- Latest available (Revised)
- Point in Time (23/05/2018)
- Original (As enacted)
Version Superseded: 25/05/2018
Point in time view as at 23/05/2018. This version of this part contains provisions that are not valid for this point in time.
Data Protection Act 2018, PART 5 is up to date with all changes known to be in force on or before 27 November 2024. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
Changes and effects yet to be applied by the editorial team are only applicable when viewing the latest version or prospective version of legislation. They are therefore not accessible when viewing legislation as at a specific point in time. To view the ‘Changes to Legislation’ information for this provision return to the latest version view using the options provided in the ‘What Version’ box above.
Valid from 25/05/2018
(1)There is to continue to be an Information Commissioner.
(2)Schedule 12 makes provision about the Commissioner.
Valid from 25/05/2018
(1)The Commissioner is to be the supervisory authority in the United Kingdom for the purposes of Article 51 of the GDPR.
(2)General functions are conferred on the Commissioner by—
(a)Article 57 of the GDPR (tasks), and
(b)Article 58 of the GDPR (powers),
(and see also the Commissioner's duty under section 2).
(3)The Commissioner's functions in relation to the processing of personal data to which the GDPR applies include—
(a)a duty to advise Parliament, the government and other institutions and bodies on legislative and administrative measures relating to the protection of individuals' rights and freedoms with regard to the processing of personal data, and
(b)a power to issue, on the Commissioner's own initiative or on request, opinions to Parliament, the government or other institutions and bodies as well as to the public on any issue related to the protection of personal data.
(4)The Commissioner's functions under Article 58 of the GDPR are subject to the safeguards in subsections (5) to (9).
(5)The Commissioner's power under Article 58(1)(a) of the GDPR (power to require a controller or processor to provide information that the Commissioner requires for the performance of the Commissioner's tasks under the GDPR) is exercisable only by giving an information notice under section 142.
(6)The Commissioner's power under Article 58(1)(b) of the GDPR (power to carry out data protection audits) is exercisable only in accordance with section 146.
(7)The Commissioner's powers under Article 58(1)(e) and (f) of the GDPR (power to obtain information from controllers and processors and access to their premises) are exercisable only—
(a)in accordance with Schedule 15 (see section 154), or
(b)to the extent that they are exercised in conjunction with the power under Article 58(1)(b) of the GDPR, in accordance with section 146.
(8)The following powers are exercisable only by giving an enforcement notice under section 149—
(a)the Commissioner's powers under Article 58(2)(c) to (g) and (j) of the GDPR (certain corrective powers);
(b)the Commissioner's powers under Article 58(2)(h) to order a certification body to withdraw, or not to issue, a certification under Articles 42 and 43 of the GDPR.
(9)The Commissioner's powers under Articles 58(2)(i) and 83 of the GDPR (administrative fines) are exercisable only by giving a penalty notice under section 155.
(10)This section is without prejudice to other functions conferred on the Commissioner, whether by the GDPR, this Act or otherwise.
(1)The Commissioner—
(a)is to be the supervisory authority in the United Kingdom for the purposes of Article 41 of the Law Enforcement Directive, and
(b)is to continue to be the designated authority in the United Kingdom for the purposes of Article 13 of the Data Protection Convention.
(2)Schedule 13 confers general functions on the Commissioner in connection with processing to which the GDPR does not apply (and see also the Commissioner's duty under section 2).
(3)This section and Schedule 13 are without prejudice to other functions conferred on the Commissioner, whether by this Act or otherwise.
Nothing in this Act permits or requires the Commissioner to exercise functions in relation to the processing of personal data by—
(a)an individual acting in a judicial capacity, or
(b)a court or tribunal acting in its judicial capacity,
(and see also Article 55(3) of the GDPR).
Valid from 25/05/2018
(1)Articles 60 to 62 of the GDPR confer functions on the Commissioner in relation to co-operation and mutual assistance between, and joint operations of, supervisory authorities under the GDPR.
(2)References to the GDPR in subsection (1) do not include the applied GDPR.
(3)Article 61 of the applied GDPR confers functions on the Commissioner in relation to co-operation with other supervisory authorities (as defined in Article 4(21) of the applied GDPR).
(4)Part 1 of Schedule 14 makes provision as to the functions to be carried out by the Commissioner for the purposes of Article 50 of the Law Enforcement Directive (mutual assistance).
(5)Part 2 of Schedule 14 makes provision as to the functions to be carried out by the Commissioner for the purposes of Article 13 of the Data Protection Convention (co-operation between parties).
(1)The Commissioner may inspect personal data where the inspection is necessary in order to discharge an international obligation of the United Kingdom, subject to the restriction in subsection (2).
(2)The power under subsection (1) is exercisable only if the personal data—
(a)is processed wholly or partly by automated means, or
(b)is processed otherwise than by automated means and forms part of a filing system or is intended to form part of a filing system.
(3)The power under subsection (1) includes power to inspect, operate and test equipment which is used for the processing of personal data.
(4)Before exercising the power under subsection (1), the Commissioner must by written notice inform the controller and any processor that the Commissioner intends to do so.
(5)Subsection (4) does not apply if the Commissioner considers that the case is urgent.
(6)It is an offence—
(a)intentionally to obstruct a person exercising the power under subsection (1), or
(b)to fail without reasonable excuse to give a person exercising that power any assistance the person may reasonably require.
(7)Paragraphs (c) and (d) of section 3(14) do not apply to references in this section to personal data, the processing of personal data, a controller or a processor.
(1)The Commissioner must, in relation to third countries and international organisations, take appropriate steps to—
(a)develop international co-operation mechanisms to facilitate the effective enforcement of legislation for the protection of personal data;
(b)provide international mutual assistance in the enforcement of legislation for the protection of personal data, subject to appropriate safeguards for the protection of personal data and other fundamental rights and freedoms;
(c)engage relevant stakeholders in discussion and activities aimed at furthering international co-operation in the enforcement of legislation for the protection of personal data;
(d)promote the exchange and documentation of legislation and practice for the protection of personal data, including legislation and practice relating to jurisdictional conflicts with third countries.
(2)Subsection (1) applies only in connection with the processing of personal data to which the GDPR does not apply; for the equivalent duty in connection with the processing of personal data to which the GDPR applies, see Article 50 of the GDPR (international co-operation for the protection of personal data).
(3)The Commissioner must carry out data protection functions which the Secretary of State directs the Commissioner to carry out for the purpose of enabling Her Majesty's Government in the United Kingdom to give effect to an international obligation of the United Kingdom.
(4)The Commissioner may provide an authority carrying out data protection functions under the law of a British overseas territory with assistance in carrying out those functions.
(5)The Secretary of State may direct that assistance under subsection (4) is to be provided on terms, including terms as to payment, specified or approved by the Secretary of State.
(6)In this section—
“data protection functions” means functions relating to the protection of individuals with respect to the processing of personal data;
“mutual assistance in the enforcement of legislation for the protection of personal data” includes assistance in the form of notification, complaint referral, investigative assistance and information exchange;
“third country” means a country or territory that is not a member State.
(7)Section 3(14)(c) does not apply to references to personal data and the processing of personal data in this section.
Valid from 25/05/2018
(1)The Commissioner must prepare a code of practice which contains—
(a)practical guidance in relation to the sharing of personal data in accordance with the requirements of the data protection legislation, and
(b)such other guidance as the Commissioner considers appropriate to promote good practice in the sharing of personal data.
(2)Where a code under this section is in force, the Commissioner may prepare amendments of the code or a replacement code.
(3)Before preparing a code or amendments under this section, the Commissioner must consult the Secretary of State and such of the following as the Commissioner considers appropriate—
(a)trade associations;
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(4)A code under this section may include transitional provision or savings.
(5)In this section—
“good practice in the sharing of personal data” means such practice in the sharing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, including compliance with the requirements of the data protection legislation;
“the sharing of personal data” means the disclosure of personal data by transmission, dissemination or otherwise making it available;
“trade association” includes a body representing controllers or processors.
Valid from 25/05/2018
(1)The Commissioner must prepare a code of practice which contains—
(a)practical guidance in relation to the carrying out of direct marketing in accordance with the requirements of the data protection legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426), and
(b)such other guidance as the Commissioner considers appropriate to promote good practice in direct marketing.
(2)Where a code under this section is in force, the Commissioner may prepare amendments of the code or a replacement code.
(3)Before preparing a code or amendments under this section, the Commissioner must consult the Secretary of State and such of the following as the Commissioner considers appropriate—
(a)trade associations;
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(4)A code under this section may include transitional provision or savings.
(5)In this section—
“direct marketing” means the communication (by whatever means) of advertising or marketing material which is directed to particular individuals;
“good practice in direct marketing” means such practice in direct marketing as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, including compliance with the requirements mentioned in subsection (1)(a);
“trade association” includes a body representing controllers or processors.
Valid from 23/07/2018
(1)The Commissioner must prepare a code of practice which contains such guidance as the Commissioner considers appropriate on standards of age-appropriate design of relevant information society services which are likely to be accessed by children.
(2)Where a code under this section is in force, the Commissioner may prepare amendments of the code or a replacement code.
(3)Before preparing a code or amendments under this section, the Commissioner must consult the Secretary of State and such other persons as the Commissioner considers appropriate, including—
(a)children,
(b)parents,
(c)persons who appear to the Commissioner to represent the interests of children,
(d)child development experts, and
(e)trade associations.
(4)In preparing a code or amendments under this section, the Commissioner must have regard—
(a)to the fact that children have different needs at different ages, and
(b)to the United Kingdom's obligations under the United Nations Convention on the Rights of the Child.
(5)A code under this section may include transitional provision or savings.
(6)Any transitional provision included in the first code under this section must cease to have effect before the end of the period of 12 months beginning when the code comes into force.
(7)In this section—
“age-appropriate design” means the design of services so that they are appropriate for use by, and meet the development needs of, children;
“information society services” has the same meaning as in the GDPR, but does not include preventive or counselling services;
“relevant information society services” means information society services which involve the processing of personal data to which the GDPR applies;
“standards of age-appropriate design of relevant information society services” means such standards of age-appropriate design of such services as appear to the Commissioner to be desirable having regard to the best interests of children;
“trade association” includes a body representing controllers or processors;
“the United Nations Convention on the Rights of the Child” means the Convention on the Rights of the Child adopted by the General Assembly of the United Nations on 20 November 1989 (including any Protocols to that Convention which are in force in relation to the United Kingdom), subject to any reservations, objections or interpretative declarations by the United Kingdom for the time being in force.
Valid from 23/07/2018
(1)The Commissioner must prepare a code of practice which contains—
(a)practical guidance in relation to the processing of personal data for the purposes of journalism in accordance with the requirements of the data protection legislation, and
(b)such other guidance as the Commissioner considers appropriate to promote good practice in the processing of personal data for the purposes of journalism.
(2)Where a code under this section is in force, the Commissioner may prepare amendments of the code or a replacement code.
(3)Before preparing a code or amendments under this section, the Commissioner must consult such of the following as the Commissioner considers appropriate—
(a)trade associations;
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(4)A code under this section may include transitional provision or savings.
(5)In this section—
“good practice in the processing of personal data for the purposes of journalism” means such practice in the processing of personal data for those purposes as appears to the Commissioner to be desirable having regard to—
the interests of data subjects and others, including compliance with the requirements of the data protection legislation, and
the special importance of the public interest in the freedom of expression and information;
“trade association” includes a body representing controllers or processors.
Valid from 23/07/2018
(1)When a code is prepared under section 121, 122, 123 or 124—
(a)the Commissioner must submit the final version to the Secretary of State, and
(b)the Secretary of State must lay the code before Parliament.
(2)In relation to the first code under section 123—
(a)the Commissioner must prepare the code as soon as reasonably practicable and must submit it to the Secretary of State before the end of the period of 18 months beginning when this Act is passed, and
(b)the Secretary of State must lay it before Parliament as soon as reasonably practicable.
(3)If, within the 40-day period, either House of Parliament resolves not to approve a code prepared under section 121, 122, 123 or 124, the Commissioner must not issue the code.
(4)If no such resolution is made within that period—
(a)the Commissioner must issue the code, and
(b)the code comes into force at the end of the period of 21 days beginning with the day on which it is issued.
(5)If, as a result of subsection (3), there is no code in force under section 121, 122, 123 or 124, the Commissioner must prepare another version of the code.
(6)Nothing in subsection (3) prevents another version of the code being laid before Parliament.
(7)In this section, “the 40-day period” means—
(a)if the code is laid before both Houses of Parliament on the same day, the period of 40 days beginning with that day, or
(b)if the code is laid before the Houses of Parliament on different days, the period of 40 days beginning with the later of those days.
(8)In calculating the 40-day period, no account is to be taken of any period during which Parliament is dissolved or prorogued or during which both Houses of Parliament are adjourned for more than 4 days.
(9)This section, other than subsections (2) and (5), applies in relation to amendments prepared under section 121, 122, 123 or 124 as it applies in relation to codes prepared under those sections.
Commencement Information
I1S. 125 not in force at Royal Assent; s. 125 in force at 23.7.2018 for specified purposes, see s. 212(3)(b)
Valid from 23/07/2018
(1)The Commissioner must publish a code issued under section 125(4).
(2)Where an amendment of a code is issued under section 125(4), the Commissioner must publish—
(a)the amendment, or
(b)the code as amended by it.
(3)The Commissioner must keep under review each code issued under section 125(4) for the time being in force.
(4)Where the Commissioner becomes aware that the terms of such a code could result in a breach of an international obligation of the United Kingdom, the Commissioner must exercise the power under section 121(2), 122(2), 123(2) or 124(2) with a view to remedying the situation.
Commencement Information
I2S. 126 not in force at Royal Assent; s. 126 in force at 23.7.2018 for specified purposes, see s. 212(3)(b)
Valid from 23/07/2018
(1)A failure by a person to act in accordance with a provision of a code issued under section 125(4) does not of itself make that person liable to legal proceedings in a court or tribunal.
(2)A code issued under section 125(4), including an amendment or replacement code, is admissible in evidence in legal proceedings.
(3)In any proceedings before a court or tribunal, the court or tribunal must take into account a provision of a code issued under section 125(4) in determining a question arising in the proceedings if—
(a)the question relates to a time when the provision was in force, and
(b)the provision appears to the court or tribunal to be relevant to the question.
(4)Where the Commissioner is carrying out a function described in subsection (5), the Commissioner must take into account a provision of a code issued under section 125(4) in determining a question arising in connection with the carrying out of the function if—
(a)the question relates to a time when the provision was in force, and
(b)the provision appears to the Commissioner to be relevant to the question.
(5)Those functions are functions under—
(a)the data protection legislation, or
(b)the Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426).
Commencement Information
I3S. 127 not in force at Royal Assent; s. 127 in force at 23.7.2018 for specified purposes, see s. 212(3)(b)
(1)The Secretary of State may by regulations require the Commissioner—
(a)to prepare appropriate codes of practice giving guidance as to good practice in the processing of personal data, and
(b)to make them available to such persons as the Commissioner considers appropriate.
(2)Before preparing such codes, the Commissioner must consult such of the following as the Commissioner considers appropriate—
(a)trade associations;
(b)data subjects;
(c)persons who appear to the Commissioner to represent the interests of data subjects.
(3)Regulations under this section—
(a)must describe the personal data or processing to which the code of practice is to relate, and
(b)may describe the persons or classes of person to whom it is to relate.
(4)Regulations under this section are subject to the negative resolution procedure.
(5)In this section—
“good practice in the processing of personal data” means such practice in the processing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, including compliance with the requirements of the data protection legislation;
“trade association” includes a body representing controllers or processors.
Commencement Information
I4S. 128 in force at Royal Assent for specified purposes, see s. 212(2)(f)
Valid from 25/05/2018
(1)The Commissioner's functions under Article 58(1) of the GDPR and paragraph 1 of Schedule 13 include power, with the consent of a controller or processor, to carry out an assessment of whether the controller or processor is complying with good practice in the processing of personal data.
(2)The Commissioner must inform the controller or processor of the results of such an assessment.
(3)In this section, “good practice in the processing of personal data” has the same meaning as in section 128.
Valid from 25/05/2018
(1)A Minister of the Crown who issues a certificate under section 27, 79 or 111 must send a copy of the certificate to the Commissioner.
(2)If the Commissioner receives a copy of a certificate under subsection (1), the Commissioner must publish a record of the certificate.
(3)The record must contain—
(a)the name of the Minister who issued the certificate,
(b)the date on which the certificate was issued, and
(c)subject to subsection (4), the text of the certificate.
(4)The Commissioner must not publish the text, or a part of the text, of the certificate if—
(a)the Minister determines that publishing the text or that part of the text—
(i)would be against the interests of national security,
(ii)would be contrary to the public interest, or
(iii)might jeopardise the safety of any person, and
(b)the Minister has notified the Commissioner of that determination.
(5)The Commissioner must keep the record of the certificate available to the public while the certificate is in force.
(6)If a Minister of the Crown revokes a certificate issued under section 27, 79 or 111, the Minister must notify the Commissioner.
Valid from 25/05/2018
(1)No enactment or rule of law prohibiting or restricting the disclosure of information precludes a person from providing the Commissioner with information necessary for the discharge of the Commissioner's functions.
(2)But this section does not authorise the making of a disclosure which is prohibited by any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016.
(3)Until the repeal of Part 1 of the Regulation of Investigatory Powers Act 2000 by paragraphs 45 and 54 of Schedule 10 to the Investigatory Powers Act 2016 is fully in force, subsection (2) has effect as if it included a reference to that Part.
(1)A person who is or has been the Commissioner, or a member of the Commissioner's staff or an agent of the Commissioner, must not disclose information which—
(a)has been obtained by, or provided to, the Commissioner in the course of, or for the purposes of, the discharging of the Commissioner's functions,
(b)relates to an identified or identifiable individual or business, and
(c)is not available to the public from other sources at the time of the disclosure and has not previously been available to the public from other sources,
unless the disclosure is made with lawful authority.
(2)For the purposes of subsection (1), a disclosure is made with lawful authority only if and to the extent that—
(a)the disclosure was made with the consent of the individual or of the person for the time being carrying on the business,
(b)the information was obtained or provided as described in subsection (1)(a) for the purpose of its being made available to the public (in whatever manner),
(c)the disclosure was made for the purposes of, and is necessary for, the discharge of one or more of the Commissioner's functions,
(d)the disclosure was made for the purposes of, and is necessary for, the discharge of an EU obligation,
(e)the disclosure was made for the purposes of criminal or civil proceedings, however arising, or
(f)having regard to the rights, freedoms and legitimate interests of any person, the disclosure was necessary in the public interest.
(3)It is an offence for a person knowingly or recklessly to disclose information in contravention of subsection (1).
(1)The Commissioner must produce and publish guidance about—
(a)how the Commissioner proposes to secure that privileged communications which the Commissioner obtains or has access to in the course of carrying out the Commissioner's functions are used or disclosed only so far as necessary for carrying out those functions, and
(b)how the Commissioner proposes to comply with restrictions and prohibitions on obtaining or having access to privileged communications which are imposed by an enactment.
(2)The Commissioner—
(a)may alter or replace the guidance, and
(b)must publish any altered or replacement guidance.
(3)The Commissioner must consult the Secretary of State before publishing guidance under this section (including altered or replacement guidance).
(4)The Commissioner must arrange for guidance under this section (including altered or replacement guidance) to be laid before Parliament.
(5)In this section, “privileged communications” means—
(a)communications made—
(i)between a professional legal adviser and the adviser's client, and
(ii)in connection with the giving of legal advice to the client with respect to legal obligations, liabilities or rights, and
(b)communications made—
(i)between a professional legal adviser and the adviser's client or between such an adviser or client and another person,
(ii)in connection with or in contemplation of legal proceedings, and
(iii)for the purposes of such proceedings.
(6)In subsection (5)—
(a)references to the client of a professional legal adviser include references to a person acting on behalf of the client, and
(b)references to a communication include—
(i)a copy or other record of the communication, and
(ii)anything enclosed with or referred to in the communication if made as described in subsection (5)(a)(ii) or in subsection (5)(b)(ii) and (iii).
Valid from 25/05/2018
The Commissioner may require a person other than a data subject or a data protection officer to pay a reasonable fee for a service provided to the person, or at the person's request, which the Commissioner is required or authorised to provide under the data protection legislation.
(1)Where a request to the Commissioner from a data subject or a data protection officer is manifestly unfounded or excessive, the Commissioner may—
(a)charge a reasonable fee for dealing with the request, or
(b)refuse to act on the request.
(2)An example of a request that may be excessive is one that merely repeats the substance of previous requests.
(3)In any proceedings where there is an issue as to whether a request described in subsection (1) is manifestly unfounded or excessive, it is for the Commissioner to show that it is.
(4)Subsections (1) and (3) apply only in cases in which the Commissioner does not already have such powers and obligations under Article 57(4) of the GDPR.
(1)The Commissioner must produce and publish guidance about the fees the Commissioner proposes to charge in accordance with—
(a)section 134 or 135, or
(b)Article 57(4) of the GDPR.
(2)Before publishing the guidance, the Commissioner must consult the Secretary of State.
(1)The Secretary of State may by regulations require controllers to pay charges of an amount specified in the regulations to the Commissioner.
(2)Regulations under subsection (1) may require a controller to pay a charge regardless of whether the Commissioner has provided, or proposes to provide, a service to the controller.
(3)Regulations under subsection (1) may—
(a)make provision about the time or times at which, or period or periods within which, a charge must be paid;
(b)make provision for cases in which a discounted charge is payable;
(c)make provision for cases in which no charge is payable;
(d)make provision for cases in which a charge which has been paid is to be refunded.
(4)In making regulations under subsection (1), the Secretary of State must have regard to the desirability of securing that the charges payable to the Commissioner under such regulations are sufficient to offset—
(a)expenses incurred by the Commissioner in discharging the Commissioner's functions—
(i)under the data protection legislation,
(ii)under the Data Protection Act 1998,
(iii)under or by virtue of sections 108 and 109 of the Digital Economy Act 2017, and
(iv)under or by virtue of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426),
(b)any expenses of the Secretary of State in respect of the Commissioner so far as attributable to those functions,
(c)to the extent that the Secretary of State considers appropriate, any deficit previously incurred (whether before or after the passing of this Act) in respect of the expenses mentioned in paragraph (a), and
(d)to the extent that the Secretary of State considers appropriate, expenses incurred by the Secretary of State in respect of the inclusion of any officers or staff of the Commissioner in any scheme under section 1 of the Superannuation Act 1972 or section 1 of the Public Service Pensions Act 2013.
(5)The Secretary of State may from time to time require the Commissioner to provide information about the expenses referred to in subsection (4)(a).
(6)The Secretary of State may by regulations make provision—
(a)requiring a controller to provide information to the Commissioner, or
(b)enabling the Commissioner to require a controller to provide information to the Commissioner,
for either or both of the purposes mentioned in subsection (7).
(7)Those purposes are—
(a)determining whether a charge is payable by the controller under regulations under subsection (1);
(b)determining the amount of a charge payable by the controller.
(8)The provision that may be made under subsection (6)(a) includes provision requiring a controller to notify the Commissioner of a change in the controller's circumstances of a kind specified in the regulations.
Commencement Information
I5S. 137 in force at Royal Assent for specified purposes, see s. 212(2)(f)
(1)Before making regulations under section 137(1) or (6), the Secretary of State must consult such representatives of persons likely to be affected by the regulations as the Secretary of State thinks appropriate (and see also section 182).
(2)The Commissioner—
(a)must keep under review the working of regulations under section 137(1) or (6), and
(b)may from time to time submit proposals to the Secretary of State for amendments to be made to the regulations.
(3)The Secretary of State must review the working of regulations under section 137(1) or (6)—
(a)at the end of the period of 5 years beginning with the making of the first set of regulations under section 108 of the Digital Economy Act 2017, and
(b)at the end of each subsequent 5 year period.
(4)Regulations under section 137(1) are subject to the negative resolution procedure if—
(a)they only make provision increasing a charge for which provision is made by previous regulations under section 137(1) or section 108(1) of the Digital Economy Act 2017, and
(b)they do so to take account of an increase in the retail prices index since the previous regulations were made.
(5)Subject to subsection (4), regulations under section 137(1) or (6) are subject to the affirmative resolution procedure.
(6)In subsection (4), “the retail prices index” means—
(a)the general index of retail prices (for all items) published by the Statistics Board, or
(b)where that index is not published for a month, any substitute index or figures published by the Board.
(7)Regulations under section 137(1) or (6) may not apply to—
(a)Her Majesty in her private capacity,
(b)Her Majesty in right of the Duchy of Lancaster, or
(c)the Duke of Cornwall.
Commencement Information
I6S. 138 in force at Royal Assent for specified purposes, see s. 212(2)(f)
Valid from 25/05/2018
(1)The Commissioner must—
(a)produce a general report on the carrying out of the Commissioner's functions annually,
(b)arrange for it to be laid before Parliament, and
(c)publish it.
(2)The report must include the annual report required under Article 59 of the GDPR.
(3)The Commissioner may produce other reports relating to the carrying out of the Commissioner's functions and arrange for them to be laid before Parliament.
A duty under this Act for the Commissioner to publish a document is a duty for the Commissioner to publish it, or to arrange for it to be published, in such form and manner as the Commissioner considers appropriate.
(1)This section applies in relation to a notice authorised or required by this Act to be given to a person by the Commissioner.
(2)The notice may be given to an individual—
(a)by delivering it to the individual,
(b)by sending it to the individual by post addressed to the individual at his or her usual or last-known place of residence or business, or
(c)by leaving it for the individual at that place.
(3)The notice may be given to a body corporate or unincorporate—
(a)by sending it by post to the proper officer of the body at its principal office, or
(b)by addressing it to the proper officer of the body and leaving it at that office.
(4)The notice may be given to a partnership in Scotland—
(a)by sending it by post to the principal office of the partnership, or
(b)by addressing it to that partnership and leaving it at that office.
(5)The notice may be given to the person by other means, including by electronic means, with the person's consent.
(6)In this section—
“principal office”, in relation to a registered company, means its registered office;
“proper officer”, in relation to any body, means the secretary or other executive officer charged with the conduct of its general affairs;
“registered company” means a company registered under the enactments relating to companies for the time being in force in the United Kingdom.
(7)This section is without prejudice to any other lawful method of giving a notice.
The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download.
Would you like to continue?
The Whole Act you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Whole Act without Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made): The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Text created by the government department responsible for the subject matter of the Act to explain what the Act sets out to achieve and to make the Act accessible to readers who are not legally qualified. Explanatory Notes were introduced in 1999 and accompany all Public Acts except Appropriation, Consolidated Fund, Finance and Consolidation Acts.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
This timeline shows the different points in time where a change occurred. The dates will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. The first date in the timeline will usually be the earliest date when the provision came into force. In some cases the first date is 01/02/1991 (or for Northern Ireland legislation 01/01/2006). This date is our basedate. No versions before this date are available. For further information see the Editorial Practice Guide and Glossary under Help.
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: