Data Protection Act 1998

  1. Introductory Text

  2. Part I Preliminary

    1. 1. Basic interpretative provisions.

    2. 2. Sensitive personal data.

    3. 3. The special purposes.

    4. 4. The data protection principles.

    5. 5. Application of Act.

    6. 6. The Commissioner . . . .

  3. Part II Rights of data subjects and others

    1. 7. Right of access to personal data.

    2. 8. Provisions supplementary to section 7.

    3. 9. Application of section 7 where data controller is credit reference agency.

    4. 9A. Unstructured personal data held by public authorities.

    5. 10. Right to prevent processing likely to cause damage or distress.

    6. 11. Right to prevent processing for purposes of direct marketing.

    7. 12. Rights in relation to automated decision-taking.

    8. 12A. Rights of data subjects in relation to exempt manual data.

    9. 13. Compensation for failure to comply with certain requirements.

    10. 14. Rectification, blocking, erasure and destruction.

    11. 15. Jurisdiction and procedure.

  4. Part III Notification by data controllers

    1. 16. Preliminary.

    2. 17. Prohibition on processing without registration.

    3. 18. Notification by data controllers.

    4. 19. Register of notifications.

    5. 20. Duty to notify changes.

    6. 21. Offences.

    7. 22. Preliminary assessment by Commissioner.

    8. 23. Power to make provision for appointment of data protection supervisors.

    9. 24. Duty of certain data controllers to make certain information available.

    10. 25. Functions of Commissioner in relation to making of notification regulations.

    11. 26. Fees regulations.

  5. Part IV Exemptions

    1. 27. Preliminary.

    2. 28. National security.

    3. 29. Crime and taxation.

    4. 30. Health, education and social work.

    5. 31. Regulatory activity.

    6. 32. Journalism, literature and art.

    7. 33. Research, history and statistics.

    8. 33A. Manual data held by public authorities.

    9. 34. Information available to the public by or under enactment.

    10. 35. Disclosures required by law or made in connection with legal proceedings etc.

    11. 35A. Parliamentary privilege.

    12. 36. Domestic purposes.

    13. 37. Miscellaneous exemptions.

    14. 38. Powers to make further exemptions by order.

    15. 39. Transitional relief.

  6. Part V Enforcement

    1. 40. Enforcement notices.

    2. 41. Cancellation of enforcement notice.

    3. 41A.Assessment notices

    4. 41B.Assessment notices: limitations

    5. 41C.Code of practice about assessment notices

    6. 42. Request for assessment.

    7. 43. Information notices.

    8. 44. Special information notices.

    9. 45. Determination by Commissioner as to the special purposes.

    10. 46. Restriction on enforcement in case of processing for the special purposes.

    11. 47. Failure to comply with notice.

    12. 48. Rights of appeal.

    13. 49. Determination of appeals.

    14. 50. Powers of entry and inspection.

  7. Part VI Miscellaneous and General

    1. Functions of Commissioner

      1. 51. General duties of Commissioner.

      2. 52. Reports and codes of practice to be laid before Parliament.

      3. 52A.Data-sharing code

      4. 52AA.Direct marketing code

      5. 52B. data-sharing and direct marketing codes: procedure

      6. 52C.Alteration or replacement of data-sharing and direct marketing codes

      7. 52D.Publication of data-sharing and direct marketing codes

      8. 52E.Effect of data-sharing and direct marketing codes

      9. 53. Assistance by Commissioner in cases involving processing for the special purposes.

      10. 54. International co-operation.

      11. 54A.Inspection of overseas information systems

    2. Unlawful obtaining et ceteralaetc. of personal data

      1. 55. Unlawful obtaining etc. of personal data.

    3. Monetary penalties

      1. 55A.Power of Commissioner to impose monetary penalty

      2. 55B.Monetary penalty notices: procedural rights

      3. 55C.Guidance about monetary penalty notices

      4. 55D.Monetary penalty notices: enforcement

      5. 55E.Notices under sections 55A and 55B: supplemental

    4. Records obtained under data subject’s right of access

      1. 56. Prohibition of requirement as to production of certain records.

      2. 57. Avoidance of certain contractual terms relating to health records.

    5. Information provided to Commissioner or Tribunal

      1. 58. Disclosure of information.

      2. 59. Confidentiality of information.

    6. General provisions relating to offences

      1. 60. Prosecutions and penalties.

      2. 61. Liability of directors etc.

    7. Amendments of Consumer Credit Act 1974

      1. 62. Amendments of Consumer Credit Act 1974.

    8. General

      1. 63. Application to Crown.

      2. 63A. Application to Parliament.

      3. 64. Transmission of notices etc. by electronic or other means.

      4. 65. Service of notices by Commissioner.

      5. 66. Exercise of rights in Scotland by children.

      6. 67. Orders, regulations and rules.

      7. 68. Meaning of “accessible record”.

      8. 69. Meaning of “health professional”.

      9. 70. Supplementary definitions.

      10. 71. Index of defined expressions.

      11. 72. Modifications of Act.

      12. 73. Transitional provisions and savings.

      13. 74. Minor and consequential amendments and repeals and revocations.

      14. 75. Short title, commencement and extent.

  8. SCHEDULES

    1. SCHEDULE 1

      The data protection principles

      1. Part I The principles

        1. 1.Personal data shall be processed fairly and lawfully and, in...

        2. 2.Personal data shall be obtained only for one or more...

        3. 3.Personal data shall be adequate, relevant and not excessive in...

        4. 4.Personal data shall be accurate and, where necessary, kept up...

        5. 5.Personal data processed for any purpose or purposes shall not...

        6. 6.Personal data shall be processed in accordance with the rights...

        7. 7.Appropriate technical and organisational measures shall be taken against unauthorised...

        8. 8.Personal data shall not be transferred to a country or...

      2. Part II Interpretation of the principles in Part I

        1. The first principle

          1. 1.(1) In determining for the purposes of the first principle...

          2. 2.(1) Subject to paragraph 3, for the purposes of the...

          3. 3.(1) Paragraph 2(1)(b) does not apply where either of the...

          4. 4.(1) Personal data which contain a general identifier falling within...

        2. The second principle

          1. 5.The purpose or purposes for which personal data are obtained...

          2. 6.In determining whether any disclosure of personal data is compatible...

        3. The fourth principle

          1. 7.The fourth principle is not to be regarded as being...

        4. The sixth principle

          1. 8.A person is to be regarded as contravening the sixth...

        5. The seventh principle

          1. 9.Having regard to the state of technological development and the...

          2. 10.The data controller must take reasonable steps to ensure the...

          3. 11.Where processing of personal data is carried out by a...

          4. 12.Where processing of personal data is carried out by a...

        6. The eighth principle

          1. 13.An adequate level of protection is one which is adequate...

          2. 14.The eighth principle does not apply to a transfer falling...

          3. 15.(1) Where— (a) in any proceedings under this Act any...

    2. SCHEDULE 2

      Conditions relevant for purposes of the first principle: processing of any personal data

      1. 1.The data subject has given his consent to the processing....

      2. 2.The processing is necessary— (a) for the performance of a...

      3. 3.The processing is necessary for compliance with any legal obligation...

      4. 4.The processing is necessary in order to protect the vital...

      5. 5.The processing is necessary— (a) for the administration of justice,...

      6. 6.(1) The processing is necessary for the purposes of legitimate...

      7. 7.The processing is necessary for the purposes of making a...

    3. SCHEDULE 3

      Conditions relevant for purposes of the first principle: processing of sensitive personal data

      1. 1.The data subject has given his explicit consent to the...

      2. 2.(1) The processing is necessary for the purposes of exercising...

      3. 3.The processing is necessary— (a) in order to protect the...

      4. 4.The processing— (a) is carried out in the course of...

      5. 5.The information contained in the personal data has been made...

      6. 6.The processing— (a) is necessary for the purpose of, or...

      7. 7.(1) The processing is necessary— (a) for the administration of...

      8. 7A.(1) The processing— (a) is either— (i) the disclosure of...

      9. 7B.The processing is necessary for the purposes of making a...

      10. 8.(1) The processing is necessary for medical purposes and is...

      11. 9.(1) The processing— (a) is of sensitive personal data consisting...

      12. 10.The personal data are processed in circumstances specified in an...

    4. SCHEDULE 4

      Cases where the eighth principle does not apply

      1. 1.The data subject has given his consent to the transfer....

      2. 2.The transfer is necessary— (a) for the performance of a...

      3. 3.The transfer is necessary— (a) for the conclusion of a...

      4. 4.(1) The transfer is necessary for reasons of substantial public...

      5. 5.The transfer— (a) is necessary for the purpose of, or...

      6. 6.The transfer is necessary in order to protect the vital...

      7. 7.The transfer is of part of the personal data on...

      8. 8.The transfer is made on terms which are of a...

      9. 9.The transfer has been authorised by the Commissioner as being...

    5. SCHEDULE 5

      The Data Protection Commissioner . . .

      1. Part I The Commissioner

        1. Status and capacity

          1. 1.(1) The corporation sole by the name of the Data...

        2. Tenure of office and appointment

          1. 2.(1) Subject to the provisions of this paragraph, the Commissioner...

        3. Salary et ceteralaetc.

          1. 3.(1) There shall be paid— (a) to the Commissioner such...

        4. Officers and staff

          1. 4.(1) The Commissioner— (a) shall appoint a deputy commissioner or...

          2. 5.(1) The deputy commissioner or deputy commissioners shall perform the...

        5. Authentication of seal of the Commissioner

          1. 6.The application of the seal of the Commissioner shall be...

        6. Presumption of authenticity of documents issued by the Commissioner

          1. 7.Any document purporting to be an instrument issued by the...

        7. Money

          1. 8.The Secretary of State may make payments to the Commissioner...

          2. 9.(1) All fees and other sums received by the Commissioner...

        8. Accounts

          1. 10.(1) It shall be the duty of the Commissioner—

        9. Application of Part I in Scotland

          1. 11.Paragraphs 1(1), 6 and 7 do not extend to Scotland....

      2. Part II The Tribunal

        1. Tenure of office

          1. 12.(1) Subject to the following provisions of this paragraph, a...

        2. Salary et ceteralaetc.

          1. 13.The Secretary of State shall pay to the members of...

        3. Officers and staff

          1. 14.The Secretary of State may provide the Tribunal with such...

        4. Expenses

          1. 15.Such expenses of the Tribunal as the Secretary of State...

      3. Part III

        1. 16.Any reference in any enactment, instrument or other document to...

        2. 17.Any reference in this Act or in any instrument under...

    6. SCHEDULE 6

      Appeal proceedings

      1. Hearing of appeals

        1. 1.For the purpose of hearing and determining appeals or any...

      2. Constitution of Tribunal in national security cases

        1. 2.(1) The Lord Chancellor shall from time to time designate,...

        2. 3.(1) The Tribunal shall be duly constituted—

      3. Constitution of Tribunal in other cases

        1. 4.(1) Subject to any rules made under paragraph 7, the...

      4. Determination of questions by full Tribunal

        1. 5.The determination of any question before the Tribunal when constituted...

      5. Ex parte proceedings

        1. 6.(1) Subject to any rules made under paragraph 7, the...

      6. Tribunal Procedure Rules

        1. 7.(1) Tribunal Procedure Rules may make provision for regulating the...

      7. Obstruction et ceteralaetc.

        1. 8.(1) If any person is guilty of any act or...

    7. SCHEDULE 7

      Miscellaneous exemptions

      1. Confidential references given by the data controller

        1. 1.Personal data are exempt from section 7 if they consist...

      2. Armed forces

        1. 2.Personal data are exempt from the subject information provisions in...

      3. Judicial appointments and honours

        1. 3.Personal data processed for the purposes of—

      4. Crown employment and Crown or Ministerial appointments

        1. 4.(1) The Secretary of State may by order exempt from...

      5. Management forecasts et ceteralaetc.

        1. 5.Personal data processed for the purposes of management forecasting or...

      6. Corporate finance

        1. 6.(1) Where personal data are processed for the purposes of,...

      7. Negotiations

        1. 7.Personal data which consist of records of the intentions of...

      8. Examination marks

        1. 8.(1) Section 7 shall have effect subject to the provisions...

      9. Examination scripts et ceteralaetc.

        1. 9.(1) Personal data consisting of information recorded by candidates during...

      10. Legal professional privilege

        1. 10.Personal data are exempt from the subject information provisions if...

      11. Self-incrimination

        1. 11.(1) A person need not comply with any request or...

    8. SCHEDULE 8

      Transitional relief

      1. Part I Interpretation of Schedule

        1. 1.(1) For the purposes of this Schedule, personal data are...

      2. Part II Exemptions available before 24th October 2001

        1. Manual data

          1. 2.(1) Eligible manual data, other than data forming part of...

          2. 3.(1) This paragraph applies to— (a) eligible manual data forming...

          3. 4.(1) This paragraph applies to eligible manual data which consist...

        2. Processing otherwise than by reference to the data subject

          1. 5.During the first transitional period, for the purposes of this...

        3. Payrolls and accounts

          1. 6.(1) Subject to sub-paragraph (2), eligible automated data processed by...

        4. Unincorporated members’ clubs and mailing lists

          1. 7.Eligible automated data processed by an unincorporated members’ club and...

          2. 8.Eligible automated data processed by a data controller only for...

          3. 9.Neither paragraph 7 nor paragraph 8 applies to personal data...

          4. 10.It shall be a condition of the exemption of any...

          5. 11.Data to which paragraph 10 applies may be disclosed—

        5. Back-up data

          1. 12.Eligible automated data which are processed only for the purpose...

        6. Exemption of all eligible automated data from certain requirements

          1. 13.(1) During the first transitional period, eligible automated data are...

      3. Part III Exemptions available after 23rd October 2001 but before 24th October 2007

        1. 14.(1) This paragraph applies to— (a) eligible manual data which...

        2. 14A.(1) This paragraph applies to personal data which fall within...

      4. Part IV Exemptions after 23rd October 2001 for historical research

        1. 15.In this Part of this Schedule “the relevant conditions” has...

        2. 16.(1) Eligible manual data which are processed only for the...

        3. 17.(1) After 23rd October 2001 eligible automated data which are...

        4. 18.For the purposes of this Part of this Schedule personal...

      5. Part V Exemption from section 22

        1. 19.Processing which was already under way immediately before 24th October...

    9. SCHEDULE 9

      Powers of entry and inspection

      1. Issue of warrants

        1. 1.(1) If a circuit judge or a District Judge (Magistrates'...

        2. 2.(1) A judge shall not issue a warrant under this...

        3. 3.A judge who issues a warrant under this Schedule shall...

      2. Execution of warrants

        1. 4.A person executing a warrant issued under this Schedule may...

        2. 5.A warrant issued under this Schedule shall be executed at...

        3. 6.If the person who occupies the premises in respect of...

        4. 7.(1) A person seizing anything in pursuance of a warrant...

      3. Matters exempt from inspection and seizure

        1. 8.The powers of inspection and seizure conferred by a warrant...

        2. 9.(1) Subject to the provisions of this paragraph, the powers...

        3. 10.If the person in occupation of any premises in respect...

      4. Return of warrants

        1. 11.A warrant issued under this Schedule shall be returned to...

      5. Offences

        1. 12.Any person who— (a) intentionally obstructs a person in the...

      6. Vessels, vehicles et ceteralaetc.

        1. 13.In this Schedule “premises” includes any vessel, vehicle, aircraft or...

      7. Scotland and Northern Ireland

        1. 14.In the application of this Schedule to Scotland—

        2. 15.In the application of this Schedule to Northern Ireland—

      8. Self-incrimination

        1. 16.An explanation given, or information provided, by a person in...

    10. SCHEDULE 10

      Further provisions relating to assistance under section 53

      1. 1.In this Schedule “applicant” and “proceedings” have the same meaning...

      2. 2.The assistance provided under section 53 may include the making...

      3. 3.Where assistance is provided with respect to the conduct of...

      4. 4.Where the Commissioner provides assistance in relation to any proceedings,...

      5. 5.In England and Wales or Northern Ireland, the recovery of...

      6. 6.In Scotland, the recovery of such expenses (as taxed or...

    11. SCHEDULE 11

      Educational records

      1. Meaning of “educational record”

        1. 1.For the purposes of section 68 “educational record” means any...

      2. England and Wales

        1. 2.This paragraph applies to any record of information which—

        2. 3.The schools referred to in paragraph 2(a) are—

        3. 4.The persons referred to in paragraph 2(c) are—

        4. 4A.In paragraphs 3 and 4 “ local authority ” has...

      3. Scotland

        1. 5.This paragraph applies to any record of information which is...

        2. 6.For the purposes of paragraph 5— (a) “education authority” means...

      4. Northern Ireland

        1. 7.(1) This paragraph applies to any record of information which—...

        2. 8.The persons referred to in paragraph 7(1) are—

      5. England and Wales: transitory provisions

        1. 9.(1) Until the appointed day within the meaning of section...

    12. SCHEDULE 12

      Accessible public records

      1. Meaning of “accessible public record”

        1. 1.For the purposes of section 68 “accessible public record” means...

      2. Housing and social services records: England and Wales

        1. 2.The following is the Table referred to in paragraph 1(a)....

        2. 3.(1) The following provisions apply for the interpretation of the...

      3. Housing and social services records: Scotland

        1. 4.The following is the Table referred to in paragraph 1(b)....

        2. 5.(1) The following provisions apply for the interpretation of the...

      4. Housing and social services records: Northern Ireland

        1. 6.The following is the Table referred to in paragraph 1(c)....

        2. 7.(1) This paragraph applies for the interpretation of the Table...

    13. SCHEDULE 13

      Modifications of Act having effect before 24th October 2007

      1. 1.After section 12 there is inserted— Rights of data subjects...

      2. 2.In section 32— (a) in subsection (2) after “section 12”...

      3. 3.In section 34 for “section 14(1) to (3)” there is...

      4. 4.In section 53(1) after “12(8)” there is inserted “ ,...

      5. 5.In paragraph 8 of Part II of Schedule 1, the...

    14. SCHEDULE 14

      Transitional provisions and savings

      1. Interpretation

        1. 1.In this Schedule— “the 1984 Act” means the Data Protection...

      2. Effect of registration under Part II of 1984 Act

        1. 2.(1) Subject to sub-paragraphs (4) and (5) any person who,...

      3. Rights of data subjects

        1. 3.(1) The repeal of section 21 of the 1984 Act...

        2. 4.The repeal of section 22 of the 1984 Act (compensation...

        3. 5.The repeal of section 24 of the 1984 Act (rectification...

        4. 6.Subsection (3)(b) of section 14 does not apply where the...

      4. Enforcement and transfer prohibition notices served under Part V of 1984 Act

        1. 7.(1) If, immediately before the commencement of section 40—

        2. 8.(1) If, immediately before the commencement of section 40—

      5. Notices under new law relating to matters in relation to which 1984 Act had effect

        1. 9.The Commissioner may serve an enforcement notice under section 40...

        2. 10.Subsection (5)(b) of section 40 does not apply where the...

        3. 11.The Commissioner may serve an information notice under section 43...

        4. 12.Where by virtue of paragraph 11 an information notice is...

      6. Self-incrimination, et ceteralaetc.

        1. 13.(1) In section 43(8), section 44(9) and paragraph 11 of...

      7. Warrants issued under 1984 Act

        1. 14.The repeal of Schedule 4 to the 1984 Act does...

      8. Complaints under section 36(2) of 1984 Act and requests for assessment under section 42

        1. 15.The repeal of section 36(2) of the 1984 Act does...

        2. 16.In dealing with a complaint under section 36(2) of the...

      9. Applications under Access to Health Records Act 1990 or corresponding Northern Ireland legislation

        1. 17.(1) The repeal of any provision of the Access to...

        2. 18.(1) The revocation of any provision of the Access to...

      10. Applications under regulations under Access to Personal Files Act 1987 or corresponding Northern Ireland legislation

        1. 19.(1) The repeal of the personal files enactments does not...

      11. Applications under section 158 of Consumer Credit Act 1974

        1. 20.Section 62 does not affect the application of section 158...

    15. SCHEDULE 15

      Minor and consequential amendments

      1. Public Records Act 1958 (c. 51)

        1. 1.(1) In Part II of the Table in paragraph 3...

      2. Parliamentary Commissioner Act 1967 (c. 13)

        1. 2.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

        2. 3.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

      3. Superannuation Act 1972 (c. 11)

        1. 4.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

      4. House of Commons Disqualification Act 1975 (c. 24)

        1. 5.(1) Part II of Schedule 1 to the House of...

      5. Northern Ireland Assembly Disqualification Act 1975 (c. 25)

        1. 6.(1) Part II of Schedule 1 to the Northern Ireland...

      6. Representation of the People Act 1983 (c. 2)

        1. 7.In Schedule 2 of the Representation of the People Act...

      7. Access to Medical Reports Act 1988 (c. 28)

        1. 8.In section 2(1) of the Access to Medical Reports Act...

      8. Football Spectators Act 1989 (c. 37)

        1. 9.(1) Section 5 of the Football Spectators Act 1989 (national...

      9. Education (Student Loans) Act 1990 (c. 6)

        1. 10.Schedule 2 to the Education (Student Loans) Act 1990 (loans...

      10. Access to Health Records Act 1990 (c. 23)

        1. 11.For section 2 of the Access to Health Records Act...

        2. 12.In section 3(4) of that Act (cases where fee may...

        3. 13.In section 5(3) of that Act (cases where right of...

      11. Access to Personal Files and Medical Reports (Northern Ireland) Order 1991 (1991/1707 (N.I. 14))

        1. 14.In Article 4 of the Access to Personal Files and...

        2. 15.In Article 6(1) of that Order (interpretation), in the definition...

      12. Tribunals and Inquiries Act 1992 (c. 53)

        1. 16.In Part 1 of Schedule 1 to the Tribunals and...

      13. Access to Health Records (Northern Ireland) Order 1993 (1993/1250 (N.I. 4))

        1. 17.For paragraphs (1) and (2) of Article 4 of the...

        2. 18.In Article 5(4) of that Order (cases where fee may...

        3. 19.In Article 7 of that Order (cases where right of...

    16. SCHEDULE 16

      Repeals and revocations

      1. Part I Repeals

        1. . . . . . . . . . ....

      2. Part II Revocations

        1. . . . . . . . . . ....