UK GDPR | Part 3 DPA 2018: Law Enforcement processing | Part 4 DPA 2018: Intelligence Services processing | |
The principles of processing | ✔ Articles 5-11 | ✔ Sections 34-42 | ✔ Sections 85-91 |
Data subject rights | ✔ Articles 12-22 | ✔ Sections 43-54 | ✔ Sections 92-100 |
Obligations imposed on controllers or processors | ✔ Articles 25-39 | ✔ Section 64 or Section 65 | ✘ |
The requirement to communicate a personal data breach to the Commissioner or a data subject | ✔ Articles 33-34 | ✔ Section 67 or Section 68 | ✔ Section 108 |
The principles for transfers of personal data to third countries, non-Convention countries and international organisations | ✔ Articles 44-49 | ✔ Sections 73-78 | ✔ Sections 73-78 |
Specific failures of a monitoring body (monitoring approved code of conduct) 100 | ✔ | N/A | N/A |
Specific failures of a certification provider 101 | ✔ | N/A | N/A |
A failure to comply with regulations under section 137 DPA 2018 | ✔ | ✔ | ✔ |
A failure to comply with the terms of an information notice, assessment notice or enforcement notice 102 | ✔ | ✔ | ✔ |
100 s149(3) DPA 2018: Where the monitoring body has failed, or is failing, to comply with an obligation under Article 41 UK GDPR.
101 s149(4) DPA 2018: Where a certification provider does not meet the requirements for accreditation; has failed, or failing, to comply with an obligation under Articles 42 or 43 UK GDPR; or has failed or is failing to comply with any other provision of the UK GDPR (whether in the person’s capacity as a certification provider or otherwise).