- Latest available (Revised)
- Original (As enacted)
This is the original version (as it was originally enacted).
(1)It shall be the duty of the Registrar so to perform his functions under this Act as to promote the observance of the data protection principles by data users and persons carrying on computer bureaux.
(2)The Registrar may consider any complaint that any of the data protection principles or any provision of this Act has been or is being contravened and shall do so if the complaint appears to him to raise a matter of substance and to have been made without undue delay by a person directly affected; and where the Registrar considers any such complaint he shall notify the complainant of the result of his consideration and of any action which he proposes to take.
(3)The Registrar shall arrange for the dissemination in such form and manner as he considers appropriate of such information as it may appear to him expedient to give to the public about the operation of this Act and other matters within the scope of his functions under this Act and may give advice to any person as to any of those matters.
(4)It shall be the duty of the Registrar, where he considers it appropriate to do so, to encourage trade associations or other bodies representing data users to prepare, and to disseminate to their members, codes of practice for guidance in complying with the data protection principles.
(5)The Registrar shall annually lay before each House of Parliament a general report on the performance of his functions under this Act and may from time to time lay before each House of Parliament such other reports with respect to those functions as he thinks fit.
The Registrar shall be the designated authority in the United Kingdom for the purposes of Article 13 of the European Convention; and the Secretary of State may by order make provision as to the functions to be discharged by the Registrar in that capacity.
(1)Except as provided in subsection (2) below, a government department shall be subject to the same obligations and liabilities under this Act as a private person; and for the purposes of this Act each government department shall be treated as a person separate from any other government department and a person in the public service of the Crown shall be treated as a servant of the government department to which his responsibilities or duties relate.
(2)A government department shall not be liable to prosecution under this Act but—
(a)sections 5(3) and 15(2) above (and, so far as relating to those provisions, sections 5(5) and 15(3) above) shall apply to any person who by virtue of this section falls to be treated as a servant of the government department in question; and
(b)section 6(6) above and paragraph 12 of Schedule 4 to this Act shall apply to a person in the public service of the Crown as they apply to any other person.
(3)For the purposes of this Act—
(a)the constables under the direction and control of a chief officer of police shall be treated as his servants ; and
(b)the members of any body of constables maintained otherwise than by a police authority shall be treated as the servants—
(i)of the authority or person by whom that body is maintained, and
(ii)in the case of any members of such a body who are under the direction and control of a chief officer, of that officer.
(4)In the application of subsection (3) above to Scotland, for the reference to a chief officer of police there shall be substituted a reference to a chief constable.
(5)In the application of subsection (3) above to Northern Ireland, for the reference to a chief officer of police there shall be substituted a reference to the Chief Constable of the Royal Ulster Constabulary and for the reference to a police authority there shall be substituted a reference to the Police Authority for Northern Ireland.
(1)Subject to the following provisions of this section, this Act does not apply to a data user in respect of data held, or to a person carrying on a computer bureau in respect of services provided, outside the United Kingdom.
(2)For the purposes of subsection (1) above—
(a)data shall be treated as held where the data user exercises the control referred to in subsection (5)(b) of section 1 above in relation to the data; and
(b)services shall be treated as provided where the person carrying on the computer bureau does any of the things referred to in subsection (6)(a) or (b) of that section.
(3)Where a person who is not resident in the United Kingdom—
(a)exercises the control mentioned in paragraph (a) of subsection (2) above ; or
(b)does any of the things mentioned in paragraph (b) of that subsection,
through a servant or agent in the United Kingdom, this Act shall apply as if that control were exercised or, as the case may be, those things were done in the United Kingdom by the servant or agent acting on his own account and not on behalf of the person whose servant or agent he is.
(4)Where by virtue of subsection (3) above a servant or agent is treated as a data user or as a person carrying on a computer bureau he may be described for the purposes of registration by the position or office which he holds; and any such description in an entry in the register shall be treated as applying to the person for the time being holding the position or office in question.
(5)This Act does not apply to data processed wholly outside the United Kingdom unless the data are used or intended to be used in the United Kingdom.
(6)Sections 4(3)(e) and 5(2)(e) and subsection (1) of section 12 above do not apply to the transfer of data which are already outside the United Kingdom; but references in the said section 12 to a contravention of the data protection principles include references to anything that would constitute such contravention if it occurred in relation to the data when held in the United Kingdom.
(1)Any power conferred by this Act to make regulations, rules or orders shall be exercisable by statutory instrument.
(2)Without prejudice to sections 2(6) and 29(3) above, regulations, rules or orders under this Act may make different provision for different cases or circumstances.
(3)Before making an order under any of the foregoing provisions of this Act the Secretary of State shall consult the Registrar.
(4)No order shall be made under section 2(3), 4(8), 29, 30 or 34(2) above unless a draft of the order has been laid before and approved by a resolution of each House of Parliament.
(5)A statutory instrument containing an order under section 21(9) or 37 above or rules under paragraph 4 of Schedule 3 to this Act shall be subject to annulment in pursuance of a resolution of either House of Parliament.
(6)Regulations prescribing fees for the purposes of any provision of this Act or the period mentioned in section 8(2) above shall be laid before Parliament after being made.
(7)Regulations prescribing fees payable to the Registrar under this Act or the period mentioned in section 8(2) above shall be made after consultation with the Registrar and with the approval of the Treasury; and in making any such regulations the Secretary of State shall have regard to the desirability of securing that those fees are sufficient to offset the expenses incurred by the Registrar and the Tribunal in discharging their functions under this Act and any expenses of the Secretary of State in respect of the Tribunal.
In addition to the provisions of sections 1 and 2 above, the following provisions shall have effect for the interpretation of this Act—
" business " includes any trade or profession ;
"data equipment" means equipment for the automatic processing of data or for recording information so that it can be automatically processed;
" data material" means any document or other material used in connection with data equipment;
" a de-registration notice " means a notice under section 11 above;
" enactment " includes an enactment passed after this Act;
" an enforcement notice " means a notice under section 10 above;
"the European Convention" means the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data which was opened for signature on 28th January 1981 ;
"government department" includes a Northern Ireland department and any body or authority exercising statutory functions on behalf of the Crown ;
" prescribed " means prescribed by regulations made by the Secretary of State;
" the Registrar " means the Data Protection Registrar ;
" the register ", except where the reference is to the register of companies, means the register maintained under section 4 above and (except where the reference is to a registered company, to the registered office of a company or to registered post) references to registration shall be construed accordingly ;
" registered company " means a company registered under the enactments relating to companies for the time being in force in any part of the United Kingdom;
" a transfer prohibition notice " means a notice under section 12 above;
" the Tribunal " means the Data Protection Tribunal.
(1)No application for registration shall be made until such day as the Secretary of State may by order appoint, and sections 5 and 15 above shall not apply until the end of the period of six months beginning with that day.
(2)Until the end of the period of two years beginning with the day appointed under subsection (1) above the Registrar shall not have power—
(a)to refuse an application made in accordance with section 6 above except on the ground mentioned in section 7(2)(a) above; or
(b)to serve an enforcement notice imposing requirements to be complied with, a de-registration notice expiring, or a transfer prohibition notice imposing a prohibition taking effect, before the end of that period.
(3)Where the Registrar proposes to serve any person with an enforcement notice before the end of the period mentioned in subsection (2) above he shall, in determining the time by which the requirements of the notice are to be complied with, have regard to the probable cost to that person of complying with those requirements.
(4)Section 21 above and paragraph 1(b) of Schedule 4 to this Act shall not apply until the end of the period mentioned in subsection (2) above.
(5)Section 22 above shall not apply to damage suffered before the end of the period mentioned in subsection (1) above and in deciding whether to refuse an application or serve a notice under Part II of this Act the Registrar shall treat the provision about accuracy in the fifth data protection principle as inapplicable until the end of that period and as inapplicable thereafter to data shown to have been held by the data user in question since before the end of that period.
(6)Sections 23 and 24(3) above shall not apply to damage suffered before the end of the period of two months beginning with the date on which this Act is passed.
(7)Section 24(1) and (2) above shall not apply before the end of the period mentioned in subsection (1) above.
(1)This Act may be cited as the Data Protection Act 1984.
(2)This Act extends to Northern Ireland.
(3)Her Majesty may by Order in Council direct that this Act shall extend to any of the Channel Islands with such exceptions and modifications as may be specified in the Order.
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As Enacted or Made):The original version of the legislation as it stood when it was enacted or made. No changes have been applied to the text.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: