HomeRegulatoryData Protection offences

Data Protection offences

Offences under Data Protection Act 2018

The Data Protection Act 2018 sets standards for protecting personal data, in accordance with the General Data Protection Regulation (“GDPR”), the directly effective EU regulation which came into force in 2018.

The changes also affected criminal offences under the Act. 

Changing the regulatory environment

GDPR changes the regulatory environment and gives the Information Commissioner’s Office the power to impose substantial fines 

The Act deals with elements of the regulatory framework not covered by GDPR, and sets out the specific criminal offences relating to data protection. 

Section 170 Data Protection Act 2018

The offence of unlawfully obtaining, or disclosing, personal data without the consent of the data controller (formerly s.55 Data Protection Act 1998) is a common feature of many prosecutions brought by the Information Commissioner’s Office. This offence has now been amended, and can be found at s.170 DPA 2018. 

There is a new clause in which it is a criminal offence to retain personal data without the consent of the data controller. This would cover a situation where data was provided through lawful means, then retained beyond the time consented to by the data controller. 

The offence under s.170 DPA 1998 remains punishable only by way of a fine. 

Section 171 Data Protection Act 2018

The offence under Section 171 under DPA 2018 involves the re-identification of de-identified personal data. This covers a situation where documents are redacted and disclosed. It is possible to use software to remove the redaction on documents. 

Other offences include;

  • Section 119: Obstructing the Commissioner in inspecting personal data to discharge an international obligation
  • Section 132: Prohibition placed upon the Commissioner, or the Commissioner’s staff against disclosing information obtained in the course of their role (which is not available to the public)
  • False statement made in response to an information notice
  • Section 148: Destroying or falsifying information and documents etc
  • Section 173: Alteration of personal data to prevent disclosure to data subject
  • Section 184: Prohibition of requirement to produce relevant records
  • Schedule 15, Paragraph 15. Powers of Entry and Inspection

Expert regulatory lawyers (Manchester & London)

If you are facing a regulatory investigation or the possibility of an investigation and wish to speak to one of our team please contact us at the earliest possible opportunity for a confidential discussions We are able to represent you wherever you are based across England and and Wales.

Our Regulatory Team is headed by our Managing Director Matthew Claughton and other members are Toby Wilbraham,  Zita Spencer. Each of our specialists has substantial experience in dealing with a range of regulatory investigations and prosecutions as well as complex criminal cases.

Contact our regulatory team

Complete the form below and we will contact you

Contact Us 2023
Preferred method of contact


Head Office


Satellite Office

Get in touch with one of our specialist solicitors today

Our expert team of experienced lawyers are here to help!

MLAwards Crime Team of the Year 2024

Copyright © 2024 | Authorised & Regulated by the Solicitors Regulation Authority | SRA No. 597078
Privacy Policy | Accessibility | Complaints | Built by SEO Strategy