Legal Services – Data Protection
The Data Protection Act puts in place a framework for the protection of personal data, balancing the privacy rights of individuals with the legitimate needs of organisations to make use of such data. It ensures respect for individuals’ rights to privacy and keeps their personal information secure from abuse.
On 25 January 2012, the European Commission published proposals for a new EU data protection legal framework – click here for more details. The UK is seeking your views on the current burdens stemming from data protection regulations to help ensure that the new EU legislation – at the same time as ensuring personal data is protected – does not overburden businesses or other organisations.
You can find all regulations that relate to data protection below to the left. Please note that this theme will close for comment on 5 July 2012.
Go back to the Legal Sevices theme landing page by clicking here.
|
The Data Protection (Subject Access Modification) (Social Work) (Amendment) Order 2011 Provides exemptions to the obligation under the Data Protection Act for organisations to tell people about the processing of their data. Read More… (opens in a new window)
|
|
The Data Protection (Subject Access Modification)(Education) Order 2000 Exemption from the Data Protection Act which applies to certain education records where the exercise of subject access rights would be likely to cause serious harm to the physical or mental health or condition of the data subject or another person. Read More… (opens in a new window)
|
|
The Data Protection (Monetary Penalties) (Maximum Penalty and Notices) Regulations 2010 The Regulations make provision for the Civil Monetary Penalties and notices of intent that the Information Commissioner may serve under the Data Protection Act for the most serious breaches of the Data Protection Act’s principles. They also set the maximum penalty and prescribe the information that must be contained within a notice of intent and monetary penalty notice. Read More… (opens in a new window)
|
|
The Data Protection (Miscellaneous Subject Access Exemptions) (Amendment) Order 2000 Exempts certain personal data from being disclosed in response to a subject access request in order to safeguard the interests of the data subject himself or the rights and freedoms of another individual. Read More… (opens in a new window)
|
|
The Data Protection (Processing of Sensitive Personal Data) Order 2006 Specifies that information about a criminal conviction or caution may be processed for the purpose of administering an account relating to the payment card used in the commission of certain offences relating to indecent images of children. Read More… (opens in a new window)
|
|
The Data Protection (Subject Access) (Fees and Miscellaneous Provisions) (Amendment) Regulations 2001 Make provision in respect of “subject access requests” made under the Data Protection Act 1998. They establish the extent of the information which needs to be provided in response to a subject access request, set the maximum fee which can be charged generally for such requests, and make special provision for requests for information on financial standing made to credit reference agencies. Read More… (opens in a new window)
|
|
The Data Protection (Corporate Finance Exemption) Order 2000 Sets out a factor which an organisation must take into account when determining whether exemption from some data protection obligations would safeguard an important economic or financial interest of the UK, as allowed under Schedule 7 to the Data Protection Act. Read More… (opens in a new window)
|
|
The Data Protection (Designated Codes of Practice) (No.2) Order 2000 The Data Protection Act 1998 provides an exemption from some of its requirements for journalistic, literary and artistic activity, and specifically where this is judged to be in the public interest. The DPA specifies that codes of practice can be taken into account when considering whether the belief that publication was in the public interest was reasonable. This Order designates the codes published by the Broadcasting Standards Commission, the Independent Television Commission, the Press Complaints Commission, and the Radio Authority and the BBC’s Producers’ Guidelines. Read More… (opens in a new window)
|
|
The Data Protection (Processing of Sensitive Personal Data) Order 2000 Specifies ten further conditions which, if met, will allow sensitive personal data to be processed under the Data Protection Act. Read More… (opens in a new window)
|
|
The Data Protection (Processing of Sensitive Personal Data) (Elected Representatives) (Amendment) Order 2010 Specifies additional conditions which will allow sensitive personal data to be disclosed to elected representatives in discharging their functions. Read More… (opens in a new window)
|
|
The Data Protection (Functions of Designated Authority) Order 2000 The Data Protection Act 1998 provides that the Information Commissioner shall be the designated authority in the UK for the purposes of the 1981 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. This Order specifies the functions to be discharged by the Commissioner in that capacity. Read More… (opens in a new window)
|
|
The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 These Regulations prescribe the appropriate amount for fees that can be charged for processing certain requests made under the Data Protection Act and the Freedom of Information Act. Read More… (opens in a new window)
|
|
The Data Protection (Processing of Sensitive Personal Data) Order 2009 Specifies that sensitive personal data about a prisoner may be processed for the purpose of informing an MP about arrangements for their release. Read More… (opens in a new window)
|
|
The Data Protection (Crown Appointments) Order 2000 Exempts from Data Protection Act obligations personal data processed for the purposes of assessing any person’s suitability for certain offices to which appointments are made by the Crown. These include Archbishops, the Poet Laureate and the Astronomer Royal. Read More… (opens in a new window)
|
|
The Data Protection (International Co-operation) Order 2000 Provides a general power for the Information Commissioner to give information to the European Commission or any of his counterparts in other EEA States, where the information is necessary for the discharge of their data protection functions. Read More… (opens in a new window)
|
|
The Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 These Regulations set out the arrangements for the annual notification of personal data processing given to the Information Commissioner by data controllers. They also exempt those performing judicial functions from the need to notify the Information Commissioner. Read More… (opens in a new window)
|
|
The Data Protection (Fees under section 19(7)) Regulations 2000 These Regulations prescribe a fee of £2 to be paid to the Information Commissioner for supplying a member of the public with a copy of any data controller’s entry on that register. Read More… (opens in a new window)
|
|
The Data Protection (Conditions under Paragraph 3 of Part II of Schedule 1) Order 2000 This Order prescribes further conditions for circumstances where either of the following two conditions are being relied upon to exempt an organisation from telling an individual about the processing of their personal data: a) provision of the information would involve disproportionate effort; or b) the processing of the data is necessary for compliance with a legal obligation. Read More… (opens in a new window)
|
|
The Data Protection (Subject Access Modification) (Health) Order 2000 Provides for a partial exemption from The Data Protection Act 1998 in cases where the data relating to the physical or mental health or condition of the data subject where the disclosure would cause harm to the physical or mental health of the person making the request or any other person. Read More… (opens in a new window)
|
Tell us what you think should happen to these regulations and why, being specific where possible:
- Could their purpose be achieved in a non-regulatory way (eg through a voluntary code?) How?
- Could they be reformed, simplified or merged? How?
- Can we reduce their bureaucracy through better implementation? How?
- Can we make their enforcement less burdensome? How?
- Should they be left as they are?
