Q&As

When are assessment notices served under the Data Protection Act and what happens if I receive one?

read titleRead full title
Published on LexisPSL on 27/02/2014

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • When are assessment notices served under the Data Protection Act and what happens if I receive one?
  • What is an assessment notice?
  • When may the ICO serve an assessment notice?
  • What must I do if I am served with an assessment notice?
  • Is there a right of appeal?
  • What are the consequences of an audit?
  • Are there any other options?

When are assessment notices served under the Data Protection Act and what happens if I receive one?

What is an assessment notice?

Assessment notices are a feature of compulsory data protection audits introduced into the ICO's regulatory toolkit by the Coroners and Justice Act 2009. Under s41A of the Data Protection Act (DPA) the Information Commissioner’s Office (ICO) may serve certain data controllers with an assessment notice in order to investigate compliance with the data protection principles. The scope of operation of assessment notices is limited and a data controller will be subject to these powers (a 'relevant data controller') if it is:

  1. (a)

    a government department,

  2. (b)

    a public authority designated for the purposes of this section by an order made by the Secretary of State, or

  3. (c)

    a person of a description designated for the purposes of this section by such an order.

Currently under this section, the ICO has compulsory data protection audit powers over central Government departments only. However, the ICO has indicated that it wishes to extend the ambit of these powers, recently launching a consultation regarding introducing audit powers in relation to the NHS (Consultation Paper CP9/2013).

Under s41C DPA the Information Commissioner is required to prepare and issue a Code of Practice for assessment notices. The latest version of this sets out the manner in which the ICO’s functions in

Popular documents