained under section...

        2. 6.The Commissioner of Police of the Metropolis.

        3. 7.The Commissioner of Police for the City of London.

        4. 8.The Chief Constable of the Police Service of Northern Ireland....

        5. 9.The chief constable of the Police Service of Scotland.

        6. 10.The chief constable of the British Transport Police.

        7. 11.The chief constable of the Civil Nuclear Constabulary.

        8. 12.The chief constable of the Ministry of Defence Police.

        9. 13.The Provost Marshal of the Royal Navy Police.

        10. 14.The Provost Marshal of the Royal Military Police.

        11. 15.The Provost Marshal of the Royal Air Force Police.

        12. 15A.The Provost Marshal for serious crime.

        13. 16.The chief officer of— (a) a body of constables appointed...

        14. 17.A body established in accordance with a collaboration agreement under...

        15. 18.The Director General of the Independent Office for Police Conduct....

        16. 18A.The Service Police Complaints Commissioner.

        17. 19.The Police Investigations and Review Commissioner.

        18. 20.The Police Ombudsman for Northern Ireland.

      6. Other authorities with investigatory functions

        1. 21.The Commissioners for Her Majesty's Revenue and Customs.

        2. 22.The Welsh Revenue Authority.

        3. 23.Revenue Scotland.

        4. 24.The Director General of the National Crime Agency.

        5. 25.The Director of the Serious Fraud Office.

        6. 26.The Director of Border Revenue.

        7. 27.The Financial Conduct Authority.

        8. 28.The Health and Safety Executive.

        9. 29.The Competition and Markets Authority.

        10. 30.The Gas and Electricity Markets Authority.

        11. 31.The Food Standards Agency.

        12. 32.Food Standards Scotland.

        13. 33.Her Majesty's Land Registry.

        14. 34.The Criminal Cases Review Commission.

        15. 35.The Scottish Criminal Cases Review Commission.

      7. Authorities with functions relating to offender management

        1. 36.A provider of probation services (other than the Secretary of...

        2. 37.The Youth Justice Board for England and Wales.

        3. 38.The Parole Board for England and Wales.

        4. 39.The Parole Board for Scotland.

        5. 40.The Parole Commissioners for Northern Ireland.

        6. 41.The Probation Board for Northern Ireland.

        7. 42.The Prisoner Ombudsman for Northern Ireland.

        8. 43.A person who has entered into a contract for the...

        9. 44.A person who has entered into a contract with the...

        10. 45.A person who is, under or by virtue of any...

        11. 46.A youth offending team established under section 39 of the...

      8. Other authorities

        1. 47.The Director of Public Prosecutions.

        2. 48.The Director of Public Prosecutions for Northern Ireland.

        3. 49.The Lord Advocate.

        4. 50.A Procurator Fiscal.

        5. 51.The Director of Service Prosecutions.

        6. 52.The Information Commissioner.

        7. 53.The Scottish Information Commissioner.

        8. 54.The Scottish Courts and Tribunal Service.

        9. 55.The Crown agent.

        10. 56.A court or tribunal.

    8. SCHEDULE 8

      Conditions for sensitive processing under Part 3

      1. Statutory etc purposes

        1. 1.This condition is met if the processing—

      2. Administration of justice

        1. 2.This condition is met if the processing is necessary for...

      3. Protecting individual's vital interests

        1. 3.This condition is met if the processing is necessary to...

      4. Safeguarding of children and of individuals at risk

        1. 4.(1) This condition is met if— (a) the processing is...

      5. Personal data already in the public domain

        1. 5.This condition is met if the processing relates to personal...

      6. Legal claims

        1. 6.This condition is met if the processing—

      7. Judicial acts

        1. 7.This condition is met if the processing is necessary when...

      8. Preventing fraud

        1. 8.(1) This condition is met if the processing—

      9. Archiving etc

        1. 9.This condition is met if the processing is necessary—

    9. SCHEDULE 9

      Conditions for processing under Part 4

      1. 1.The data subject has given consent to the processing.

      2. 2.The processing is necessary— (a) for the performance of a...

      3. 3.The processing is necessary for compliance with a legal obligation...

      4. 4.The processing is necessary in order to protect the vital...

      5. 5.The processing is necessary— (a) for the administration of justice,...

      6. 6.(1) The processing is necessary for the purposes of legitimate...

    10. SCHEDULE 10

      Conditions for sensitive processing under Part 4

      1. Consent to particular processing

        1. 1.The data subject has given consent to the processing.

      2. Right or obligation relating to employment

        1. 2.The processing is necessary for the purposes of exercising or...

      3. Vital interests of a person

        1. 3.The processing is necessary— (a) in order to protect the...

      4. Safeguarding of children and of individuals at risk

        1. 4.(1) This condition is met if— (a) the processing is...

      5. Data already published by data subject

        1. 5.The information contained in the personal data has been made...

      6. Legal proceedings etc

        1. 6.The processing— (a) is necessary for the purpose of, or...

      7. Administration of justice, parliamentary, statutory etc and government purposes

        1. 7.The processing is necessary— (a) for the administration of justice,...

      8. Medical purposes

        1. 8.(1) The processing is necessary for medical purposes and is...

      9. Equality

        1. 9.(1) The processing— (a) is of sensitive personal data consisting...

    11. SCHEDULE 11

      Other exemptions under Part 4

      1. Preliminary

        1. 1.In this Schedule, “the listed provisions” means—

      2. Crime

        1. 2.The listed provisions do not apply to personal data processed...

      3. Information required to be disclosed by law etc or in connection with legal proceedings

        1. 3.(1) The listed provisions do not apply to personal data...

      4. Parliamentary privilege

        1. 4.The listed provisions do not apply to personal data where...

      5. Judicial proceedings

        1. 5.The listed provisions do not apply to personal data to...

      6. Crown honours and dignities

        1. 6.The listed provisions do not apply to personal data processed...

      7. Armed forces

        1. 7.The listed provisions do not apply to personal data to...

      8. Economic well-being

        1. 8.The listed provisions do not apply to personal data to...

      9. Legal professional privilege

        1. 9.The listed provisions do not apply to personal data that...

      10. Negotiations

        1. 10.The listed provisions do not apply to personal data that...

      11. Confidential references given by the controller

        1. 11.The listed provisions do not apply to personal data consisting...

      12. Exam scripts and marks

        1. 12.(1) The listed provisions do not apply to personal data...

      13. Research and statistics

        1. 13.(1) The listed provisions do not apply to personal data...

      14. Archiving in the public interest

        1. 14.(1) The listed provisions do not apply to personal data...

    12. SCHEDULE 12

      The Information Commissioner

      1. Status and capacity

        1. 1.(1) The Commissioner is to continue to be a corporation...

      2. Appointment

        1. 2.(1) The Commissioner is to be appointed by Her Majesty...

      3. Resignation and removal

        1. 3.(1) The Commissioner may be relieved of office by Her...

      4. Salary etc

        1. 4.(1) The Commissioner is to be paid such salary as...

      5. Officers and staff

        1. 5.(1) The Commissioner— (a) must appoint one or more deputy...

      6. Carrying out of the Commissioner's functions by officers and staff

        1. 6.(1) The functions of the Commissioner are to be carried...

      7. Authentication of the seal of the Commissioner

        1. 7.The application of the seal of the Commissioner is to...

      8. Presumption of authenticity of documents issued by the Commissioner

        1. 8.A document purporting to be an instrument issued by the...

      9. Money

        1. 9.The Secretary of State may make payments to the Commissioner...

      10. Fees etc and other sums

        1. 10.(1) All fees, charges, penalties and other sums received by...

      11. Accounts

        1. 11.(1) The Commissioner must— (a) keep proper accounts and other...

      12. Scotland

        1. 12.Paragraphs 1(1), 7 and 8 do not extend to Scotland....

    13. SCHEDULE 13

      Other general functions of the Commissioner

      1. General tasks

        1. 1.(1) The Commissioner must— (a) monitor and enforce Parts 3...

      2. General powers

        1. 2.The Commissioner has the following investigative, corrective, authorisation and advisory...

      3. Definitions

        1. 3.In this Schedule— “foreign designated authority” means an authority designated...

    14. SCHEDULE 14

      Co-operation and mutual assistance

      1. PART 1 Law Enforcement Directive

        1. Co-operation

          1. 1.(1) The Commissioner may provide information or assistance to an...

        2. Requests for information and assistance from LED supervisory authorities

          1. 2.(1) This paragraph applies where the Commissioner receives a request...

        3. Fees

          1. 3.(1) Subject to sub-paragraph (2), any information or assistance that...

        4. Restrictions on use of information

          1. 4.Where the Commissioner receives information from an LED supervisory authority...

        5. LED supervisory authority

          1. 5.In this Part of this Schedule, “LED supervisory authority” means...

      2. PART 2 Data Protection Convention

        1. Co-operation between the Commissioner and foreign designated authorities

          1. 6.(1) The Commissioner must, at the request of a foreign...

        2. Assisting persons resident outside the UK with requests under Article 14 of the Convention

          1. 7.(1) This paragraph applies where a request for assistance in...

        3. Assisting UK residents with requests under Article 8 of the Convention

          1. 8.(1) This paragraph applies where a request for assistance in...

        4. Restrictions on use of information

          1. 9.Where the Commissioner receives information from a foreign designated authority...

        5. Foreign designated authority

          1. 10.In this Part of this Schedule, “foreign designated authority” means...

    15. SCHEDULE 15

      Powers of entry and inspection

      1. Issue of warrants in connection with non-compliance and offences

        1. 1.(1) This paragraph applies if a judge of the High...

      2. Issue of warrants in connection with assessment notices

        1. 2.(1) This paragraph applies if a judge of the High...

      3. Restrictions on issuing warrants: processing for the special purposes

        1. 3.A judge must not issue a warrant under this Schedule...

      4. Restrictions on issuing warrants: procedural requirements

        1. 4.(1) A judge must not issue a warrant under this...

      5. Content of warrants

        1. 5.(1) A warrant issued under this Schedule must authorise the...

      6. Copies of warrants

        1. 6.A judge who issues a warrant under this Schedule must—...

      7. Execution of warrants: reasonable force

        1. 7.A person executing a warrant issued under this Schedule may...

      8. Execution of warrants: time when executed

        1. 8.A warrant issued under this Schedule may be executed only...

      9. Execution of warrants: occupier of premises

        1. 9.(1) If an occupier of the premises in respect of...

      10. Execution of warrants: seizure of documents etc

        1. 10.(1) This paragraph applies where a person executing a warrant...

      11. Matters exempt from inspection and seizure: privileged communications

        1. 11.(1) The powers of inspection and seizure conferred by a...

      12. Matters exempt from inspection and seizure: Parliamentary privilege

        1. 12.The powers of inspection and seizure conferred by a warrant...

      13. Partially exempt material

        1. 13.(1) This paragraph applies if a person in occupation of...

      14. Return of warrants

        1. 14.(1) Where a warrant issued under this Schedule is executed—...

      15. Offences

        1. 15.(1) It is an offence for a person—

      16. Self-incrimination

        1. 16.(1) An explanation given, or information provided, by a person...

      17. Vessels, vehicles etc

        1. 17.In this Schedule— (a) “premises” includes a vehicle, vessel or...

      18. Scotland

        1. 18.In the application of this Schedule to Scotland—

      19. Northern Ireland

        1. 19.In the application of this Schedule to Northern Ireland—

    16. SCHEDULE 16

      Penalties

      1. Meaning of “penalty”

        1. 1.In this Schedule, “penalty” means a penalty imposed by a...

      2. Notice of intent to impose penalty

        1. 2.(1) Before giving a person a penalty notice, the Commissioner...

      3. Contents of notice of intent

        1. 3.(1) A notice of intent must contain the following information—...

      4. Giving a penalty notice

        1. 4.(1) The Commissioner may not give a penalty notice before...

      5. Contents of penalty notice

        1. 5.(1) A penalty notice must contain the following information—

      6. Period for payment of penalty

        1. 6.(1) A penalty must be paid to the Commissioner within...

      7. Variation of penalty

        1. 7.(1) The Commissioner may vary a penalty notice by giving...

      8. Cancellation of penalty

        1. 8.(1) The Commissioner may cancel a penalty notice by giving...

      9. Enforcement of payment

        1. 9.(1) The Commissioner must not take action to recover a...

    17. SCHEDULE 17

      Review of processing of personal data for the purposes of journalism

      1. Interpretation

        1. 1.In this Schedule— “relevant period” means— the period of 18...

      2. Information notices

        1. 2.(1) This paragraph applies where the Commissioner gives an information...

      3. Assessment notices

        1. 3.(1) Sub-paragraph (2) applies where the Commissioner gives an assessment...

      4. Applications in respect of urgent notices

        1. 4.Section 164 applies where an information notice or assessment notice...

    18. SCHEDULE 18

      Relevant records

      1. Relevant records

        1. 1.(1) In section 184, “relevant record” means—

      2. Relevant health records

        1. 2.“Relevant health record” means a health record which has been...

      3. Relevant records relating to a conviction or caution

        1. 3.(1) “Relevant record relating to a conviction or caution” means...

      4. Relevant records relating to statutory functions

        1. 4.(1) “Relevant record relating to statutory functions” means a record...

      5. Data subject access right

        1. 5.In this Schedule, “data subject access right” means a right...

      6. Records stating that personal data is not processed

        1. 6.For the purposes of this Schedule, a record which states...

      7. Power to amend

        1. 7.(1) The Secretary of State may by regulations amend this...

    19. SCHEDULE 19

      Minor and consequential amendments

      1. PART 1 Amendments of primary legislation

        1. Registration Service Act 1953 (c. 37)

          1. 1.(1) Section 19AC of the Registration Service Act 1953 (codes...

        2. Veterinary Surgeons Act 1966 (c. 36)

          1. 2.(1) Section 1A of the Veterinary Surgeons Act 1966 (functions...

        3. Parliamentary Commissioner Act 1967 (c. 13)

          1. 3.In section 11AA(1) of the Parliamentary Commissioner Act 1967 (disclosure...

        4. Local Government Act 1974 (c. 7)

          1. 4.The Local Government Act 1974 is amended as follows.

          2. 5.In section 33A(1) (disclosure of information by Local Commissioner to...

          3. 6.In section 34O(1) (disclosure of information by Local Commissioner to...

        5. Consumer Credit Act 1974 (c. 39)

          1. 7.The Consumer Credit Act 1974 is amended as follows.

          2. 8.In section 157(2A) (duty to disclose name etc of agency)—...

          3. 9.In section 159(1)(a) (correction of wrong information) for “section 7...

          4. 10.In section 189(1) (definitions), at the appropriate place insert— “the...

        6. Pharmacy (Northern Ireland) Order 1976 (S.I. 1976/1213 (N.I. 22))

          1. 11.The Pharmacy (Northern Ireland) Order 1976 is amended as follows....

          2. 12.In article 2(2) (interpretation), omit the definition of “Directive 95/46/EC”....

          3. 13.In article 8D (European professional card), after paragraph (3) insert—...

          4. 14.In article 22A(6) (Directive 2005/36/EC: functions of competent authority etc.),...

          5. 15.(1) Schedule 2C (Directive 2005/36/EC: European professional card) is amended...

          6. 16.(1) The table in Schedule 2D (functions of the Society...

          7. 17.(1) Paragraph 2 of Schedule 3 (fitness to practice: disclosure...

        7. Representation of the People Act 1983 (c. 2)

          1. 18.(1) Schedule 2 to the Representation of the People Act...

        8. Medical Act 1983 (c. 54)

          1. 19.The Medical Act 1983 is amended as follows.

          2. 20.(1) Section 29E (evidence) is amended as follows.

          3. 21.(1) Section 35A (General Medical Council's power to require disclosure...

          4. 22.In section 49B(7) (Directive 2005/36: designation of competent authority etc.),...

          5. 23.In section 55(1) (interpretation), omit the definition of “Directive 95/46/EC”....

          6. 24.(1) Paragraph 9B of Schedule 1 (incidental powers of the...

          7. 25.(1) Paragraph 5A of Schedule 4 (professional performance assessments and...

          8. 26.(1) The table in Schedule 4A (functions of the General...

        9. Dentists Act 1984 (c. 24)

          1. 27.The Dentists Act 1984 is amended as follows.

          2. 28.(1) Section 33B (the General Dental Council's power to require...

          3. 29.In section 36ZA(6) (Directive 2005/36: designation of competent authority etc),...

          4. 30.(1) Section 36Y (the General Dental Council's power to require...

          5. 31.In section 53(1) (interpretation), omit the definition of “Directive 95/46/EC”....

          6. 32.(1) The table in Schedule 4ZA (Directive 2005/36: functions of...

        10. Companies Act 1985 (c. 6)

          1. 33.In section 449(11) of the Companies Act 1985 (provision for...

        11. Access to Medical Reports Act 1988 (c. 28)

          1. 34.In section 2(1) of the Access to Medical Reports Act...

        12. Opticians Act 1989 (c. 44)

          1. 35.(1) Section 13B of the Opticians Act 1989 (the Council's...

        13. Access to Health Records Act 1990 (c. 23)

          1. 36.The Access to Health Records Act 1990 is amended as...

          2. 37.For section 2 substitute— Health professionals In this Act, “health professional” has the same meaning as...

          3. 38.(1) Section 3 (right of access to health records) is...

        14. Human Fertilisation and Embryology Act 1990 (c. 37)

          1. 39.(1) Section 33D of the Human Fertilisation and Embryology Act...

        15. Trade Union and Labour Relations (Consolidation) Act 1992 (c. 52)

          1. 40.(1) Section 251B of the Trade Union and Labour Relations...

        16. Tribunals and Inquiries Act 1992 (c. 53)

          1. 41.In the table in Part 1 of Schedule 1 to...

        17. Industrial Relations (Northern Ireland) Order 1992 (S.I. 1992/807 (N.I. 5))

          1. 42.(1) Article 90B of the Industrial Relations (Northern Ireland) Order...

        18. Health Service Commissioners Act 1993 (c. 46)

          1. 43.In section 18A(1) of the Health Service Commissioners Act 1993...

        19. Data Protection Act 1998 (c. 29)

          1. 44.The Data Protection Act 1998 is repealed, with the exception...

        20. Crime and Disorder Act 1998 (c. 37)

          1. 45.In section 17A(4) of the Crime and Disorder Act 1998...

        21. Food Standards Act 1999 (c. 28)

          1. 46.(1) Section 19 of the Food Standards Act 1999 (publication...

        22. Immigration and Asylum Act 1999 (c. 33)

          1. 47.(1) Section 13 of the Immigration and Asylum Act 1999...

        23. Financial Services and Markets Act 2000 (c. 8)

          1. 48.The Financial Services and Markets Act 2000 is amended as...

          2. 49.In section 86(9) (exempt offers to the public), for “the...

          3. 50.In section 391A(6)(b) (publication: special provisions relating to the capital...

          4. 51.In section 391C(7)(a) (publication: special provisions relating to the UCITS...

          5. 52.In section 391D(9)(a) (publication: special provisions relating to the markets...

          6. 53.In section 417 (definitions), at the appropriate place insert— “the...

        24. Terrorism Act 2000 (c. 11)

          1. 54.In section 21F(2)(d) of the Terrorism Act 2000 (other permitted...

        25. Freedom of Information Act 2000 (c. 36)

          1. 55.The Freedom of Information Act 2000 is amended as follows....

          2. 56.In section 2(3) (absolute exemptions), for paragraph (f) substitute—

          3. 57.In section 18 (the Information Commissioner), omit subsection (1).

          4. 58.(1) Section 40 (personal information) is amended as follows.

          5. 59.Omit section 49 (reports to be laid before Parliament).

          6. 60.For section 61 (appeal proceedings) substitute— Appeal proceedings (1) Tribunal Procedure Rules may make provision for regulating the...

          7. 61.In section 76(1) (disclosure of information between Commissioner and ombudsmen),...

          8. 62.After section 76A insert— Disclosure of information to Tribunal (1) No enactment or rule of law prohibiting or restricting...

          9. 63.In section 77(1)(b) (offence of altering etc records with intent...

          10. 64.In section 84 (interpretation), at the appropriate place insert— “the...

        26. Political Parties, Elections and Referendums Act 2000 (c. 41)

          1. 65.(1) Paragraph 28 of Schedule 19C to the Political Parties,...

        27. Public Finance and Accountability (Scotland) Act 2000 (asp 1)

          1. 66.The Public Finance and Accountability (Scotland) Act 2000 is amended...

          2. 67.In section 26B(3)(a) (voluntary disclosure of data to Audit Scotland),...

          3. 68.In section 26C(3)(a) (power to require disclosure of data), for...

          4. 69.In section 29(1) (interpretation), at the appropriate place insert— “the...

        28. Criminal Justice and Police Act 2001 (c. 16)

          1. 70.The Criminal Justice and Police Act 2001 is amended as...

          2. 71.In section 57(1) (retention of seized items)—

          3. 72.In section 65(7) (meaning of “legal privilege”)—

          4. 73.In Schedule 1 (powers of seizure)— (a) omit paragraph 65,...

        29. Anti-terrorism, Crime and Security Act 2001 (c.24)

          1. 74.The Anti-terrorism, Crime and Security Act 2001 is amended as...

          2. 75.(1) Section 19 (disclosure of information held by revenue departments)...

          3. 76.(1) Part 1 of Schedule 4 (extension of existing disclosure...

        30. Health and Personal Social Services Act (Northern Ireland) 2001 (c. 3 (N.I.))

          1. 77.(1) Section 7A of the Health and Personal Social Services...

        31. Justice (Northern Ireland) Act 2002 (c. 26)

          1. 78.(1) Section 5A of the Justice (Northern Ireland) Act 2002...

        32. Proceeds of Crime Act 2002 (c. 29)

          1. 79.The Proceeds of Crime Act 2002 is amended as follows....

          2. 80.In section 333C(2)(d) (other permitted disclosures between institutions etc), for...

          3. 81.In section 436(3)(a) (disclosure of information to certain Directors), for...

          4. 82.In section 438(8)(a) (disclosure of information by certain Directors), for...

          5. 83.In section 439(3)(a) (disclosure of information to Lord Advocate and...

          6. 84.In section 441(7)(a) (disclosure of information by Lord Advocate and...

          7. 85.After section 442 insert— Data protection legislation In this Part, “the data protection legislation” has the same...

        33. Enterprise Act 2002 (c. 40)

          1. 86.(1) Section 237 of the Enterprise Act 2002 (general restriction...

        34. Scottish Public Services Ombudsman Act 2002 (asp 11)

          1. 87.(1) In Schedule 5 to the Scottish Public Services Ombudsman...

        35. Freedom of Information (Scotland) Act 2002 (asp 13)

          1. 88.The Freedom of Information (Scotland) Act 2002 is amended as...

          2. 89.In section 2(2)(e)(ii) (absolute exemptions), omit “by virtue of subsection...

          3. 90.(1) Section 38 (personal information) is amended as follows.

        36. Courts Act 2003 (c. 39)

          1. 91.Schedule 5 to the Courts Act 2003 (collection of fines)...

          2. 92.(1) Paragraph 9C (disclosure of information in connection with making...

          3. 93.(1) Paragraph 10A (attachment of earnings orders (Justice Act (Northern...

        37. Sexual Offences Act 2003 (c. 42)

          1. 94.(1) Section 94 of the Sexual Offences Act 2003 (Part...

        38. Criminal Justice Act 2003 (c. 44)

          1. 95.The Criminal Justice Act 2003 is amended as follows.

          2. 96.In section 327A(9) (disclosure of information about convictions etc of...

          3. 97.In section 327B (disclosure of information about convictions etc of...

        39. Mental Health (Care and Treatment) (Scotland) Act 2003 (asp 13)

          1. 98.(1) Section 279 of the Mental Health (Care and Treatment)...

        40. Public Audit (Wales) Act 2004 (c. 23)

          1. 99.(1) Section 64C of the Public Audit (Wales) Act 2004...

        41. Companies (Audit, Investigations and Community Enterprise) Act 2004 (c. 27)

          1. 100.The Companies (Audit, Investigations and Community Enterprise) Act 2004 is...

          2. 101.(1) Section 15A (disclosure of information by tax authorities) is...

          3. 102.(1) Section 15D (permitted disclosure of information obtained under compulsory...

        42. Domestic Violence, Crime and Victims Act 2004 (c. 28)

          1. 103.(1) Section 54 of the Domestic Violence, Crime and Victims...

        43. Children Act 2004 (c. 31)

          1. 104.The Children Act 2004 is amended as follows.

          2. 105.(1) Section 12 (information databases) is amended as follows.

          3. 106.(1) Section 29 (information databases: Wales) is amended as follows....

        44. Constitutional Reform Act 2005 (c. 4)

          1. 107.(1) Section 107 of the Constitutional Reform Act 2005 (disclosure...

        45. Mental Capacity Act 2005 (c. 9)

          1. 108.In section 64 of the Mental Capacity Act 2005 (interpretation),...

        46. Public Services Ombudsman (Wales) Act 2005 (c. 10)

          1. 109.(1) Section 34X of the Public Services Ombudsman (Wales) Act...

        47. Commissioners for Revenue and Customs Act 2005 (c. 11)

          1. 110.(1) Section 22 of the Commissioners for Revenue and Customs...

        48. Gambling Act 2005 (c. 19)

          1. 111.(1) Section 352 of the Gambling Act 2005 (data protection)...

        49. Commissioner for Older People (Wales) Act 2006 (c. 30)

          1. 112.(1) Section 18 of the Commissioner for Older People (Wales)...

        50. National Health Service Act 2006 (c. 41)

          1. 113.The National Health Service Act 2006 is amended as follows....

          2. 114.(1) Section 251 (control of patient information) is amended as...

          3. 115.(1) Section 264C (provision and disclosure of information about health...

          4. 116.In paragraph 7B(3) of Schedule 1 (further provision about the...

        51. National Health Service (Wales) Act 2006 (c. 42)

          1. 117.The National Health Service (Wales) Act 2006 is amended as...

          2. 118.(1) Section 201C (provision of information about medical supplies: supplementary)...

          3. 119.In paragraph 7B(3) of Schedule 1 (further provision about the...

        52. Companies Act 2006 (c. 46)

          1. 120.The Companies Act 2006 is amended as follows.

          2. 121.In section 458(2) (disclosure of information by tax authorities)—

          3. 122.In section 461(7) (permitted disclosure of information obtained under compulsory...

          4. 123.In section 948(9) (restrictions on disclosure) for “the Data Protection...

          5. 124.In section 1173(1) (minor definitions: general), at the appropriate place...

          6. 125.In section 1224A(7) (restrictions on disclosure), for “the Data Protection...

          7. 126.In section 1253D(3) (restriction on transfer of audit working papers...

          8. 127.In section 1261(1) (minor definitions: Part 42), at the appropriate...

          9. 128.In section 1262 (index of defined expressions: Part 42), at...

          10. 129.In Schedule 8 (index of defined expressions: general), at the...

        53. Tribunals, Courts and Enforcement Act 2007 (c. 15)

          1. 130.The Tribunals, Courts and Enforcement Act 2007 is amended as...

          2. 131.In section 11(5)(b) (right to appeal to Upper Tribunal), for...

          3. 132.In section 13(8)(a) (right to appeal to the Court of...

        54. Statistics and Registration Service Act 2007 (c. 18)

          1. 133.The Statistics and Registration Service Act 2007 is amended as...

          2. 134.(1) Section 45 (information held by HMRC) is amended as...

          3. 135.(1) Section 45A (information held by other public authorities) is...

          4. 136.(1) Section 45B(3) (access to information held by Crown bodies...

          5. 137.(1) Section 45C(13) (power to require disclosures by other public...

          6. 138.In section 45D(9)(b) (power to require disclosure by undertakings), for...

          7. 139.(1) Section 45E (further provision about powers in sections 45B,...

          8. 140.(1) Section 53A (disclosure by the Statistics Board to devolved...

          9. 141.(1) Section 54 (Data Protection Act 1998 and Human Rights...

          10. 142.In section 67 (general interpretation: Part 1), at the appropriate...

        55. Serious Crime Act 2007 (c. 27)

          1. 143.The Serious Crime Act 2007 is amended as follows.

          2. 144.(1) Section 5A (verification and disclosure of information) is amended...

          3. 145.(1) Section 68 (disclosure of information to prevent fraud) is...

          4. 146.(1) Section 85 (disclosure of information by Revenue and Customs)...

        56. Legal Services Act 2007 (c. 29)

          1. 147.(1) Section 169 of the Legal Services Act 2007 (disclosure...

        57. Adoption and Children (Scotland) Act 2007 (asp 4)

          1. 148.In section 74 of the Adoption and Children (Scotland) Act...

        58. Criminal Justice and Immigration Act 2008 (c. 4)

          1. 149.The Criminal Justice and Immigration Act 2008 is amended as...

          2. 150.Omit— (a) section 77 (power to alter penalty for unlawfully...

          3. 151.(1) Section 114 (supply of information to Secretary of State...

        59. Regulatory Enforcement and Sanctions Act 2008 (c. 13)

          1. 152.(1) Section 70 of the Regulatory Enforcement and Sanctions Act...

        60. Health and Social Care Act 2008 (c. 14)

          1. 153.In section 20A(5) of the Health and Social Care Act...

        61. Counter-Terrorism Act 2008 (c. 28)

          1. 154.(1) Section 20 of the Counter-Terrorism Act 2008 (disclosure and...

        62. Public Health etc. (Scotland) Act 2008 (asp 5)

          1. 155.(1) Section 117 of the Public Health etc. (Scotland) Act...

        63. Banking Act 2009 (c. 1)

          1. 156.(1) Section 83ZY of the Banking Act 2009 (special resolution...

        64. Borders, Citizenship and Immigration Act 2009 (c. 11)

          1. 157.(1) Section 19 of the Borders, Citizenship and Immigration Act...

        65. Marine and Coastal Access Act 2009 (c. 23)

          1. 158.The Marine and Coastal Access Act 2009 is amended as...

          2. 159.(1) Paragraph 13 of Schedule 7 (further provision about civil...

          3. 160.(1) Paragraph 9 of Schedule 10 (further provision about fixed...

        66. Coroners and Justice Act 2009 (c. 25)

          1. 161.In Schedule 21 to the Coroners and Justice Act 2009...

        67. Broads Authority Act 2009 (c. i)

          1. 162.(1) Section 38 of the Broads Authority Act 2009 (provision...

        68. Health and Social Care (Reform) Act (Northern Ireland) 2009 (c. 1 (N.I.))

          1. 163.(1) Section 13 of the Health and Social Care (Reform)...

        69. Terrorist Asset-Freezing etc. Act 2010 (c. 38)

          1. 164.(1) Section 25 of the Terrorist Asset-Freezing etc. Act 2010...

        70. Marine (Scotland) Act 2010 (asp 5)

          1. 165.(1) Paragraph 12 of Schedule 2 to the Marine (Scotland)...

        71. Charities Act 2011 (c. 25)

          1. 166.(1) Section 59 of the Charities Act 2011 (disclosure: supplementary)...

        72. Welsh Language (Wales) Measure 2011 (nawm 1)

          1. 167.The Welsh Language (Wales) Measure 2011 is amended as follows....

          2. 168.(1) Section 22 (power to disclose information) is amended as...

          3. 169.(1) Paragraph 8 of Schedule 2 (inquiries by the Commissioner:...

        73. Safeguarding Board Act (Northern Ireland) 2011 (c. 7 (N.I))

          1. 170.(1) Section 10 of the Safeguarding Board Act (Northern Ireland)...

        74. Health and Social Care Act 2012 (c. 7)

          1. 171.The Health and Social Care Act 2012 is amended as...

          2. 172.In section 250(7) (power to publish information standards), for the...

          3. 173.(1) Section 251A (consistent identifiers) is amended as follows.

          4. 174.(1) Section 251B (duty to share information) is amended as...

        75. Protection of Freedoms Act 2012 (c. 9)

          1. 175.The Protection of Freedoms Act 2012 is amended as follows....

          2. 176.(1) Section 27 (exceptions and further provision about consent and...

          3. 177.In section 28(1) (interpretation: Chapter 2), for the definition of...

          4. 178.In section 29(7) (code of practice for surveillance camera systems),...

        76. HGV Road User Levy Act 2013 (c. 7)

          1. 179.(1) Section 14A of the HGV Road User Levy Act...

        77. Crime and Courts Act 2013 (c. 22)

          1. 180.The Crime and Courts Act 2013 is amended as follows....

          2. 181.(1) Section 42 (other interpretive provisions) is amended as follows....

          3. 182.(1) Paragraph 1 of Schedule 7 (statutory restrictions on disclosure)...

        78. Marine Act (Northern Ireland) 2013 (c. 10 (N.I.))

          1. 183.(1) Paragraph 8 of Schedule 2 to the Marine Act...

        79. Local Audit and Accountability Act 2014 (c. 2)

          1. 184.(1) Paragraph 3 of Schedule 9 to the Local Audit...

        80. Anti-social Behaviour, Crime and Policing Act 2014 (c. 12)

          1. 185.(1) Paragraph 7 of Schedule 4 to the Anti-social Behaviour,...

        81. Immigration Act 2014 (c. 22)

          1. 186.(1) Paragraph 6 of Schedule 6 to the Immigration Act...

        82. Care Act 2014 (c. 23)

          1. 187.In section 67(9) of the Care Act 2014 (involvement in...

        83. Social Services and Well-being (Wales) Act 2014 (anaw 4)

          1. 188.In section 18(10)(b) of the Social Services and Well-being (Wales)...

        84. Counter-Terrorism and Security Act 2015 (c. 6)

          1. 189.(1) Section 38 of the Counter-Terrorism and Security Act 2015...

        85. Small Business, Enterprise and Employment Act 2015 (c. 26)

          1. 190.(1) Section 6 of the Small Business, Enterprise and Employment...

        86. Modern Slavery Act 2015 (c. 30)

          1. 191.(1) Section 54A of the Modern Slavery Act 2015 (Gangmasters...

        87. Human Trafficking and Exploitation (Criminal Justice and Support for Victims) Act (Northern Ireland) 2015 (c. 2 (N.I.))

          1. 192.The Human Trafficking and Exploitation (Criminal Justice and Support for...

          2. 193.In section 13(5) (duty to notify National Crime Agency about...

          3. 194.In section 25(1) (interpretation of this Act), at the appropriate...

          4. 195.In paragraph 18(5) of Schedule 3 (supply of information to...

        88. Justice Act (Northern Ireland) 2015 (c. 9 (N.I.))

          1. 196.(1) Section 72 of the Justice Act (Northern Ireland) 2015...

        89. Immigration Act 2016 (c. 19)

          1. 197.(1) Section 7 of the Immigration Act 2016 (information gateways:...

        90. Investigatory Powers Act 2016 (c. 25)

          1. 198.The Investigatory Powers Act 2016 is amended as follows.

          2. 199.In section 1(5)(b), for sub-paragraph (ii) substitute—

          3. 200.In section 199 (bulk personal datasets: interpretation), for subsection (2)...

          4. 201.In section 202(4) (restriction on use of class BPD warrants),...

          5. 202.In section 206 (additional safeguards for health records), for subsection...

          6. 203.(1) Section 237 (information gateway) is amended as follows.

        91. Public Services Ombudsman Act (Northern Ireland) 2016 (c. 4 (N.I.))

          1. 204.(1) Section 49 of the Police Services Ombudsman Act (Northern...

        92. Health and Social Care (Control of Data Processing) Act (Northern Ireland) 2016 (c. 12 (N.I.))

          1. 205.(1) Section 1 of the Health and Social Care (Control...

        93. Mental Capacity Act (Northern Ireland) 2016 (c. 18 (N.I.))

          1. 206.In section 306(1) of the Mental Capacity Act (Northern Ireland)...

        94. Justice Act (Northern Ireland) 2016 (c. 21 (N.I.))

          1. 207.The Justice Act (Northern Ireland) 2016 is amended as follows....

          2. 208.(1) Section 17 (disclosure of information) is amended as follows....

          3. 209.In section 44(3) (disclosure of information)— (a) in paragraph (a),...

        95. Policing and Crime Act 2017 (c. 3)

          1. 210.(1) Section 50 of the Policing and Crime Act 2017...

        96. Children and Social Work Act 2017 (c. 12)

          1. 211.In Schedule 5 to the Children and Social Work Act...

        97. Higher Education and Research Act 2017 (c. 29)

          1. 212.The Higher Education and Research Act 2017 is amended as...

          2. 213.(1) Section 63 (cooperation and information sharing by the Office...

          3. 214.(1) Section 112 (cooperation and information sharing between the Office...

        98. Digital Economy Act 2017 (c. 30)

          1. 215.The Digital Economy Act 2017 is amended as follows.

          2. 216.(1) Section 40 (further provisions about disclosures under sections 35...

          3. 217.(1) Section 43 (codes of practice) is amended as follows....

          4. 218.(1) Section 49 (further provision about disclosures under section 48)...

          5. 219.(1) Section 52 (code of practice) is amended as follows....

          6. 220.(1) Section 57 (further provision about disclosures under section 56)...

          7. 221.(1) Section 60 (code of practice) is amended as follows....

          8. 222.(1) Section 65 (supplementary provision about disclosures under section 64)...

          9. 223.(1) Section 70 (code of practice) is amended as follows....

          10. 224.Omit sections 108 to 110 (charges payable to the Information...

        99. Landfill Disposals Tax (Wales) Act 2017 (anaw 3)

          1. 225.(1) Section 60 of the Landfill Disposals Tax (Wales) Act...

        100. Additional Learning Needs and Educational Tribunal (Wales) Act 2018 (anaw 2)

          1. 226.(1) Section 4 of the Additional Learning Needs and Educational...

        101. This Act

          1. 227.(1) Section 204 of this Act (meaning of “health professional”...

      2. PART 2 Amendments of other legislation

        1. Estate Agents (Specified Offences) (No. 2) Order 1991 (S.I. 1991/1091)

          1. 228.In the table in the Schedule to the Estate Agents...

        2. Channel Tunnel (International Arrangements) Order 1993 (S.I. 1993/1813)

          1. 229.(1) Article 4 of the Channel Tunnel (International Arrangements) Order...

        3. Access to Health Records (Northern Ireland) Order 1993 (S.I. 1993/1250 (N.I. 4))

          1. 230.The Access to Health Records (Northern Ireland) Order 1993 is...

          2. 231.In Article 4 (health professionals), for paragraph (1) substitute—

          3. 232.In Article 5(4)(a) (fees for access to health records), for...

        4. Channel Tunnel (Miscellaneous Provisions) Order 1994 (S.I. 1994/1405)

          1. 233.In article 4 of the Channel Tunnel (Miscellaneous Provisions) Order...

        5. European Primary and Specialist Dental Qualifications Regulations 1998 (S.I. 1998/811)

          1. 234.The European Primary and Specialist Dental Qualifications Regulations 1998 are...

          2. 235.(1) Regulation 2(1) (interpretation) is amended as follows.

          3. 236.(1) The table in Schedule A1 (functions of the GDC...

        6. Scottish Parliamentary Corporate Body (Crown Status) Order 1999 (S.I. 1999/677)

          1. 237.For article 7 of the Scottish Parliamentary Corporate Body (Crown...

        7. Northern Ireland Assembly Commission (Crown Status) Order 1999 (S.I. 1999/3145)

          1. 238.For article 9 of the Northern Ireland Assembly Commission (Crown...

        8. Data Protection (Corporate Finance Exemption) Order 2000 (S.I. 2000/184)

          1. 239.The Data Protection (Corporate Finance Exemption) Order 2000 is revoked....

        9. Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000 (S.I. 2000/185)

          1. 240.The Data Protection (Conditions under Paragraph 3 of Part II...

        10. Data Protection (Functions of Designated Authority) Order 2000 (S.I. 2000/186)

          1. 241.The Data Protection (Functions of Designated Authority) Order 2000 is...

        11. Data Protection (International Co-operation) Order 2000 (S.I. 2000/190)

          1. 242.The Data Protection (International Co-operation) Order 2000 is revoked.

        12. Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations 2000 (S.I. 2000/191)

          1. 243.The Data Protection (Subject Access) (Fees and Miscellaneous Provisions) Regulations...

        13. Consumer Credit (Credit Reference Agency) Regulations 2000 (S.I. 2000/290)

          1. 244.In the Consumer Credit (Credit Reference Agency) Regulations 2000, regulation...

        14. Data Protection (Subject Access Modification) (Health) Order 2000 (S.I. 2000/413)

          1. 245.The Data Protection (Subject Access Modification) (Health) Order 2000 is...

        15. Data Protection (Subject Access Modification) (Education) Order 2000 (S.I. 2000/414)

          1. 246.The Data Protection (Subject Access Modification) (Education) Order 2000 is...

        16. Data Protection (Subject Access Modification) (Social Work) Order 2000 (S.I. 2000/415)

          1. 247.The Data Protection (Subject Access Modification) (Social Work) Order 2000...

        17. Data Protection (Crown Appointments) Order 2000 (S.I. 2000/416)

          1. 248.The Data Protection (Crown Appointments) Order 2000 is revoked.

        18. Data Protection (Processing of Sensitive Personal Data) Order 2000 (S.I. 2000/417)

          1. 249.The Data Protection (Processing of Sensitive Personal Data) Order 2000...

        19. Data Protection (Miscellaneous Subject Access Exemptions) Order 2000 (S.I. 2000/419)

          1. 250.The Data Protection (Miscellaneous Subject Access Exemptions) Order 2000 is...

        20. Data Protection (Designated Codes of Practice) (No. 2) Order 2000 (S.I. 2000/1864)

          1. 251.The Data Protection (Designated Codes of Practice) (No. 2) Order...

        21. Representation of the People (England and Wales) Regulations 2001 (S.I. 2001/341)

          1. 252.The Representation of the People (England and Wales) Regulations 2001...

          2. 253.In regulation 3(1) (interpretation), at the appropriate places insert— “Article...

          3. 254.In regulation 26(3)(a) (applications for registration), for “the Data Protection...

          4. 255.In regulation 26A(2)(a) (application for alteration of register in respect...

          5. 256.In regulation 32ZA(3)(f) (annual canvass), for “the Data Protection Act...

          6. 257.In regulation 61A (conditions on the use, supply and inspection...

          7. 258.(1) Regulation 92(2) (interpretation and application of Part VI etc)...

          8. 259.In regulation 96(2A)(b)(i) (restriction on use of the full register),...

          9. 260.In regulation 97(5) and (6) (supply of free copy of...

          10. 261.In regulation 97A(7) and (8) (supply of free copy of...

          11. 262.In regulation 99(6) and (7) (supply of free copy of...

          12. 263.In regulation 109A(9) and (10) (supply of free copy of...

          13. 264.In regulation 119(2) (conditions on the use, supply and disclosure...

        22. Representation of the People (Scotland) Regulations 2001 (S.I. 2001/497)

          1. 265.The Representation of the People (Scotland) Regulations 2001 are amended...

          2. 266.In regulation 3(1) (interpretation), at the appropriate places, insert— “Article...

          3. 267.In regulation 26(3)(a) (applications for registration), for “the Data Protection...

          4. 268.In regulation 26A(2)(a) (application for alteration of register in respect...

          5. 269.In regulation 32ZA(3)(f) (annual canvass), for “the Data Protection Act...

          6. 270.In regulation 61(3) (records and lists kept under Schedule 4),...

          7. 271.In regulation 61A (conditions on the use, supply and inspection...

          8. 272.(1) Regulation 92(2) (interpretation of Part VI etc) is amended...

          9. 273.In regulation 95(3)(b)(i) (restriction on use of the full register),...

          10. 274.In regulation 96(5) and (6) (supply of free copy of...

          11. 275.In regulation 98(6) and (7) (supply of free copy of...

          12. 276.In regulation 108A(9) and (10) (supply of full register to...

          13. 277.In regulation 119(2) (conditions on the use, supply and disclosure...

        23. Financial Services and Markets Act 2000 (Disclosure of Confidential Information) Regulations 2001 (S.I. 2001/2188)

          1. 278.(1) Article 9 of the Financial Services and Markets 2000...

        24. Nursing and Midwifery Order 2001 (S.I. 2002/253)

          1. 279.The Nursing and Midwifery Order 2001 is amended as follows....

          2. 280.(1) Article 3 (the Nursing and Midwifery Council and its...

          3. 281.(1) Article 25 (the Council's power to require disclosure of...

          4. 282.In article 39B (European professional card), after paragraph (2) insert—...

          5. 283.In article 40(6) (Directive 2005/36/EC: designation of competent authority etc),...

          6. 284.(1) Schedule 2B (Directive 2005/36/EC: European professional card) is amended...

          7. 285.(1) The table in Schedule 3 (functions of the Council...

          8. 286.In Schedule 4 (interpretation), omit the definition of “Directive 95/46/EC”....

        25. Electronic Commerce (EC Directive) Regulations 2002 (S.I. 2002/2013)

          1. 287.Regulation 3 of the Electronic Commerce (EC Directive) Regulations 2002...

          2. 288.In paragraph (1)(b) for “the Data Protection Directive and the...

          3. 289.In paragraph (3)— (a) omit the definitions of “Data Protection...

        26. Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) Order 2002 (S.I. 2002/2905)

          1. 290.The Data Protection (Processing of Sensitive Personal Data) (Elected Representatives)...

        27. Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426)

          1. 291.The Privacy and Electronic Communications (EC Directive) Regulations 2003 are...

          2. 292.In regulation 2(1) (interpretation), in the definition of “the Information...

          3. 293.(1) Regulation 4 (relationship between these Regulations and the Data...

        28. Nationality, Immigration and Asylum Act 2002 (Juxtaposed Controls) Order 2003 (S.I. 2003/2818)

          1. 294.The Nationality, Immigration and Asylum Act 2002 (Juxtaposed Controls) Order...

          2. 295.In article 8(2) (exercise of powers by French officers in...

          3. 296.In article 11(4) (exercise of powers by UK immigration officers...

        29. Pupils' Educational Records (Scotland) Regulations 2003 (S.S.I. 2003/581)

          1. 297.The Pupils' Educational Records (Scotland) Regulations 2003 are amended as...

          2. 298.(1) Regulation 2 (interpretation) is amended as follows.

          3. 299.(1) Regulation 6 (circumstances where information should not be disclosed)...

          4. 300.In regulation 9 (fees), for paragraph (1) substitute—

        30. European Parliamentary Elections (Northern Ireland) Regulations 2004 (S.I. 2004/1267)

          1. 301.Schedule 1 to the European Parliamentary Elections (Northern Ireland) Regulations...

          2. 302.(1) Paragraph 74(1) (interpretation) is amended as follows.

          3. 303.In paragraph 77(2)(b) (conditions on the use, supply and disclosure...

        31. Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 (S.I. 2004/3244)

          1. 304.In regulation 3(1) of the Freedom of Information and Data...

        32. Environmental Information Regulations 2004 (S.I. 2004/3391)

          1. 305.The Environmental Information Regulations 2004 are amended as follows.

          2. 306.(1) Regulation 2 (interpretation) is amended as follows.

          3. 307.(1) Regulation 13 (personal data) is amended as follows.

          4. 308.In regulation 14 (refusal to disclose information), in paragraph (3)(b),...

          5. 309.In regulation 18 (enforcement and appeal provisions), in paragraph (5),...

        33. Environmental Information (Scotland) Regulations 2004 (S.S.I. 2004/520)

          1. 310.The Environmental Information (Scotland) Regulations 2004 are amended as follows....

          2. 311.(1) Regulation 2 (interpretation) is amended as follows.

          3. 312.(1) Regulation 11 (personal data) is amended as follows.

        34. Licensing Act 2003 (Personal Licences) Regulations 2005 (S.I. 2005/41)

          1. 313.(1) Regulation 7 of the Licensing Act 2003 (Personal Licences)...

        35. Education (Pupil Information) (England) Regulations 2005 (S.I. 2005/1437)

          1. 314.The Education (Pupil Information) (England) Regulations 2005 are amended as...

          2. 315.In regulation 3(5) (meaning of educational record) for “section 1(1)...

          3. 316.(1) Regulation 5 (disclosure of curricular and educational records) is...

        36. Civil Contingencies Act 2004 (Contingency Planning) Regulations 2005 (S.I. 2005/2042)

          1. 317.(1) Regulation 45 of the Civil Contingencies Act 2004 (Contingency...

        37. Register of Judgments, Orders and Fines Regulations 2005 (S.I. 2005/3595)

          1. 318.In regulation 3 of the Register of Judgments, Orders and...

        38. Civil Contingencies Act 2004 (Contingency Planning) (Scotland) Regulations 2005 (S.S.I. 2005/494)

          1. 319.The Civil Contingencies Act 2004 (Contingency Planning) (Scotland) Regulations 2005...

          2. 320.(1) Regulation 39 (sensitive information) is amended as follows.

        39. Data Protection (Processing of Sensitive Personal Data) Order 2006 (S.I. 2006/2068)

          1. 321.The Data Protection (Processing of Sensitive Personal Data) Order 2006...

        40. National Assembly for Wales (Representation of the People) Order 2007 (S.I. 2007/236)

          1. 322.(1) Paragraph 14 of Schedule 1 to the National Assembly...

        41. Mental Capacity Act 2005 (Loss of Capacity during Research Project) (England) Regulations 2007 (S.I. 2007/679)

          1. 323.In regulation 3 of the Mental Capacity Act 2005 (Loss...

        42. National Assembly for Wales Commission (Crown Status) Order 2007 (S.I. 2007/1118)

          1. 324.For article 5 of the National Assembly for Wales Commission...

        43. Mental Capacity Act 2005 (Loss of Capacity during Research Project) (Wales) Regulations 2007 (S.I. 2007/837 (W.72))

          1. 325.In regulation 3 of the Mental Capacity Act 2005 (Loss...

        44. Representation of the People (Absent Voting at Local Elections) (Scotland) Regulations 2007 (S.S.I. 2007/170)

          1. 326.(1) Regulation 18 of the Representation of the People (Absent...

        45. Representation of the People (Post-Local Government Elections Supply and Inspection of Documents) (Scotland) Regulations 2007 (S.S.I. 2007/264)

          1. 327.In regulation 5 of the Representation of the People (Post-Local...

        46. Education (Pupil Records and Reporting) (Transitional) Regulations (Northern Ireland) 2007 (S.R. (N.I.) 2007 No. 43)

          1. 328.The Education (Pupil Records and Reporting) (Transitional) Regulations (Northern Ireland)...

          2. 329.In regulation 2 (interpretation), at the appropriate place insert— “the...

          3. 330.In regulation 10(2) (duties of Boards of Governors), for “documents...

        47. Representation of the People (Northern Ireland) Regulations 2008 (S.I. 2008/1741)

          1. 331.In regulation 118 of the Representation of the People (Northern...

        48. Companies Act 2006 (Extension of Takeover Panel Provisions) (Isle of Man) Order 2008 (S.I. 2008/3122)

          1. 332.In paragraph 1(c) of the Schedule to the Companies Act...

        49. Controlled Drugs (Supervision of Management and Use) (Wales) Regulations 2008 (S.I. 2008/3239 (W.286))

          1. 333.The Controlled Drugs (Supervision of Management and Use) (Wales) Regulations...

          2. 334.In regulation 2(1) (interpretation)— (a) at the appropriate place in...

          3. 335.(1) Regulation 25 (duty to co-operate by disclosing information as...

          4. 336.(1) Regulation 26 (responsible bodies requesting additional information be disclosed...

          5. 337.(1) Regulation 29 (occurrence reports) is amended as follows.

        50. Energy Order 2003 (Supply of Information) Regulations (Northern Ireland) 2008 (S.R. (N.I.) 2008 No. 3)

          1. 338.(1) Regulation 5 of the Energy Order 2003 (Supply of...

        51. Companies (Disclosure of Address) Regulations 2009 (S.I. 2009/214)

          1. 339.(1) Paragraph 6 of Schedule 2 to the Companies (Disclosure...

        52. Overseas Companies Regulations 2009 (S.I. 2009/1801)

          1. 340.(1) Paragraph 6 of Schedule 2 to the Overseas Companies...

        53. Data Protection (Processing of Sensitive Personal Data) Order 2009 (S.I. 2009/1811)

          1. 341.The Data Protection (Processing of Sensitive Personal Data) Order 2009...

        54. Provision of Services Regulations 2009 (S.I. 2009/2999)

          1. 342.In regulation 25 of the Provision of Services Regulations 2009...

        55. INSPIRE Regulations 2009 (S.I. 2009/3157)

          1. 343.(1) Regulation 9 of the INSPIRE Regulations 2009 (public access...

        56. INSPIRE (Scotland) Regulations 2009 (S.S.I. 2009/440)

          1. 344.(1) Regulation 10 of the INSPIRE (Scotland) Regulations 2009 (public...

        57. Controlled Drugs (Supervision of Management and Use) Regulations (Northern Ireland) 2009 (S.R (N.I.) 2009 No. 225)

          1. 345.The Controlled Drugs (Supervision of Management and Use) Regulations (Northern...

          2. 346.In regulation 2(2) (interpretation), at the appropriate place insert— “the...

          3. 347.(1) Regulation 25 (duty to co-operate by disclosing information as...

          4. 348.(1) Regulation 26 (responsible bodies requesting additional information be disclosed...

          5. 349.(1) Regulation 29 (occurrence reports) is amended as follows.

        58. Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 (S.I. 2010/31)

          1. 350.The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations...

        59. Pharmacy Order 2010 (S.I. 2010/231)

          1. 351.The Pharmacy Order 2010 is amended as follows.

          2. 352.In article 3(1) (interpretation), omit the definition of “Directive 95/46/EC”....

          3. 353.(1) Article 9 (inspection and enforcement) is amended as follows....

          4. 354.In article 33A (European professional card), after paragraph (2) insert—...

          5. 355.(1) Article 49 (disclosure of information: general) is amended as...

          6. 356.(1) Article 55 (professional performance assessments) is amended as follows....

          7. 357.In article 67(6) (Directive 2005/36/EC: designation of competent authority etc.),...

          8. 358.(1) Schedule 2A (Directive 2005/36/EC: European professional card) is amended...

          9. 359.(1) The table in Schedule 3 (Directive 2005/36/EC: designation of...

        60. Data Protection (Monetary Penalties) Order 2010 (S.I. 2010/910)

          1. 360.The Data Protection (Monetary Penalties) Order 2010 is revoked.

        61. National Employment Savings Trust Order 2010 (S.I. 2010/917)

          1. 361.The National Employment Savings Trust Order 2010 is amended as...

          2. 362.In article 2 (interpretation)— (a) omit the definition of “data”...

          3. 363.(1) Article 10 (disclosure of requested data to the Secretary...

        62. Local Elections (Northern Ireland) Order 2010 (S.I. 2010/2977)

          1. 364.(1) Schedule 3 to the Local Elections (Northern Ireland) Order...

        63. Pupil Information (Wales) Regulations 2011 (S.I. 2011/1942 (W.209))

          1. 365.(1) Regulation 5 of the Pupil Information (Wales) Regulations 2011...

        64. Debt Arrangement Scheme (Scotland) Regulations 2011 (S.S.I. 2011/141)

          1. 366.In Schedule 4 to the Debt Arrangement Scheme (Scotland) Regulations...

        65. Police and Crime Commissioner Elections Order 2012 (S.I. 2012/1917)

          1. 367.The Police and Crime Commissioner Elections Order 2012 is amended...

          2. 368.(1) Schedule 2 (absent voting in Police and Crime Commissioner...

          3. 369.(1) Schedule 10 (access to marked registers and other documents...

        66. Data Protection (Processing of Sensitive Personal Data) Order 2012 (S.I. 2012/1978)

          1. 370.The Data Protection (Processing of Sensitive Personal Data) Order 2012...

        67. Neighbourhood Planning (Referendums) Regulations 2012 (S.I. 2012/2031)

          1. 371.Schedule 6 to the Neighbourhood Planning (Referendums) Regulations 2012 (registering...

          2. 372.(1) Paragraph 29(1) (interpretation of Part 8) is amended as...

          3. 373.In paragraph 32(3)(b)(i), for “section 11(3) of the Data Protection...

          4. 374.In paragraph 33(6) and (7) (supply of copy of business...

          5. 375.In paragraph 34(6) and (7) (supply of copy of business...

          6. 376.In paragraph 39(8) and (97) (supply of copy of business...

          7. 377.In paragraph 45(2) (conditions on the use, supply and disclosure...

        68. Controlled Drugs (Supervision of Management and Use) Regulations 2013 (S.I. 2013/373)

          1. 378.(1) Regulation 20 of the Controlled Drugs (Supervision of Management...

        69. Communications Act 2003 (Disclosure of Information) Order 2014 (S.I. 2014/1825)

          1. 379.(1) Article 3 of the Communications Act 2003 (Disclosure of...

        70. Criminal Justice and Data Protection (Protocol No. 36) Regulations 2014 (S.I. 2014/3141)

          1. 380.In the Criminal Justice and Data Protection (Protocol No. 36)...

        71. Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014 (S.I. 2014/3282)

          1. 381.The Data Protection (Assessment Notices) (Designation of National Health Service...

        72. The Control of Explosives Precursors etc Regulations (Northern Ireland) 2014 (S.R. (N.I.) 2014 No. 224)

          1. 382.In regulation 6 of the Control of Explosives Precursors etc...

        73. Control of Poisons and Explosives Precursors Regulations 2015 (S.I. 2015/966)

          1. 383.In regulation 3 of the Control of Poisons and Explosives...

        74. Companies (Disclosure of Date of Birth Information) Regulations 2015 (S.I. 2015/1694)

          1. 384.(1) Paragraph 6 of Schedule 2 to the Companies (Disclosure...

        75. Small and Medium Sized Business (Credit Information) Regulations 2015 (S.I. 2015/1945)

          1. 385.The Small and Medium Sized Business (Credit Information) Regulations 2015...

          2. 386.(1) Regulation 12 (criteria for the designation of a credit...

          3. 387.(1) Regulation 15 (access to and correction of information for...

        76. European Union (Recognition of Professional Qualifications) Regulations 2015 (S.I. 2015/2059)

          1. 388.The European Union (Recognition of Professional Qualifications) Regulations 2015 are...

          2. 389.(1) Regulation 2(1) (interpretation) is amended as follows.

          3. 390.In regulation 5(5) (functions of competent authorities in the United...

          4. 391.In regulation 45(3) (processing and access to data regarding the...

          5. 392.In regulation 46(1) (processing and access to data regarding the...

          6. 393.In regulation 48(2) (processing and access to data regarding the...

          7. 394.In regulation 66(3) (exchange of information), for “Directives 95/46/EC” substitute...

        77. Scottish Parliament (Elections etc) Order 2015 (S.S.I. 2015/425)

          1. 395.The Scottish Parliament (Elections etc) Order 2015 is amended as...

          2. 396.(1) Schedule 3 (absent voting) is amended as follows.

          3. 397.(1) Schedule 8 (access to marked registers and other documents...

        78. Recall of MPs Act 2015 (Recall Petition) Regulations 2016 (S.I. 2016/295)

          1. 398.In paragraph 1(3) of Schedule 3 to the Recall of...

        79. Register of People with Significant Control Regulations 2016 (S.I. 2016/339)

          1. 399.Schedule 4 to the Register of People with Significant Control...

          2. 400.(1) Paragraph 6 (disclosure to a credit reference agency) is...

          3. 401.In paragraph 12A (disclosure to a credit institution or a...

          4. 402.In Part 3 (interpretation), after paragraph 13 insert— In this Schedule, “data protection obligations”, in relation to a...

        80. Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (S.I. 2016/696)

          1. 403.The Electronic Identification and Trust Services for Electronic Transactions Regulations...

          2. 404.In regulation 2(1) (interpretation), omit the definition of “the 1998...

          3. 405.In regulation 3(3) (supervision), omit “under the 1998 Act”.

          4. 406.For Schedule 2 substitute— SCHEDULE 2 Information Commissioner's enforcement powers...

        81. Court Files Privileged Access Rules (Northern Ireland) 2016 (S.R. (N.I.) 2016 No. 123)

          1. 407.The Court Files Privileged Access Rules (Northern Ireland) 2016 are...

          2. 408.In rule 5 (information that may released) for “Schedule 1...

          3. 409.In rule 7(2) (provision of information) for “Schedule 1 of...

        82. Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (S.I. 2017/692)

          1. 410.The Money Laundering, Terrorist Financing and Transfer of Funds (Information...

          2. 411.In regulation 3(1) (interpretation), at the appropriate places insert— “the...

          3. 412.In regulation 16(8) (risk assessment by the Treasury and Home...

          4. 413.In regulation 17(9) (risk assessment by supervisory authorities), for “the...

          5. 414.For regulation 40(9)(c) (record keeping) substitute— (c) “data subject” has...

          6. 415.(1) Regulation 41 (data protection) is amended as follows.

          7. 416.(1) Regulation 84 (publication: the Financial Conduct Authority) is amended...

          8. 417.(1) Regulation 85 (publication: the Commissioners) is amended as follows....

          9. 418.For regulation 106(a) (general restrictions) substitute— (a) a disclosure in...

          10. 419.After paragraph 27 of Schedule 3 (relevant offences) insert— An offence under the Data Protection Act 2018, apart from...

        83. Scottish Partnerships (Register of People with Significant Control) Regulations 2017 (S.I. 2017/694)

          1. 420.(1) Paragraph 6 of Schedule 5 to the Scottish Partnerships...

        84. Data Protection (Charges and Information) Regulations 2018 (S.I. 2018/480)

          1. 421.In regulation 1(2) of the Data Protection (Charges and Information)...

        85. National Health Service (General Medical Services Contracts) (Scotland) Regulations 2018 (S.S.I. 2018/66)

          1. 422.The National Health Service (General Medical Services Contracts) (Scotland) Regulations...

          2. 423.(1) Regulation 1 (citation and commencement) is amended as follows....

          3. 424.In regulation 3(1) (interpretation)— (a) omit the definition of “the...

          4. 425.(1) Schedule 6 (other contractual terms) is amended as follows....

        86. National Health Service (Primary Medical Services Section 17C Agreements) (Scotland) Regulations 2018 (S.S.I. 2018/67)

          1. 426.The National Health Service (Primary Medical Services Section 17C Agreements)...

          2. 427.(1) Regulation 1 (citation and commencement) is amended as follows....

          3. 428.In regulation 3(1) (interpretation)— (a) omit the definition of “the...

          4. 429.(1) Schedule 1 (content of agreements) is amended as follows....

      3. PART 3 Modifications

        1. Introduction

          1. 430.(1) Unless the context otherwise requires, legislation described in sub-paragraph...

        2. General modifications

          1. 431.(1) References to a particular provision of, or made under,...

        3. Specific modification of references to terms used in the Data Protection Act 1998

          1. 432.(1) References to personal data, and to the processing of...

      4. PART 4 Supplementary

        1. Definitions

          1. 433.Section 3(14) does not apply to this Schedule.

        2. Provision inserted in subordinate legislation by this Schedule

          1. 434.Provision inserted into subordinate legislation by this Schedule may be...

    20. SCHEDULE 20

      Transitional provision etc

      1. PART 1 General

        1. Interpretation

          1. 1.(1) In this Schedule— “the 1984 Act” means the Data...

      2. PART 2 Rights of data subjects

        1. Right of access to personal data under the 1998 Act

          1. 2.(1) The repeal of sections 7 to 9A of the...

        2. Right to prevent processing likely to cause damage or distress under the 1998 Act

          1. 3.(1) The repeal of section 10 of the 1998 Act...

        3. Right to prevent processing for purposes of direct marketing under the 1998 Act

          1. 4.(1) The repeal of section 11 of the 1998 Act...

        4. Automated processing under the 1998 Act

          1. 5.(1) The repeal of section 12 of the 1998 Act...

        5. Compensation for contravention of the 1998 Act or Part 4 of the 2014 Regulations

          1. 6.(1) The repeal of section 13 of the 1998 Act...

        6. Rectification, blocking, erasure and destruction under the 1998 Act

          1. 7.(1) The repeal of section 14(1) to (3) and (6)...

        7. Jurisdiction and procedure under the 1998 Act

          1. 8.The repeal of section 15 of the 1998 Act (jurisdiction...

        8. Exemptions under the 1998 Act

          1. 9.(1) The repeal of Part 4 of the 1998 Act...

        9. Prohibition by this Act of requirement to produce relevant records

          1. 10.(1) In Schedule 18 to this Act, references to a...

        10. Avoidance under this Act of certain contractual terms relating to health records

          1. 11.In section 185 of this Act, references to a record...

      3. PART 3 The UK GDPR and Part 2 of this Act

        1. Exemptions from the UK GDPR: restrictions of rules in Articles 13 to 15 of the UK GDPR

          1. 12.In paragraph 20(2) of Schedule 2 to this Act (self-incrimination),...

        2. Manual unstructured data held by FOI public authorities

          1. 13.Until the first regulations under section 24(8) of this Act...

      4. PART 4 Law enforcement and intelligence services processing

        1. Logging

          1. 14.(1) In relation to an automated processing system set up...

        2. Regulation 50 of the 2014 Regulations (disapplication of the 1998 Act)

          1. 15.Nothing in this Schedule, read with the revocation of regulation...

        3. Maximum fee for data subject access requests to intelligence services

          1. 16.Until the first regulations under section 94(4)(b) of this Act...

      5. PART 5 National security certificates

        1. National security certificates: processing of personal data under the 1998 Act

          1. 17.(1) The repeal of section 28(2) to (12) of the...

        2. National security certificates: processing of personal data under the 2018 Act

          1. 18.(1) This paragraph applies to a certificate issued under section...

      6. PART 6 The Information Commissioner

        1. Appointment etc

          1. 19.(1) On and after the relevant day, the individual who...

        2. Accounts

          1. 20.(1) The repeal of paragraph 10 of Schedule 5 to...

        3. Annual report

          1. 21.(1) The repeal of section 52(1) of the 1998 Act...

        4. Fees etc received by the Commissioner

          1. 22.(1) The repeal of Schedule 5 to the 1998 Act...

          2. 23.Paragraph 10 of Schedule 12 to this Act applies only...

        5. Functions in connection with the Data Protection Convention

          1. 24.(1) The repeal of section 54(2) of the 1998 Act...

        6. Co-operation with the European Commission: transfers of personal data outside the EEA

          1. 25.(1) The repeal of section 54(3) of the 1998 Act...

        7. Charges payable to the Commissioner by controllers

          1. 26.(1) The Data Protection (Charges and Information) Regulations 2018 (S.I....

        8. Requests for assessment

          1. 27.(1) The repeal of section 42 of the 1998 Act...

        9. Codes of practice

          1. 28.(1) The repeal of section 52E of the 1998 Act...

      7. PART 7 Enforcement etc under the 1998 Act

        1. Interpretation of this Part

          1. 29.(1) In this Part of this Schedule, references to contravention...

        2. Information notices

          1. 30.(1) The repeal of section 43 of the 1998 Act...

        3. Special information notices

          1. 31.(1) The repeal of section 44 of the 1998 Act...

        4. Assessment notices

          1. 32.(1) The repeal of sections 41A and 41B of the...

        5. Enforcement notices

          1. 33.(1) The repeal of sections 40 and 41 of the...

        6. Determination by Commissioner as to the special purposes

          1. 34.(1) The repeal of section 45 of the 1998 Act...

        7. Restriction on enforcement in case of processing for the special purposes

          1. 35.(1) The repeal of section 46 of the 1998 Act...

        8. Offences

          1. 36.(1) The repeal of sections 47, 60 and 61 of...

        9. Powers of entry

          1. 37.(1) The repeal of sections 50, 60 and 61 of,...

        10. Monetary penalties

          1. 38.(1) The repeal of sections 55A, 55B, 55D and 55E...

        11. Appeals

          1. 39.(1) The repeal of sections 48 and 49 of the...

        12. Exemptions

          1. 40.(1) The repeal of section 28 of the 1998 Act...

        13. Tribunal Procedure Rules

          1. 41.(1) The repeal of paragraph 7 of Schedule 6 to...

        14. Obstruction etc

          1. 42.(1) The repeal of paragraph 8 of Schedule 6 to...

        15. Enforcement etc under the 2014 Regulations

          1. 43.(1) The references in the preceding paragraphs of this Part...

      8. PART 8 Enforcement etc under this Act

        1. Information notices

          1. 44.In section 143 of this Act— (a) the reference to...

        2. Powers of entry

          1. 45.In paragraph 16 of Schedule 15 to this Act (powers...

        3. Tribunal Procedure Rules

          1. 46.(1) Tribunal Procedure Rules made under paragraph 7(1)(a) of Schedule...

      9. PART 9 Other enactments

        1. Powers to disclose information to the Commissioner

          1. 47.(1) The following provisions (as amended by Schedule 19 to...

        2. Codes etc required to be consistent with the Commissioner's data-sharing code

          1. 48.(1) This paragraph applies in relation to the code of...

          2. 49.(1) This paragraph applies in relation to the original statement...

        3. Consumer Credit Act 1974

          1. 50.In section 159(1)(a) of the Consumer Credit Act 1974 (correction...

        4. Freedom of Information Act 2000

          1. 51.Paragraphs 52 to 55 make provision about the Freedom of...

          2. 52.(1) This paragraph applies where a request for information was...

          3. 53.(1) Tribunal Procedure Rules made under paragraph 7(1)(b) of Schedule...

          4. 54.(1) The repeal of paragraph 8 of Schedule 6 to...

          5. 55.(1) The amendment of section 77 of the 2000 Act...

        5. Freedom of Information (Scotland) Act 2002

          1. 56.(1) This paragraph applies where a request for information was...

        6. Access to Health Records (Northern Ireland) Order 1993 (S.I. 1993/1250 (N.I. 4))

          1. 57.Until the first regulations under Article 5(4)(a) of the Access...

        7. Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2450)

          1. 58.(1) The repeal of a provision of the 1998 Act...

        8. Health and Personal Social Services (Quality, Improvement and Regulation) (Northern Ireland) Order 2003 (S.I. 2003/431 (N.I. 9))

          1. 59.Part 3 of Schedule 19 to this Act (modifications) does...

        9. Environmental Information Regulations 2004 (S.I. 2004/3391)

          1. 60.(1) This paragraph applies where a request for information was...

        10. Environmental Information (Scotland) Regulations 2004 (S.S.I. 2004/520)

          1. 61.(1) This paragraph applies where a request for information was...

    21. SCHEDULE 21

      Further transitional provision etc

      1. Part 1 Interpretation

        1. 1.The applied GPDR

      2. Part 2 Continuation of existing acts etc

        1. 2.Merger of the directly applicable GDPR and the applied GDPR

        2. 3.(1) Anything done in connection with the EU GDPR as...

      3. Part 3 Transfers to third countries and international organisations

        1. 4.UK GDPR: adequacy decisions and adequacy regulations

        2. 5.(1) The following are specified for the purposes of paragraph...

        3. 6.(1) In the provisions listed in sub-paragraph (2)—

        4. 7.UK GDPR: transfers subject to appropriate safeguards provided by standard data protection clauses

        5. 8.(1) Paragraph 7 does not apply to the extent that...

        6. 9.UK GDPR: transfers subject to appropriate safeguards provided by binding corporate rules

        7. 10.Part 3 (law enforcement processing): adequacy decisions and adequacy regulations

        8. 11.(1) The following are specified for the purposes of paragraph...

        9. 12.In section 74B(1), (3), (6) and (7)—

      4. Part 4 Repeal of provisions in Chapter 3 of Part 2

        1. 13.Applied GDPR: power to make provision in consequence of GDPR regulations

        2. 14.Applied GDPR: national security certificates

      5. Part 5 The Information Commissioner

        1. 15.Confidentiality of information

      6. Part 6 Enforcement

        1. 16.GDPR: maximum amount of penalties

        2. 17.GDPR: right to an effective remedy against the Commissioner

Back to top

Options/Help

Print Options

You have chosen to open The Whole Act

The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open The Whole Act as a PDF

The Whole Act you have selected contains over 200 provisions and might take some time to download.

Would you like to continue?

You have chosen to open the Whole Act

The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open the Whole Act without Schedules

The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

You have chosen to open Schedules only

The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.

Would you like to continue?

Close

Legislation is available in different versions:

Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.

Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.

Close

Opening Options

Different options to open legislation in order to view more content on screen at once

Close

Explanatory Notes

Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.

Close

More Resources

Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • correction slips
  • links to related legislation and further information resources
Close

Timeline of Changes

This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.

Close

More Resources

Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:

  • the original print PDF of the as enacted version that was used for the print copy
  • correction slips

Click 'View More' or select 'More Resources' tab for additional information including:

  • lists of changes made by and/or affecting this legislation item
  • confers power and blanket amendment details
  • all formats of all associated documents
  • links to related legislation and further information resources