The following Information Law guidance note provides comprehensive and up to date legal information covering:
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998. This Practice Note is for background information only and is not maintained.
STOP PRESS: The General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) (applicable from 25 May 2018) introduces substantial amendments to EU and UK data protection law and replaces the Data Protection Act 1998 (DPA 1998) and Directive 95/46/EC (the Data Protection Directive) from that date.
This Practice Note will be updated to reflect the changes to data protection law as a result of the GDPR regime in due course. In the meantime for further information, see Practice Note: The General Data Protection Regulation (GDPR) and the main section of this Practice Note: Privacy notices under the GDPR below.
For a comprehensive introduction to the GDPR, collating key practical guidance, see: GDPR toolkit.
The first data protection principle set out in Schedule 1, Part I to the Data Protection Act 1998 (DPA 1998) requires data controllers to:
process personal data fairly and lawfully
meet at least one of the conditions for processing in DPA 1998, Sch 2, and
in the case of sensitive personal data, meet at least one of the conditions for processing in DPA 1998,
**excludes LexisPSL Practice Compliance, Practice Management and Risk and Compliance. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Take a free trial
0330 161 1234