Data Protection Act 2018 - Schedule 3 Part 5 Child Abuse Data

Exemption from Article 15 of the GDPR: child abuse data

  1. This paragraph applies where a request for child abuse data is made in exercise of a power conferred by an enactment or rule of law and—
    1. the data subject is an individual aged under 18 and the person making the request has parental responsibility for the data subject, or
    2. the data subject is incapable of managing his or her own affairs and the person making the request has been appointed by a court to manage those affairs.
  2. Article 15(1) to (3) of the GDPR (confirmation of processing, access to data and safeguards for third-country transfers) do not apply to child abuse data to the extent that the application of that provision would not be in the best interests of the data subject.
  3. “Child abuse data” is personal data consisting of information as to whether the data subject is or has been the subject of, or may be at risk of, child abuse.
  4. For this purpose, “child abuse” includes physical injury (other than accidental injury) to, and physical and emotional neglect, ill-treatment and sexual abuse of, an individual aged under 18.
  5. This paragraph does not apply in relation to Scotland.