Data (Use and Access) Act 2025

s.sch003

The Births and Deaths Registration Act 1953 is amended as...

s.sch003

(1) Section 33 (short certificate of birth) is amended as...

s.sch003

In section 33A (short certificate of death), in subsection (2),...

s.sch003

In section 34 (entry in register as evidence of birth...

s.sch003

(1) Section 34A (searches and records of information: additional provision)...

s.sch003

In section 35 (offences relating to registers), in paragraph (b),...

s.sch003

In section 40 (sending and providing notices, information or other...

s.sch003

In section 41 (interpretation), after subsection (3) insert—

s.sch003

Registration Service Act 1953

s.sch003

In section 10 (district register offices), in subsection (1), omit...

s.sch003

In section 12 (provision of register boxes), omit “registrar of...

s.sch003

(1) Section 3A (registration of births of abandoned children) is...

s.sch003

In section 13 (local schemes of organisation), in subsection (2),...

s.sch003

Public Records Act 1958

s.sch003

Social Security Administration Act 1992

s.sch003

Education Act 1996

s.sch003

Adoption and Children Act 2002

s.sch003

Gender Recognition Act 2004

s.sch003

(1) Section 10 (registration) is amended as follows.

s.sch003

In Part 1 of Schedule 3 (registration: England and Wales),...

s.sch003

Presumption of Death Act 2013

s.sch003

(1) Section 13 (registration of name of child or of...

s.sch003

In Part 3 (general), the italic heading before section 25...

s.sch003

(1) Section 29 (correction of errors in registers) is amended...

s.sch003

In section 29A (alternative procedure for certain corrections), in subsection...

s.sch003

(1) Section 30 (searches of indexes kept by Registrar General)...

s.sch003

In section 31 (searches of indexes kept by superintendent registrars),...

s.sch003

For section 32 (searches in registers kept by registrars) substitute—...

s.sch006

The UK GDPR

s.sch006

The 2018 Act

s.sch006

Omit section 14 (automated decision-making authorised by law: safeguards).

s.sch006

In section 43(1)(d) (overview and scope of provisions in Part...

s.sch006

(1) Section 52 (form of provision of information etc) is...

s.sch006

(1) Section 53 (manifestly unfounded or excessive requests by the...

s.sch006

In section 149(2)(b) (enforcement notices)— (a) after “provision of” insert...

s.sch006

In section 157(2)(a) (maximum amount of penalty), for “49,” substitute...

s.sch006

(1) Article 12 (transparent information, communication and modalities for the...

s.sch006

In Article 13(2)(f) (information about automated decision-making to be provided...

s.sch006

In Article 14(2)(g) (information about automated decision-making to be provided...

s.sch006

In Article 15(1)(h) (right of access by the data subject),...

s.sch006

In the heading of Section 4 of Chapter 3, omit...

s.sch006

In Article 23(1) (restrictions), for “provided for in Articles 12...

s.sch006

In Article 47(2)(e) (binding corporate rules), for the words from...

s.sch006

In Article 83(5) (general conditions for imposing administrative fines)—

s.sch007

Introduction

s.sch007

Public interest restrictions

s.sch007

General principles for transfers

s.sch007

Transfers approved by regulations

s.sch007

After that Article insert— Transfers approved by regulations (1) For the purposes of Article 44A, the Secretary of...

s.sch007

Transfers approved by regulations: monitoring

s.sch007

Transfers subject to appropriate safeguards

s.sch007

In the heading of Article 47 (binding corporate rules) at...

s.sch007

After Article 47 insert— Transfers subject to appropriate safeguards: further...

s.sch007

Derogations for specific situations

s.sch008

Introduction

s.sch008

Subsequent transfers

s.sch008

Overview and interpretation

s.sch008

General principles for transfer

s.sch008

Transfers approved by regulations

s.sch008

Transfers approved by regulations: monitoring

s.sch008

Transfers subject to appropriate safeguards

s.sch008

Transfers based on special circumstances

s.sch008

Transfers to particular recipients

s.sch008

(1) Section 77 (conditions for transfers of personal data to...

s.sch009

The UK GDPR

s.sch009

In Article 83(5)(c) (general conditions for imposing administrative fines), for...

s.sch009

The 2018 Act

s.sch009

Omit section 17A (transfers based on adequacy regulations) and the...

s.sch009

Omit section 17B (transfers based on adequacy regulations: review etc)....

s.sch009

Omit section 17C (standard data protection clauses).

s.sch009

Omit section 18 (transfers of personal data to third countries...

s.sch009

In section 24(2) (manual unstructured data held by FOI public...

s.sch009

In section 26(2) (national security and defence exemption), omit paragraph...

s.sch009

In section 75 (transfers on the basis of appropriate safeguards),...

s.sch009

In section 78A (law enforcement processing: national security exemption) (inserted...

s.sch009

In Article 13(1)(f) (information to be provided where personal data...

s.sch009

(1) Section 119A (power of Commissioner to specify standard clauses...

s.sch009

In section 149(2)(e) (enforcement notices), for “44 to 49” substitute...

s.sch009

(1) Section 182 (regulations and consultation) is amended as follows....

s.sch009

In section 205(2)(e) (references to periods of time) omit “and...

s.sch009

In paragraph 26(9)(d) of Schedule 2 (exemptions etc for journalistic,...

s.sch009

(1) Part 3 of Schedule 21 (further transitional provision etc:...

s.sch009

The UK GDPR: transfers approved by regulations

s.sch009

The UK GDPR: transfers subject to appropriate safeguards

s.sch009

The UK GDPR: transfers subject to appropriate safeguards provided by standard data protection clauses

s.sch009

(1) This paragraph applies to a requirement for safeguards to...

s.sch009

In Article 14(1)(f) (information to be provided where personal data...

s.sch009

The UK GDPR: transfers necessary for important reasons of public interest

s.sch009

The UK GDPR: restrictions on transfers of personal data to third countries and international organisations

s.sch009

Part 3 of the 2018 Act (law enforcement processing): transfers approved by regulations

s.sch009

Part 3 of the 2018 Act (law enforcement processing): transfers subject to appropriate safeguards

s.sch009

In Article 15(2) (right of access by the data subject)—...

s.sch009

(1) Article 40 (codes of conduct) is amended as follows....

s.sch009

In Article 42(2) (certification) omit “appropriate” in both places.

s.sch009

In Article 46(2)(d) (transfers subject to appropriate safeguards: standard data...

s.sch009

In Article 57(1) (Commissioner’s tasks)— (a) in point (m) omit...

s.sch009

In Article 58(3) (authorisation and advisory powers of the Commissioner),...

s.sch010

The UK GDPR

s.sch010

(1) Section 44 (information: controller’s general duties) is amended as...

s.sch010

(1) Section 45 (right of access by the data subject)...

s.sch010

In section 45A (exemption from sections 44 and 45: legal...

s.sch010

(1) Section 48 (rights to rectification, to erasure or to...

s.sch010

In section 93(1)(e) (right to information), after “Commissioner”, in the...

s.sch010

In section 94(2)(f) (right of access), after “Commissioner”, in the...

s.sch010

(1) Section 149 (enforcement notices) is amended as follows.

s.sch010

In section 155 (penalty notices), in subsection (1)(a), for “or...

s.sch010

In section 157 (maximum amount of penalty), after subsection (4)...

s.sch010

In section 165 (complaints by data subjects), in the heading,...

s.sch010

In Article 12(4) (transparent information, communication and modalities for the...

s.sch010

(1) Section 166 (orders to progress complaints) is amended as...

s.sch010

(1) Section 187 (representation of data subjects with their authority)...

s.sch010

(1) Article 13(2) (information to be provided where personal data...

s.sch010

(1) Article 14(2) (information to be provided where personal data...

s.sch010

(1) Article 15(1) (right of access by the data subject)...

s.sch010

In Article 47 (binding corporate rules), in paragraph 2(e), for...

s.sch010

(1) Article 80 (representation of data subjects) is amended as...

s.sch010

The 2018 Act

s.sch010

In section 26(2)(f) (national security and defence exemption), omit sub-paragraph...

s.sch011

The UK GDPR

s.sch011

In Article 32(3) (security of processing), for “an element by...

s.sch011

In Article 37(1)(a), after “courts” insert “and tribunals”.

s.sch011

Omit Article 59 (activity reports).

s.sch011

The 2018 Act

s.sch011

In section 3(9) (definition of “the data protection legislation”)—

s.sch011

Omit section 20 (meaning of “court” in Part 2).

s.sch011

In section 94 (data subject’s right of access under Part...

s.sch011

In section 119A(11) (standard clauses for transfers to third countries...

s.sch011

In section 124(5) (data protection and journalism code), in the...

s.sch011

(1) Section 125 (approval of codes of practice prepared by...

s.sch011

(1) Article 4(1) (interpretation) is amended as follows.

s.sch011

In section 139 (reporting to Parliament), omit subsection (2).

s.sch011

In section 161(6) (approval of first guidance about regulatory action),...

s.sch011

In section 170(2)(a) (unlawful obtaining etc of personal data), after...

s.sch011

(1) Section 171 (re-identification of de-identified personal data) is amended...

s.sch011

In section 181 (interpretation of Part 6) omit the definition...

s.sch011

In section 184(4) (prohibition of requirement to produce relevant records),...

s.sch011

In section 192(6) (approval of the Framework), after “any” insert...

s.sch011

In section 206 (index of defined expressions), in the Table,...

s.sch011

(1) Schedule 1 (special categories of personal data and criminal...

s.sch011

(1) Schedule 2 (exemptions etc from the UK GDPR) is...

s.sch011

After Article 4 insert— Periods of time (1) References in this Regulation to a period expressed in...

s.sch011

In paragraph 8(1)(b) of Schedule 8 (conditions for sensitive processing...

s.sch011

In paragraph 2(a) of Schedule 11 (other exemptions under Part...

s.sch011

Victims and Prisoners Act 2024

s.sch011

In Article 9 (processing of special categories of personal data)—...

s.sch011

In Article 12(5) (information etc to be provided free of...

s.sch011

In Article 23(1)(h) (restrictions), for “(a)” substitute “(c)”.

s.sch011

In Article 24(3) (responsibility of the controller), for “an element...

s.sch011

In Article 25(3) (data protection by design and by default),...

s.sch011

In Article 28(5) (processors), for “an element by which to...

s.sch014

Schedule 12A to the Data Protection Act 2018

s.sch014

Transitional provision: first chair

s.sch014

Transitional provision: consultation about non-executive members

s.sch014

Transitional provision: consultation about interim chief executive

s.sch015

Chapter 1 of Part 9 of the Health and Social...

s.sch015

Before section 250 insert— Powers to publish standards .

s.sch015

(1) Section 250 (powers to publish information standards) is amended...

s.sch015

After section 250 insert— Standards relating to information technology (1) An information standard relating to information technology or IT...

s.sch015

(1) Section 251 (information standards: procedure etc) is amended as...

s.sch015

After section 251 insert— Compliance with standards .

s.sch015

For the heading of section 251ZA (information standards: compliance) substitute...

s.sch015

After that section insert— Notice requesting compliance by relevant IT...

s.sch016

The Energy Act 2008 is amended as follows.

s.sch016

In the italic heading before section 88, after “meters” insert...

s.sch016

After section 91 insert— Grant of smart meter communication licences...

s.sch016

In section 104 (subordinate legislation)— (a) in subsection (1), for...

s.sch016

Gas Act 1986

s.sch016

Electricity Act 1989

s.sch016

Electricity and Gas (Competitive Tenders for Smart Meter Communication Licences) Regulations 2012

s.001

Customer data and business data

s.002

Power to make provision in connection with customer data

s.003

Customer data: supplementary

s.004

Power to make provision in connection with business data

s.005

Business data: supplementary

s.006

Decision-makers

s.007

Interface bodies

s.008

Enforcement of regulations under this Part

s.009

Restrictions on powers of investigation etc

s.010

Financial penalties

s.011

Fees

s.012

Levy

s.013

Financial assistance

s.014

The FCA and financial services interfaces

s.015

The FCA and financial services interfaces: supplementary

s.016

The FCA and financial services interfaces: penalties and levies

s.017

The FCA and co-ordination with other regulators

s.018

Liability in damages

s.019

Duty to review regulations

s.020

Restrictions on processing and data protection

s.021

Regulations under this Part: supplementary

s.022

Regulations under this Part: Parliamentary procedure and consultation

s.023

Related subordinate legislation

s.024

Repeal of provisions relating to supply of customer data

s.025

Other defined terms

s.026

Index of defined terms for this Part

s.027

Introductory

s.028

DVS trust framework

s.029

Supplementary codes

s.030

Withdrawal of a supplementary code

s.031

Review of DVS trust framework and supplementary codes

s.032

DVS register

s.033

Registration in the DVS register

s.034

Power to refuse registration in the DVS register

s.035

Registration of additional services

s.036

Supplementary notes

s.037

Addition of services to supplementary notes

s.038

Applications for registration, supplementary notes, etc

s.039

Fees for applications for registration, supplementary notes, etc

s.040

Duty to remove person from the DVS register

s.041

Power to remove person from the DVS register

s.042

Duty to remove services from the DVS register

s.043

Duty to remove supplementary notes from the DVS register

s.044

Duty to remove services from supplementary notes

s.045

Power of public authority to disclose information to registered person

s.046

Information disclosed by the Revenue and Customs

s.047

Information disclosed by the Welsh Revenue Authority

s.048

Information disclosed by Revenue Scotland

s.049

Code of practice about the disclosure of information

s.050

Trust mark for use by registered persons

s.051

Power of Secretary of State to require information

s.052

Arrangements for third party to exercise functions

s.053

Report on the operation of this Part

s.054

Index of defined terms for this Part

s.055

Powers relating to verification of identity or status

s.056

National Underground Asset Register: England and Wales

s.057

Information in relation to apparatus: England and Wales

s.058

National Underground Asset Register: Northern Ireland

s.059

Information in relation to apparatus: Northern Ireland

s.060

Pre-commencement consultation

s.061

Form in which registers of births and deaths are to be kept

s.062

Provision of equipment and facilities by local authorities

s.063

Requirements to sign register

s.064

Treatment of existing registers and records

s.065

Minor and consequential amendments

s.066

The 2018 Act and the UK GDPR

s.067

Meaning of research and statistical purposes

s.068

Consent to processing for the purposes of scientific research

s.069

Consent to law enforcement processing

s.070

Lawfulness of processing

s.071

The purpose limitation

s.072

Processing in reliance on relevant international law

s.073

Elected representatives responding to requests

s.074

Processing of special categories of personal data

s.075

Fees and reasons for responses to data subjects’ requests about law enforcement processing

s.076

Time limits for responding to data subjects’ requests

s.077

Information to be provided to data subjects

s.078

Searches in response to data subjects’ requests

s.079

Data subjects’ rights to information: legal professional privilege exemption

s.080

Automated decision-making

s.081

Data protection by design: children’s higher protection matters

s.082

Logging of law enforcement processing

s.083

General processing and codes of conduct

s.084

Law enforcement processing and codes of conduct

s.085

Transfers of personal data to third countries and international organisations

s.086

Safeguards for processing for research etc purposes

s.087

Section 86: consequential provision

s.088

National security exemption

s.089

Joint processing by intelligence services and competent authorities

s.090

Joint processing: consequential amendments

s.091

Duties of the Commissioner in carrying out functions

s.092

Codes of practice for the processing of personal data

s.093

Codes of practice: panels and impact assessments

s.094

Manifestly unfounded or excessive requests to the Commissioner

s.095

Analysis of performance

s.096

Notices from the Commissioner

s.097

Power of the Commissioner to require documents

s.098

Power of the Commissioner to require a report

s.099

Assessment notices: removal of OFSTED restriction