51General duties of Commissioner
(1)It shall be the duty of the Commissioner to promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act as to promote the observance of the requirements of this Act by data controllers.
(2)The Commissioner shall arrange for the dissemination in such form and manner as he considers appropriate of such information as it may appear to him expedient to give to the public about the operation of this Act, about good practice, and about other matters within the scope of his functions under this Act, and may give advice to any person as to any of those matters.
(3)Where—
(a)the Secretary of State so directs by order, or
(b)the Commissioner considers it appropriate to do so,
the Commissioner shall, after such consultation with trade associations, data subjects or persons representing data subjects as appears to him to be appropriate, prepare and disseminate to such persons as he considers appropriate codes of practice for guidance as to good practice.
(4)The Commissioner shall also—
(a)where he considers it appropriate to do so, encourage trade associations to prepare, and to disseminate to their members, such codes of practice, and
(b)where any trade association submits a code of practice to him for his consideration, consider the code and, after such consultation with data subjects or persons representing data subjects as appears to him to be appropriate, notify the trade association whether in his opinion the code promotes the following of good practice.
(5)An order under subsection (3) shall describe the personal data or processing to which the code of practice is to relate, and may also describe the persons or classes of persons to whom it is to relate.
(6)The Commissioner shall arrange for the dissemination in such form and manner as he considers appropriate of—
(a)any Community finding as defined by paragraph 15(2) of Part II of Schedule 1,
(b)any decision of the European Commission, under the procedure provided for in Article 31(2) of the Data Protection Directive, which is made for the purposes of Article 26(3) or (4) of the Directive, and
(c)such other information as it may appear to him to be expedient to give to data controllers in relation to any personal data about the protection of the rights and freedoms of data subjects in relation to the processing of personal data in countries and territories outside the European Economic Area.
(7)The Commissioner may, with the consent of the data controller, assess any processing of personal data for the following of good practice and shall inform the data controller of the results of the assessment.
(8)The Commissioner may charge such sums as he may with the consent of the Secretary of State determine for any services provided by the Commissioner by virtue of this Part.
(9)In this section—
“good practice” means such practice in the processing of personal data as appears to the Commissioner to be desirable having regard to the interests of data subjects and others, and includes (but is not limited to) compliance with the requirements of this Act;
“trade association” includes any body representing data controllers.