Unlawfully obtaining data under the Data Protection Act 1998
Produced in partnership with Professor Dan Hyde of Harrison Clark Rickerbys
Unlawfully obtaining data under the Data Protection Act 1998

The following Corporate Crime practice note produced in partnership with Professor Dan Hyde of Harrison Clark Rickerbys provides comprehensive and up to date legal information covering:

  • Unlawfully obtaining data under the Data Protection Act 1998
  • Changes as a result of the General Data Protection Regulation
  • The offences of unlawful obtaining of personal data under the DPA 1998
  • Unlawfully obtaining personal data
  • Selling or offering to sell unlawfully obtained data
  • Elements of the offence of unlawfully obtaining data
  • Mental elements of the offence of unlawfully obtaining data
  • Corporate liability
  • Statutory defences
  • Sentencing for unlawfully obtaining data
  • More...

Unlawfully obtaining data under the Data Protection Act 1998

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP completion day mean for corporate crime?

This Practice Note relates to the commission of data protection offences before 25 May 2018. Where a data protection offence occurred before 25 May 2018, it may still be prosecuted under the Data Protection Act 1998 (DPA 1998) despite the fact that the legislation has been repealed by the Data Protection Act 2018 (DPA 2018). Where an offence is committed on or after 25 May 2018, charges should be considered under DPA 2018. See Practice Note: Offences under the Data Protection Act 2018.

Changes as a result of the General Data Protection Regulation

The General Data Protection Regulation (EU) 2016/679 (GDPR) became directly applicable and fully enforceable in all EU Member States from 25 May 2018. In the UK, the GDPR was implemented by DPA 2018, see Practice Note: The Data Protection Act 2018.

Related documents:

Popular documents