Offences under Data Protection Act 2018
The Data Protection Act 2018 sets standards for protecting personal data, in accordance with the General Data Protection Regulation (“GDPR”), the directly effective EU regulation which came into force in 2018.
The changes also affected criminal offences under the Act.
Changing the regulatory environment
GDPR changes the regulatory environment and gives the Information Commissioner’s Office the power to impose substantial fines
The Act deals with elements of the regulatory framework not covered by GDPR, and sets out the specific criminal offences relating to data protection.
Section 170 Data Protection Act 2018
The offence of unlawfully obtaining, or disclosing, personal data without the consent of the data controller (formerly s.55 Data Protection Act 1998) is a common feature of many prosecutions brought by the Information Commissioner’s Office. This offence has now been amended, and can be found at s.170 DPA 2018.
There is a new clause in which it is a criminal offence to retain personal data without the consent of the data controller. This would cover a situation where data was provided through lawful means, then retained beyond the time consented to by the data controller.
The offence under s.170 DPA 1998 remains punishable only by way of a fine.
Section 171 Data Protection Act 2018
The offence under Section 171 under DPA 2018 involves the re-identification of de-identified personal data. This covers a situation where documents are redacted and disclosed. It is possible to use software to remove the redaction on documents.
Other offences include;
- Section 119: Obstructing the Commissioner in inspecting personal data to discharge an international obligation
- Section 132: Prohibition placed upon the Commissioner, or the Commissioner’s staff against disclosing information obtained in the course of their role (which is not available to the public)
- False statement made in response to an information notice
- Section 148: Destroying or falsifying information and documents etc
- Section 173: Alteration of personal data to prevent disclosure to data subject
- Section 184: Prohibition of requirement to produce relevant records
- Schedule 15, Paragraph 15. Powers of Entry and Inspection
Expert regulatory lawyers (Manchester & London)
If you are facing a regulatory investigation or the possibility of an investigation and wish to speak to one of our team please contact us at the earliest possible opportunity for a confidential discussions We are able to represent you wherever you are based across England and and Wales.
Our Regulatory Team is headed by our Managing Director Matthew Claughton and other members are Toby Wilbraham, Zita Spencer. Each of our specialists has substantial experience in dealing with a range of regulatory investigations and prosecutions as well as complex criminal cases.