Q&As

What steps does a data controller have to take under the Data Protection Act 1998 when transferring a database of personal data to a company taking over some of its operations?

read titleRead full title
Published on LexisPSL on 24/04/2017

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • What steps does a data controller have to take under the Data Protection Act 1998 when transferring a database of personal data to a company taking over some of its operations?

What steps does a data controller have to take under the Data Protection Act 1998 when transferring a database of personal data to a company taking over some of its operations?

We have assumed for the purposes of this Q&A that there are no transfers of the personal data outside of the UK (and no other international element) and this Q&A relates to the transfer of a database of personal data which does not contain any sensitive personal data. We have also assumed that no industry or other specific regulation or guidance apply.

To the extent a situation is analogous to the sale of a database you may find the following Practice Note helpful: Dealing with a database (personal data)—data protection considerations. Among other things, that Practice Note explains that there are eight data protection principles embodied in the Data Protection Act 1998 that need to be considered by prospective buyers and sellers of a database. While all of the principles apply, among the most relevant may be:

  1. Data protection principles under the DPA 1998—Principle 1: Personal data must be processed fairly and lawfully

  2. Data protection principles

Popular documents