Exemptions to the DPA 1998 [Archived]
Exemptions to the DPA 1998 [Archived]

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Exemptions to the DPA 1998 [Archived]
  • When does the DPA 1998 apply?
  • General exemptions
  • Specific exemptions
  • ICO notification exemption
  • Subject information exemption
  • Data processing notice exemption
  • Non-disclosure exemption
  • What is the effect of an exemption?
  • What does a data controller need to do to rely on an exemption?
  • More...

ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.

This Practice Note identifies and explains the principal exemptions available under the DPA 1998.

When does the DPA 1998 apply?

Before applying any exemption it is important to be clear what underlying obligation the exemption relates to and why the exemption is necessary. The starting point is to clarify whether the DPA 1998 applies at all and, if so, what it requires. This will depend on:

  1. the type of information (personal data)

  2. the activities being carried out in relation to that personal data (processing)

  3. the equipment/location of processing

  4. which party has obligations (data controller)

In general terms, the DPA 1998 applies to:

  1. UK data controllers who process personal data, and

  2. non-UK/non-EEA data controllers who use equipment in the UK to process personal data

See Practice Notes: Data protection—applicability and scope and Key definitions under the DPA 1998.

Once the obligation is clear, then the relevant exemption can be identified and applied if necessary.

For a comprehensive introduction to the GDPR, collating key practical guidance, see: Data protection toolkit.

General exemptions

There are very few general exemptions from the DPA 1998 in its entirety, but:

  1. there is a broad exemption for personal data

Popular documents