Data Protection Act 2018


Explanatory Notes have been produced to assist in the
understanding of this Act and are available separately

An Act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of practice, and for connected purposes. [23rd May 2018]

BE IT ENACTED by the Queen’s most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:

Quick Access

Part 1 Preliminary
Part 2 General Proessing
Part 3 Law Enforcement Processing
Part 4 Intelligence Services Processing
Part 5 The Information Commissioner
Part 6 Enforcement
Part 7 Supplementary and Final Provision
Schedule 1 Special Categories of Personal Data and Criminal Convictions Etc Data
Schedule 2 Exemptions Etc from The GDPR
Schedule 3 Exemptions Etc from The GDPR: Health, Social work, Education and Child Abuse Data
Schedule 4 Exemptions Etc from The GDPR: Disclosure Prohibited or Restricted by an Enactment
Schedule 5 Accreditation of Certification Providers: Reviews and Appeals
Schedule 6 The Applied GDPR and The Applied Chapter 2
Schedule 7 Competent Authorities
Schedule 8 Conditions for Sensitive Processing under Part 3
Schedule 9 Conditions for Processing under Part 4
Schedule 10 Conditions for Sensitive Processing under Part 4
Schedule 11 Other Exemptions under Part 4
Schedule 12 The Information Commissioner
Schedule 13 Other General Functions of the Commissoner
Schedule 14 CO-OPERATION and Mutual Assistance
Schedule 15 Powers of Entry and Inspection
Schedule 16 Penalties
Schedule 17 Review of Processing of Personal Data for the Purposes of Journalism
Schedule 18 Relevant Records
Schedule 19 Minor and Consequential Amendments
Schedule 20 Transitional Provision Etc

Key Issues

Table of Contents