The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.
The DPA 1998 requires that data controllers process personal data in accordance with the eight data protection principles (see Practice Note: Data protection principles under the DPA 1998). In addition, a data controller must not disclose personal data to third parties contrary to the non-disclosure provisions set out in section 27(3) DPA 1998, which include:
the first data protection principle (fair and lawful processing), except for the requirement to satisfy one or more of the conditions for processing (DPA 1998, Sch 2 and 3)
the second (purposes), third (adequacy), fourth (accuracy) and fifth (retention) data protection principles
an individual's right under section 10 DPA 1998 to prevent processing likely to cause damage or distress
an individual's right under section 14 DPA 1998 to have incorrect personal data rectified, blocked, erased or destroyed
There are, however, exemptions from these non-disclosure obligations. The exemptions do not impose an obligation on data controllers to disclose personal data, but they
**excludes LexisPSL Practice Compliance, Practice Management and Risk and Compliance. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Take a free trial
0330 161 1234