GENERAL DATA PROTECTION REGULATION AND DATA PROTECTION ACT 2018

This table contains extracts and summaries of legislation using among other things the headings of paragraphs in the Schedules to the UK Data Protection Act 2018 ('DPA'). After identifying relevant paragraphs in those Schedules, users of this table should always use the DPA links provided to refer to the full text of those paragraphs, in order to identify their precise scope and to identify the 'listed GDPR provisions'. (See Summary of Data Protection Act 2018 for further explanation.)

This table sets out extracts from the official version of the GDPR and the original version of the DPA. It does not yet set out the amendments made to the GDPR and the DPA, effective within the UK as from the date of Brexit, by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, SI 2019/419. See the Brexit page for further information regarding Brexit.

Item Reference       Article 15 Link
1 15. Article 15 GDPR 15
2 15. Right of access by the data subject GDPR 15
3 15.1 1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: GDPR 15
4 15.1(a) (a) the purposes of the processing; GDPR 15
5 15.1(b) (b) the categories of personal data concerned; GDPR 15
6 15.1(c) (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; GDPR 15
7 15.1(d) (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; GDPR 15
8 15.1(e) (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; GDPR 15
9 15.1(f) (f) the right to lodge a complaint with a supervisory authority; GDPR 15
10 15.1(g) (g) where the personal data are not collected from the data subject, any available information as to their source; GDPR 15
11 15.1(h) (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. GDPR 15
12 15.2 2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer. GDPR 15
13 15.3 3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form. GDPR 15
14 15.4 4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others. GDPR 15
Item Reference Articles which affect Article 15 Link
Item Reference       Paragraphs in Schedules to Data Protection Act 2018 which affect Article 15 Link
40 2/1/ Adaptations and restrictions based on Articles 6(3) and 23(1) DPA Sch 2
41 2/1/1 GDPR provisions to be adapted or restricted: "the listed GDPR provisions" DPA Sch 2
42 2/1/2 Crime and taxation: general

"(1) The listed GDPR provisions and Article 34(1) and (4) of the GDPR (communication of personal data breach to the data subject) do not apply to personal data processed for any of the following purposes-
(a) the prevention or detection of crime,
(b) the apprehension or prosecution of offenders, or
(c) the assessment or collection of a tax or duty or an imposition of a similar nature,
to the extent that the application of those provisions would be likely to prejudice any of the matters mentioned in paragraphs (a) to (c).
(2) Sub-paragraph (3) applies where-
(a) personal data is processed by a person (“Controller 1”) for any of the purposes mentioned in sub-paragraph (1)(a) to (c), and
(b) another person (“Controller 2”) obtains the data from Controller 1 for the purpose of discharging statutory functions and processes it for the purpose of discharging statutory functions."
DPA Sch 2
ICO guidance
43 2/1/3 Crime and taxation: risk assessment systems DPA Sch 2
ICO guidance
44 2/1/4 Immigration DPA Sch 2
ICO guidance
45 2/1/5 Information required to be disclosed by law etc or in connection with legal proceedings

"(1) The listed GDPR provisions do not apply to personal data consisting of information that the controller is obliged by an enactment to make available to the public, to the extent that the application of those provisions would prevent the controller from complying with that obligation.
(2) The listed GDPR provisions do not apply to personal data where disclosure of the data is required by an enactment, a rule of law or an order of a court or tribunal, to the extent that the application of those provisions would prevent the controller from making the disclosure.
(3) The listed GDPR provisions do not apply to personal data where disclosure of the data-
(a) is necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings),
(b) is necessary for the purpose of obtaining legal advice, or
(c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights,
to the extent that the application of those provisions would prevent the controller from making the disclosure."
DPA Sch 2
ICO guidance
46 2/2/ Restrictions based on Article 23(1): restrictions of rules in Articles 13 to 21 and 34 DPA Sch 2
47 2/2/6 GDPR provisions to be restricted: "the listed GDPR provisions" DPA Sch 2
48 2/2/7 Functions designed to protect the public etc    
Description of function design: Condition:
1. The function is designed to protect members of the public against- (a) financial loss due to dishonesty, malpractice or other seriously improper conduct by, or the unfitness or incompetence of, persons concerned in the provision of banking, insurance, investment or other financial services or in the management of bodies corporate, or (b) financial loss due to the conduct of discharged or undischarged bankrupts. The function is- (a) conferred on a person by an enactment, (b) a function of the Crown, a Minister of the Crown or a government department, or (c) of a public nature, and is exercised in the public interest.
2. The function is designed to protect members of the public against- (a) dishonesty, malpractice or other seriously improper conduct, or (b) unfitness or incompetence. The function is- (a) conferred on a person by an enactment, (b) a function of the Crown, a Minister of the Crown or a government department, or (c) of a public nature, and is exercised in the public interest.
3. The function is designed- (a) to protect charities or community interest companies against misconduct or mismanagement (whether by trustees, directors or other persons) in their administration, (b) to protect the property of charities or community interest companies from loss or misapplication, or (c) to recover the property of charities or community interest companies. The function is- (a) conferred on a person by an enactment, (b) a function of the Crown, a Minister of the Crown or a government department, or (c) of a public nature, and is exercised in the public interest.
4. The function is designed- (a) to secure the health, safety and welfare of persons at work, or (b) to protect persons other than those at work against risk to health or safety arising out of or in connection with the action of persons at work. The function is- (a) conferred on a person by an enactment, (b) a function of the Crown, a Minister of the Crown or a government department, or (c) of a public nature, and is exercised in the public interest.
5. The function is designed to protect members of the public against- (a) maladministration by public bodies, (b) failures in services provided by public bodies, or (c) a failure of a public body to provide a service which it is a function of the body to provide. The function is conferred by any enactment on- (a) the Parliamentary Commissioner for Administration, (b) the Commissioner for Local Administration in England, (c) the Health Service Commissioner for England, (d) the Public Services Ombudsman for Wales, (e) the Northern Ireland Public Services Ombudsman, (f) the Prison Ombudsman for Northern Ireland, or (g) the Scottish Public Services Ombudsman.
6. The function is designed- (a) to protect members of the public against conduct which may adversely affect their interests by persons carrying on a business, (b) to regulate agreements or conduct which have as their object or effect the prevention, restriction or distortion of competition in connection with any commercial activity, or (c) to regulate conduct on the part of one or more undertakings which amounts to the abuse of a dominant position in a market. The function is conferred on the Competition and Markets Authority by an enactment.
DPA Sch 2
ICO guidance
49 2/2/8 Audit functions DPA Sch 2
ICO guidance
50 2/2/9 Functions of the Bank of England DPA Sch 2
ICO guidance
51 2/2/10 Regulatory functions relating to legal services, the health service and children's services DPA Sch 2
ICO guidance
52 2/2/11 Regulatory functions of certain other persons    
Person on whom function is conferred: How function is conferred:
1. The Commissioner. By or under- (a) the data protection legislation, (b) the Freedom of Information Act 2000, (c) section 244 of the Investigatory Powers Act 2016, (d) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I. 2003/2426), (e) the Environmental Information Regulations 2004 (S.I. 2004/3391), (f) the INSPIRE Regulations 2009 (S.I. 2009/3157), (g) Regulation (EU) No 910/ 2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, (h) the Re-use of Public Sector Information Regulations 2015 (S.I. 2015/1415), (i) the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (S.I. 2016/696).
2. The Scottish Information Commissioner. By or under- (a) the Freedom of Information (Scotland) Act 2002 (asp 13), (b) the Environmental Information (Scotland) Regulations 2004 (S.S.I. 2004/520), (c) the INSPIRE (Scotland) Regulations 2009 (S.S.I. 2009/440).
3. The Pensions Ombudsman. By or under Part 10 of the Pension Schemes Act 1993 or any corresponding legislation having equivalent effect in Northern Ireland.
4. The Board of the Pension Protection Fund. By or under sections 206 to 208 of the Pensions Act 2004 or any corresponding legislation having equivalent effect in Northern Ireland.
5. The Ombudsman for the Board of the Pension Protection Fund. By or under any of sections 209 to 218 or 286(1) of the Pensions Act 2004 or any corresponding legislation having equivalent effect in Northern Ireland.
6. The Pensions Regulator. By an enactment.
7. The Financial Conduct Authority. By or under the Financial Services and Markets Act 2000 or by another enactment.
8. The Financial Ombudsman. By or under Part 16 of the Financial Services and Markets Act 2000.
9. The investigator of complaints against the financial regulators. By or under Part 6 of the Financial Services Act 2012.
10. A consumer protection enforcer, other than the Competition and Markets Authority. By or under the CPC Regulation. By or under the Local Government and Housing Act 1989.
11. The monitoring officer of a relevant authority. By or under the Local Government and Housing Act 1989.
12. The monitoring officer of a relevant Welsh authority. By or under the Local Government Act 2000.
13. The Public Services Ombudsman for Wales. By or under the Local Government Act 2000.
14. The Charity Commission. By or under- (a) the Charities Act 1992, (b) the Charities Act 2006, (c) the Charities Act 2011.
DPA Sch 2
ICO guidance
53 2/2/13 Parliamentary privilege DPA Sch 2
ICO guidance
54 2/2/14 Judicial appointments, judicial independence and judicial proceedings DPA Sch 2
ICO guidance
55 2/2/15 Crown honours, dignities and appointments DPA Sch 2
ICO guidance
56 2/3/ Restriction based on Article 23(1): protection of rights of others DPA Sch 2
57 2/3/16 Protection of the rights of others: general

"(1) Article 15(1) to (3) of the GDPR (confirmation of processing, access to data and safeguards for third country transfers), and Article 5 of the GDPR so far as its provisions correspond to the rights and obligations provided for in Article 15(1) to (3), do not oblige a controller to disclose information to the data subject to the extent that doing so would involve disclosing information relating to another individual who can be identified from the information.
(2) Sub-paragraph (1) does not remove the controller’s obligation where-
(a) the other individual has consented to the disclosure of the information to the data subject, or
(b) it is reasonable to disclose the information to the data subject without the consent of the other individual.
(3) In determining whether it is reasonable to disclose the information without consent, the controller must have regard to all the relevant circumstances, including-
(a) the type of information that would be disclosed,
(b) any duty of confidentiality owed to the other individual,
(c) any steps taken by the controller with a view to seeking the consent of the other individual,
(d) whether the other individual is capable of giving consent, and
(e) any express refusal of consent by the other individual.
(4) For the purposes of this paragraph-
(a) "information relating to another individual" includes information identifying the other individual as the source of information,
(b) an individual can be identified from information to be provided to a data subject by a controller if the individual can be identified from-
(i) that information, or
(ii) that information and any other information that the controller reasonably believes the data subject is likely to possess or obtain."
DPA Sch 2
ICO guidance
58 2/3/17 Assumption of reasonableness for health workers, social workers and education workers

"For the purposes of paragraph 16(2)(b), it is to be considered reasonable for a controller to disclose information to a data subject without the consent of the other individual where:...[more]"
DPA Sch 2
ICO guidance
59 2/4/ Restrictions based on Article 23(1): restrictions of rules in Articles 13 to 15 DPA Sch 2
60 2/4/18 GDPR provisions to be restricted: "the listed GDPR provisions" DPA Sch 2
61 2/4/19 Legal professional privilege

"The listed GDPR provisions do not apply to personal data that consists of-
(a) information in respect of which a claim to legal professional privilege or, in Scotland, confidentiality of communications, could be maintained in legal proceedings, or
(b) information in respect of which a duty of confidentiality is owed by a professional legal adviser to a client of the adviser."
DPA Sch 2
ICO guidance
62 2/4/20 Self incrimination

"(1) A person need not comply with the listed GDPR provisions to the extent that compliance would, by revealing evidence of the commission of an offence, expose the person to proceedings for that offence.
(2) The reference to an offence in sub-paragraph (1) does not include an offence under-
(a) this Act,
(b) section 5 of the Perjury Act 1911 (false statements made otherwise than on oath),
(c) section 44(2) of the Criminal Law (Consolidation) (Scotland) Act 1995 (false statements made otherwise than on oath), or
(d) Article 10 of the Perjury (Northern Ireland) Order 1979 (S.I. 1979/1714 (N.I. 19)) (false statutory declarations and other false unsworn statements).
(3) Information disclosed by any person in compliance with Article 15 of the GDPR is not admissible against the person in proceedings for an offence under this Act."
DPA Sch 2
ICO guidance
63 2/4/21 Corporate finance DPA Sch 2
ICO guidance
64 2/4/22 Management forecasts

"The listed GDPR provisions do not apply to personal data processed for the purposes of management forecasting or management planning in relation to a business or other activity to the extent that the application of those provisions would be likely to prejudice the conduct of the business or activity concerned."
DPA Sch 2
ICO guidance
65 2/4/23 Negotiations

"The listed GDPR provisions do not apply to personal data that consists of records of the intentions of the controller in relation to any negotiations with the data subject to the extent that the application of those provisions would be likely to prejudice those negotiations."
DPA Sch 2
ICO guidance
66 2/4/24 Confidential references

"The listed GDPR provisions do not apply to personal data consisting of a reference given (or to be given) in confidence for the purposes of-
(a) the education, training or employment (or prospective education, training or employment) of the data subject,
(b) the placement (or prospective placement) of the data subject as a volunteer,
(c) the appointment (or prospective appointment) of the data subject to any office, or
(d) the provision (or prospective provision) by the data subject of any service."
DPA Sch 2
ICO guidance
67 2/4/25 Exam scripts and exam marks DPA Sch 2
ICO guidance
68 2/5/ Exemptions etc based on Article 85(2) for reasons of freedom of expression and information DPA Sch 2
69 2/5/26 Journalistic, academic, artistic and literary purposes DPA Sch 2
ICO guidance
70 2/6/ Derogations etc based on Article 89 for research, statistics and archiving DPA Sch 2
71 2/6/27 Research and statistics

"(1) The listed GDPR provisions do not apply to personal data processed for-
(a) scientific or historical research purposes, or
(b) statistical purposes,
to the extent that the application of those provisions would prevent or seriously impair the achievement of the purposes in question.
(2)For the purposes of this paragraph, the listed GDPR provisions are the following provisions of the GDPR (the rights in which may be derogated from by virtue of Article 89(2) of the GDPR)-
(a) Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers),
(b) Article 16 (right to rectification),
(c) Article 18(1) (restriction of processing),
(d) Article 21(1) (objections to processing).
(3)The exemption in sub-paragraph (1) is available only where-
(a) the personal data is processed in accordance with Article 89(1) of the GDPR (as supplemented by section 19), and
(b) as regards the disapplication of Article 15(1) to (3), the results of the research or any resulting statistics are not made available in a form which identifies a data subject."
DPA Sch 2
ICO guidance
72 2/6/28 Archiving in the public interest

"(1) The listed GDPR provisions do not apply to personal data processed for archiving purposes in the public interest to the extent that the application of those provisions would prevent or seriously impair the achievement of those purposes.
(2)For the purposes of this paragraph, the listed GDPR provisions are the following provisions of the GDPR (the rights in which may be derogated from by virtue of Article 89(3) of the GDPR)-
(a) Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers),
(b) Article 16 (right to rectification),
(c) Article 18(1) (restriction of processing),
(d) Article 19 (notification obligation regarding rectification or erasure of personal data or restriction of processing),
(e) Article 20(1) (right to data portability),
(f) Article 21(1) (objections to processing).
(3) The exemption in sub-paragraph (1) is available only where the personal data is processed in accordance with Article 89(1) of the GDPR (as supplemented by section 19)."
DPA Sch 2
ICO guidance
73 3// Exemptions etc from the GDPR: health, social work, education and child abuse data DPA Sch 3
74 3/1/ GDPR provisions to be restricted DPA Sch 3
75 3/2/ Health data DPA Sch 3
76 3/2/2 Definitions DPA Sch 3
77 3/2/3 Exemption from the listed GDPR provisions: data processed by a court DPA Sch 3
ICO guidance
78 3/2/4 Exemption from the listed GDPR provisions: data subject's expectations and wishes DPA Sch 3
ICO guidance
79 3/2/5 Exemption from Article 15 of the GDPR: serious harm DPA Sch 3
ICO guidance
80 3/2/6 Restriction of Article 15 of the GDPR: prior opinion of appropriate health professional DPA Sch 3
ICO guidance
81 3/3/ Social work data DPA Sch 3
82 3/3/7 Definitions DPA Sch 3
83 3/3/9 Exemption from the listed GDPR provisions: data processed by a court DPA Sch 3
ICO guidance
84 3/3/10 Exemption from the listed GDPR provisions: data subject's expectations and wishes DPA Sch 3
ICO guidance
85 3/3/11 Exemption from Article 15 of the GDPR: serious harm DPA Sch 3
ICO guidance
86 3/3/12 Restriction of Article 15 of the GDPR: prior opinion of Principal Reporter DPA Sch 3
ICO guidance
87 3/4/ Education data DPA Sch 3
88 3/4/13 Educational records DPA Sch 3
89 3/4/17 Other definitions DPA Sch 3
90 3/4/18 Exemption from the listed GDPR provisions: data processed by a court DPA Sch 3
ICO guidance
91 3/4/19 Exemption from Article 15 of the GDPR: serious harm DPA Sch 3
ICO guidance
92 3/4/20 Restriction of Article 15 of the GDPR: prior opinion of Principal Reporter DPA Sch 3
ICO guidance
93 3/5/ Child abuse data DPA Sch 3
94 3/5/21 Exemption from Article 15 of the GDPR: child abuse data DPA Sch 3
ICO guidance
95 4// Exemptions etc from the GDPR: disclosure prohibited or restricted by an enactment DPA Sch 4
96 4//1 GDPR provisions to be restricted: "the listed GDPR provisions" DPA Sch 4
97 4//2 Human fertilisation and embryology information DPA Sch 4
ICO guidance
98 4//3 Adoption records and reports DPA Sch 4
ICO guidance
99 4//4 Statements of special educational needs DPA Sch 4
ICO guidance
100 4//5 Parental order records and reports DPA Sch 4
ICO guidance
101 4//6 Information provided by Principal Reporter for children's hearing DPA Sch 4
ICO guidance
Item Reference Sections of the Data Protection Act 2018 which affect Article 15 Link
102 s. 12 Limits on fees that may be charged by controllers
(1) The Secretary of State may by regulations specify limits on the fees that a controller may charge in reliance on—
(a) Article 12(5) of the GDPR (reasonable fees when responding to manifestly unfounded or excessive requests), or
(b) Article 15(3) of the GDPR (reasonable fees for provision of further copies).
(2) The Secretary of State may by regulations—
(a) require controllers of a description specified in the regulations to produce and publish guidance about the fees that they charge in reliance on those provisions, and
(b) specify what the guidance must include.
(3) Regulations under this section are subject to the negative resolution procedure.
DPA s.12
103 s. 13 Obligations of credit reference agencies
(1) This section applies where a controller is a credit reference agency (within the meaning of section 145(8) of the Consumer Credit Act 1974).
(2) The controller’s obligations under Article 15(1) to (3) of the GDPR (confirmation of processing, access to data and safeguards for third country transfers) are taken to apply only to personal data relating to the data subject’s financial standing, unless the data subject has indicated a contrary intention.
(3) Where the controller discloses personal data in pursuance of Article 15(1) to (3) of the GDPR, the disclosure must be accompanied by a statement informing the data subject of the data subject’s rights under section 159 of the Consumer Credit Act 1974 (correction of wrong information).
DPA s.13
104 s. 15 Restrictions on data subject's rights DPA s.15
105 s. 15 Exemptions etc
(1) Schedules 2, 3 and 4 make provision for exemptions from, and restrictions and adaptations of the application of, rules of the GDPR.
(2) In Schedule 2—
(a) Part 1 makes provision adapting or restricting the application of rules contained in Articles 13 to 21 and 34 of the GDPR in specified circumstances, as allowed for by Article 6(3) and Article 23(1) of the GDPR;
(b) Part 2 makes provision restricting the application of rules contained in Articles 13 to 21 and 34 of the GDPR in specified circumstances, as allowed for by Article 23(1) of the GDPR;
(c) Part 3 makes provision restricting the application of Article 15 of the GDPR where this is necessary to protect the rights of others, as allowed for by Article 23(1) of the GDPR;
(d) Part 4 makes provision restricting the application of rules contained in Articles 13 to 15 of the GDPR in specified circumstances, as allowed for by Article 23(1) of the GDPR;
(e) Part 5 makes provision containing exemptions or derogations from Chapters II, III, IV, V and VII of the GDPR for reasons relating to freedom of expression, as allowed for by Article 85(2) of the GDPR;
(f) Part 6 makes provision containing derogations from rights contained in Articles 15, 16, 18, 19, 20 and 21 of the GDPR for scientific or historical research purposes, statistical purposes and archiving purposes, as allowed for by Article 89(2) and (3) of the GDPR.
(3) Schedule 3 makes provision restricting the application of rules contained in Articles 13 to 21 of the GDPR to health, social work, education and child abuse data, as allowed for by Article 23(1) of the GDPR.
(4) Schedule 4 makes provision restricting the application of rules contained in Articles 13 to 21 of the GDPR to information the disclosure of which is prohibited or restricted by an enactment, as allowed for by Article 23(1) of the GDPR.
(5) In connection with the safeguarding of national security and with defence, see Chapter 3 of this Part and the exemption in section 26.
DPA s.15
Item Reference       GDPR Recitals which affect Article 15
106 Recital 63 (63) A data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing. This includes the right for data subjects to have access to data concerning their health, for example the data in their medical records containing information such as diagnoses, examination results, assessments by treating physicians and any treatment or interventions provided. Every data subject should therefore have the right to know and obtain communication in particular with regard to the purposes for which the personal data are processed, where possible the period for which the personal data are processed, the recipients of the personal data, the logic involved in any automatic personal data processing and, at least when based on profiling, the consequences of such processing. Where possible, the controller should be able to provide remote access to a secure system which would provide the data subject with direct access to his or her personal data. That right should not adversely affect the rights or freedoms of others, including trade secrets or intellectual property and in particular the copyright protecting the software. However, the result of those considerations should not be a refusal to provide all information to the data subject. Where the controller processes a large quantity of information concerning the data subject, the controller should be able to request that, before the information is delivered, the data subject specify the information or processing activities to which the request relates.
107 Recital 64 (64) The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers. A controller should not retain personal data for the sole purpose of being able to react to potential requests.
108 Recital 73 (73) Restrictions concerning specific principles and the rights of information, access to and rectification or erasure of personal data, the right to data portability, the right to object, decisions based on profiling, as well as the communication of a personal data breach to a data subject and certain related obligations of the controllers may be imposed by Union or Member State law, as far as necessary and proportionate in a democratic society to safeguard public security, including the protection of human life especially in response to natural or manmade disasters, the prevention, investigation and prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security, or of breaches of ethics for regulated professions, other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, the keeping of public registers kept for reasons of general public interest, further processing of archived personal data to provide specific information related to the political behaviour under former totalitarian state regimes or the protection of the data subject or the rights and freedoms of others, including social protection, public health and humanitarian purposes. Those restrictions should be in accordance with the requirements set out in the Charter and in the European Convention for the Protection of Human Rights and Fundamental Freedoms.
Item Reference       Related Guidance which affects Article 15
109 Article 29 Working Party Guidelines on transparency Guidance
110 ICO guidance on Subject Access Requests Guidance
111 ICO guidance on Individual rights Guidance
112 ICO guidance on Exemptions Guidance
Disclaimer - Copyright - Privacy policy