xmlns:atom="http://www.w3.org/2005/Atom"
(1)This Act binds the Crown.
(2)For the purposes of the GDPR and this Act, each government department is to be treated as a person separate from the other government departments (to the extent that is not already the case).
(3)Where government departments are not able to enter into contracts with each other, a provision of the GDPR or this Act that would require relations between them to be governed by a contract (or other binding legal act) in writing is to be treated as satisfied if the relations are the subject of a memorandum of understanding between them.
(4)Where the purposes for which and the manner in which personal data is, or is to be, processed are determined by a person acting on behalf of the Royal Household, the Duchy of Lancaster or the Duchy of Cornwall, the controller in respect of that data for the purposes of the GDPR and this Act is—
(a)in relation to the Royal Household, the Keeper of the Privy Purse,
(b)in relation to the Duchy of Lancaster, such person as the Chancellor of the Duchy appoints, and
(c)in relation to the Duchy of Cornwall, such person as the Duke of Cornwall, or the possessor for the time being of the Duchy of Cornwall, appoints.
(5)Different persons may be appointed under subsection (4)(b) or (c) for different purposes.
(6)As regards criminal liability—
(a)a government department is not liable to prosecution under this Act;
(b)nothing in subsection (4) makes a person who is a controller by virtue of that subsection liable to prosecution under this Act;
(c)a person in the service of the Crown is liable to prosecution under the provisions of this Act listed in subsection (7).
(7)Those provisions are—
(a)section 119;
(b)section 170;
(c)section 171;
(d)section 173;
(e)paragraph 15 of Schedule 15.