Information since 14 Feb 2025, 5:20 a.m.
Parliamentary Debates |
---|
Renters’ Rights Bill
101 speeches (23,781 words) Tuesday 1st July 2025 - Lords Chamber Ministry of Housing, Communities and Local Government Mentions: 1: Lord Carter of Haslemere (XB - Life peer) I can help the noble Baroness here, because Section 16 of the Data Protection Act—a Henry VIII power, - Link to Speech |
Children’s Wellbeing and Schools Bill
134 speeches (36,783 words) Thursday 19th June 2025 - Lords Chamber Department for Education Mentions: 1: None this section“the data protection legislation” and“processing” have the same meaning as in the Data Protection Act - Link to Speech 2: None this section“the data protection legislation” and“processing” have the same meaning as in the Data Protection Act - Link to Speech |
Mental Health Bill [ Lords ] (Eighth sitting)
66 speeches (17,764 words) Committee stage: 8th sitting Thursday 19th June 2025 - Public Bill Committees Department of Health and Social Care Mentions: 1: Stephen Kinnock (Lab - Aberafan Maesteg) processing, including the sharing of data, is subject to data protection legislation, including the Data Protection Act - Link to Speech 2: None Clause 53 helpfully clarifies that any such data sharing under the Bill is subject to the Data Protection Act - Link to Speech |
Crime and Policing Bill
152 speeches (57,306 words) Report stage Wednesday 18th June 2025 - Commons Chamber Home Office Mentions: 1: Tonia Antoniazzi (Lab - Gower) for in this section.(2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act - Link to Speech 2: Judith Cummins (Lab - Bradford South) for in this section.(2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act - Link to Speech |
Employment Rights Bill
61 speeches (11,905 words) Committee stage part two Wednesday 18th June 2025 - Lords Chamber Department for Business and Trade Mentions: 1: None of the passing of this Act and every 12 months thereafter, subject to the provisions of the Data Protection Act - Link to Speech |
Employment Rights Bill
99 speeches (25,997 words) Committee stage part one Wednesday 18th June 2025 - Lords Chamber Department for Business and Trade Mentions: 1: Baroness Jones of Whitchurch (Lab - Life peer) Legally privileged material and confidential information is already protected under the Data Protection Act - Link to Speech 2: None prosecution or other legal proceedings relating to that abuse.(3) Paragraph 4 of Schedule 2 to the Data Protection Act - Link to Speech 3: Baroness Hamwee (LD - Life peer) surprised, because I have a long history of opposition to paragraph 4 of Schedule 2 to the Data Protection Act - Link to Speech |
Children’s Wellbeing and Schools Bill
33 speeches (11,353 words) Tuesday 17th June 2025 - Lords Chamber Department for Education Mentions: 1: Baroness Blake of Leeds (Lab - Life peer) landlords, who may be natural persons, for breaching the ban on letting fees being charged, and the Data Protection Act - Link to Speech |
Crime and Policing Bill
218 speeches (48,415 words) Report stage Tuesday 17th June 2025 - Commons Chamber Home Office Mentions: 1: None of information in contravention of the data protection legislation within the meaning of the Data Protection Act - Link to Speech |
Human Medicines (Amendments Relating to Hub and Spoke Dispensing etc.) Regulations 2025
18 speeches (4,078 words) Tuesday 17th June 2025 - Grand Committee Department of Health and Social Care Mentions: 1: None that necessary data-sharing between the hub and the spoke must be seen as compliant with the Data Protection Act - Link to Speech |
Select Committee Documents |
---|
Tuesday 1st July 2025
Government Response - Letter from the Parliamentary Secretary for the Cabinet Office relating to the Legislative Reform (Disclosure of Adult Social Care Data) Order 2025, 25 June 2025 Business and Trade Committee Found: under data protection legislation (including the UK General Data Protection Regulation and the Data Protection Act |
Friday 20th June 2025
Report - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill Human Rights (Joint Committee) Found: adequate and effective safeguards against abuse and arbitrariness.112 Further, section 37 of the Data Protection Act |
Written Answers |
---|
NHS: Databases
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, what steps he has taken to ensure that NHS data handled by Palantir Technologies cannot be accessed or processed by non-UK government entities. Answered by Karin Smyth - Minister of State (Department of Health and Social Care) The NHS Federated Data Platform (FDP) has been designed with stringent safeguards to ensure that patient data is protected in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Access to National Health Service health and social care data within the FDP is tightly controlled. Only authorised users are granted access, and solely for approved purposes that demonstrably benefit patient care or NHS operations. Palantir Technologies, as the software provider, operates strictly under the instruction of NHS England. They do not control the data, nor are they permitted to access, use, or share it for any independent purpose. To further strengthen data protection, the FDP incorporates advanced Privacy Enhancing Technology (NHS-PET), which has been procured from a separate supplier to ensure independence and to mitigate any potential conflicts of interest. This technology ensures that data is processed in a secure and privacy-preserving manner. The contract with Palantir Technologies includes robust confidentiality clauses and is governed by a comprehensive oversight framework. This framework includes regular audits, monitoring, and reporting to ensure compliance with legal and ethical standards. Data Protection Impact Assessments have been conducted to assess and mitigate any risks to individual rights and freedoms. It is a contractual requirement that personal data stored in the FDP and NHS-PET cannot be accessed by its provider’s personnel or contractors based outside the United Kingdom. In accordance with GDPR principles of transparency and accountability, NHS England has published details which outline how data is protected, who can access it, and under what conditions. Further information is available at the following link: These measures collectively ensure that NHS data remains under UK jurisdiction and all processing of patient information will be within the UK only. This is a contractual requirement, and one of the key principles of the FDP Information Governance Framework. Data cannot be accessed or processed by non-UK government entities. |
NHS: Databases
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, what assessment he has made of the security implications of awarding NHS data management contracts to (a) Palantir Technologies Inc. and (b) other companies with significant overseas (i) defence and (ii) intelligence clients. Answered by Karin Smyth - Minister of State (Department of Health and Social Care) In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance. The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders. NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP. The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector. |
Health: Data Protection
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, what due diligence steps his Department takes to assess national security risks before awarding public health data contracts to firms with links to (a) foreign intelligence or (b) military operations. Answered by Karin Smyth - Minister of State (Department of Health and Social Care) In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance. The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders. NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP. The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector. |
Palantir: Contracts
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, whether contracts awarded to Palantir Technologies Inc. for NHS data infrastructure permit cross-border data sharing without UK regulatory approval. Answered by Karin Smyth - Minister of State (Department of Health and Social Care) In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance. The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders. NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP. The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector. |
NHS: Databases
Asked by: Martin Wrigley (Liberal Democrat - Newton Abbot) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask the Secretary of State for Health and Social Care, whether his Department has made a cyber risk assessment of the use of Palantir’s software in centralised NHS data platforms. Answered by Karin Smyth - Minister of State (Department of Health and Social Care) In awarding the contract for the NHS Federated Data Platform (FDP), NHS England made an assessment of the cyber risk and the protections offered by each bidder. The FDP has extensive security arrangements in place to manage cyber risk, including:
It is a contractual requirement that personal data stored in the FDP and its associated services (FDP-AS), including the NHS-Privacy Enhancing Technology, cannot be accessed by the provider’s own personnel or contractors from outside the United Kingdom. The FDP-AS contract stipulates that all data must be held within the UK and is subject to UK Data Protection Law, including the UK General Data Protection Regulation.
All FDP data processes and systems need to comply with the Technology Code of Practice, Government Data Standards, the Department’s Guide to good practice for digital and data-driven health technologies, the Data Protection Act 2018, and the UK General Data Protection Regulation, the Information Commissioner's Office’s guidance, and associated regulations, standards, and guidance. The contract was awarded in conformance with public sector procurement law, as required. The National Health Service ran an independent procurement exercise. The choice of preferred supplier was not made by a single person, as it was the result of assessment by many different individuals. NHS England has a duty to treat all suppliers the same regardless of the public perception of any organisation, or the opinions held by any of their shareholders. NHS England cannot exclude any supplier that is lawfully established and able to bid from participating in the procurement. The procurement process received external validation from multiple Government departments, as well as independent evaluations by Infrastructure and Projects Authority reviewers. There were no identified security concerns in relation to the contract awarded for the NHS FDP. The Procurement Act 2023 has introduced new powers to exclude and debar suppliers from public sector contracts if they pose a national security risk. Cabinet Office has established the new National Security Unit for Procurement, which is responsible for investigating suppliers on national security grounds, both within the Government supply chain and for the wider public sector. |
Health Services: Artificial Intelligence
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask His Majesty's Government what assessment they have made of the use of artificial intelligence for note-taking in the NHS. Answered by Baroness Merron - Parliamentary Under-Secretary (Department of Health and Social Care) The Government is committed to supporting and enabling the safe, effective, and ethical deployment and adoption of new technologies for the National Health Service. Ambient voice technologies (AVTs) hold transformative potential for the health and care system as note-taking aides. Their adoption, when used safely and securely, is encouraged to improve both the quality of patient care and operational efficiency. NHS England has published guidance on how digital technologies should be approved for use in the NHS, covering key areas such as implementation, information governance, data, security, privacy, and controls. Additional national guidance has been published explaining how AVT solutions should be selected, deployed, and scaled. These standards are required for any AVT solution to be considered safe, effective, and eligible for NHS adoption.
There are strict safeguards in place throughout the NHS to protect data. All providers of services which handle patient data must protect that data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and every health organisation is required to appoint a Caldicott Guardian to advise on the protection of people’s health and care data, to ensure it is used properly. This includes where artificial intelligence (AI) is used in relation to patient records.
To mitigate the likelihood and severity of any potential harm to individuals arising from the use of data in AI, the Information Commissioners Office has developed detailed AI guidance which provides information on data protection, including Data Protection Impact Assessments and UK GDPR. It has also produced an AI toolkit to support organisations auditing compliance of their AI-based technologies. NHS bodies are expected to make use of this guidance and toolkit, including those using AVTs. |
Health Services: Artificial Intelligence
Asked by: Lord Taylor of Warwick (Non-affiliated - Life peer) Tuesday 1st July 2025 Question to the Department of Health and Social Care: To ask His Majesty's Government whether they plan to develop artificial intelligence note-taking technology for the NHS to safely and securely store patient data. Answered by Baroness Merron - Parliamentary Under-Secretary (Department of Health and Social Care) The Government is committed to supporting and enabling the safe, effective, and ethical deployment and adoption of new technologies for the National Health Service. Ambient voice technologies (AVTs) hold transformative potential for the health and care system as note-taking aides. Their adoption, when used safely and securely, is encouraged to improve both the quality of patient care and operational efficiency. NHS England has published guidance on how digital technologies should be approved for use in the NHS, covering key areas such as implementation, information governance, data, security, privacy, and controls. Additional national guidance has been published explaining how AVT solutions should be selected, deployed, and scaled. These standards are required for any AVT solution to be considered safe, effective, and eligible for NHS adoption.
There are strict safeguards in place throughout the NHS to protect data. All providers of services which handle patient data must protect that data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and every health organisation is required to appoint a Caldicott Guardian to advise on the protection of people’s health and care data, to ensure it is used properly. This includes where artificial intelligence (AI) is used in relation to patient records.
To mitigate the likelihood and severity of any potential harm to individuals arising from the use of data in AI, the Information Commissioners Office has developed detailed AI guidance which provides information on data protection, including Data Protection Impact Assessments and UK GDPR. It has also produced an AI toolkit to support organisations auditing compliance of their AI-based technologies. NHS bodies are expected to make use of this guidance and toolkit, including those using AVTs. |
Personation
Asked by: Claire Hazelgrove (Labour - Filton and Bradley Stoke) Friday 27th June 2025 Question to the Home Office: To ask the Secretary of State for the Home Department, if she will (a) take steps to make identity theft a police-recordable crime and (b) make an assessment of the adequacy of support given to victims of identity theft. Answered by Diana Johnson - Minister of State (Home Office) The act of stealing personal information, and using it for criminal means and gains, is already outlawed. This includes through legislation such as the Fraud Act 2006, Computer Misuse Act 1990 and the Data Protection Act 2018. The most effective way of preventing identity theft is to improve the safety and security of the identity systems we use and empower people to protect themselves from identity theft, particularly online. We have introduced a checklist providing advice and steps on how to prevent the misuse of identities which can be found here:https://data.actionfraud.police.uk/cms/wp-content/uploads/2023/12/Identity-theft-victims-checklist.pdf Further information about staying safe online and to avoid identity theft-enabled fraud can be found at: https://stopthinkfraud.campaign.gov.uk/ |
Department for Culture, Media and Sport: Termination of Employment
Asked by: Peter Bedford (Conservative - Mid Leicestershire) Monday 23rd June 2025 Question to the Department for Digital, Culture, Media & Sport: To ask the Secretary of State for Culture, Media and Sport, how many permanent civil servants in her Department had their contract of employment terminated as a result of poor performance in the (a) 2022-23, (b) 2023-24 and (c) 2024-25 financial years. Answered by Stephanie Peacock - Parliamentary Under Secretary of State (Department for Culture, Media and Sport) From 1st April 2022 - 31st March 2025 there were seven dismissals. Of this total there were less than five poor performance dismissals that occurred between April 2023- March 2024. We are unable to provide the precise number of poor performance dismissals because this would constitute a breach of the Data Protection Act, this is because the information relates to someone other than the data subjects and the risk of individuals becoming identifiable where case numbers are 5 or less.
|
AWE: Databases
Asked by: John Hayes (Conservative - South Holland and The Deepings) Wednesday 18th June 2025 Question to the Ministry of Defence: To ask the Secretary of State for Defence, if he will place in the Library a list of the (a) titles, (b) file names and (c) dates of creation of each document held by the Atomic Weapons Establishment on the Merlin database. Answered by Al Carns - Parliamentary Under-Secretary (Ministry of Defence) (Minister for Veterans) Officials are working at pace to formally transfer the records on the Merlin database to The National Archives (TNA), whilst ensuring that sensitive information is protected in line with the Data Protection Act 2018 and national security requirements. Once transferred, the records will be listed and accessible on TNA’s website. |
Cybersecurity: Training
Asked by: Kevin Bonavia (Labour - Stevenage) Wednesday 18th June 2025 Question to the Department for Science, Innovation & Technology: To ask the Secretary of State for Science, Innovation and Technology, if he will make an assessment of the potential merits of bringing forward legislative proposals to require employers to provide cyber security training, in the context of the recent cyber security incidents in the retail sector. Answered by Feryal Clark - Parliamentary Under Secretary of State (Department for Science, Innovation and Technology) The cyber security of the UK economy is a priority, which is why the government already offers free cyber security training via the National Cyber Security Centre website. This includes the “Top Tips for Staff”, an online, accessible cyber security training package for organisations of all sizes and sectors, and the new Cyber Governance Code of Practice, which includes a training package to help boards and directors manage digital risks in their organisations. More widely, the government offers a range of guidance to help organisations improve their cyber resilience and many of these products recommend staff training. Existing legislation - including the Security of Network & Information Systems Regulations (2018) and the Data Protection Act (2018) - includes recommendations for organisations in scope to provide appropriate training for their staff. This year we will introduce the Cyber Security and Resilience Bill to improve UK cyber defences and better secure our essential services and the IT infrastructure they rely upon. Later this year, the government will publish a new National Cyber Strategy setting out how we will approach the challenges and opportunities of cyber security. |
Parliamentary Research |
---|
Crime and Policing Bill 2024-25: Progress of the bill - CBP-10281
Jun. 09 2025 Found: data 236 DVLA records can be disclosed for non-road traffic offences under schedule 2, Data Protection Act |
Bill Documents |
---|
Jul. 03 2025
Bill 273 2024-25 (as amended in Public Bill Committee) - large print Bus Services (No. 2) Bill [HL] 2024-26 Bill Found: protection legislation”, “personal data” and “processing” have the same meanings as in the Data Protection Act |
Jul. 03 2025
Bill 273 2024-25 (as amended in Public Bill Committee) Bus Services (No. 2) Bill [HL] 2024-26 Bill Found: protection legislation”, “personal data” and “processing” have the same meanings as in the Data Protection Act |
Jun. 26 2025
Bill 274 2024-25 (as introduced) Supply and Appropriation (Main Estimates) (No. 2) Bill 2024-26 Bill Found: recovered or received for work done for other departments, freedom of information receipts, Data Protection Act |
Jun. 26 2025
Bill 274 2024-25 (as introduced) - large print Supply and Appropriation (Main Estimates) (No. 2) Bill 2024-26 Bill Found: recovered or received for work done for other departments, freedom of information receipts, Data Protection Act |
Jun. 25 2025
Bill 272 2024-25 (as amended in Public Bill Committee) - large print Mental Health Bill [HL] 2024-26 Bill Found: legislation). (3) In this section “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 25 2025
Bill 272 2024-25 (as amended in Public Bill Committee) Mental Health Bill [HL] 2024-26 Bill Found: (3) In this section “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 25 2025
HL Bill 114 (as amended in Grand Committee) Public Authorities (Fraud, Error and Recovery) Bill 2024-26 Bill Found: (9) In this section— “data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 24 2025
HL Bill 101-I Marshalled list for Committee Border Security, Asylum and Immigration Bill 2024-26 Amendment Paper Found: following new Clause— “Exemption from UK GDPR: illegal migration and foreign criminals (1) The Data Protection Act |
Jun. 24 2025
HL Bill 113 (as amended in Committee) Employment Rights Bill 2024-26 Bill Found: ) 5 In subsection (3)(a) “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 23 2025
HL Bill 101 Running list of amendments – 23 June 2025 Border Security, Asylum and Immigration Bill 2024-26 Amendment Paper Found: following new Clause— “Exemption from UK GDPR: illegal migration and foreign criminals (1) The Data Protection Act |
Jun. 23 2025
HL Bill 112 Explanatory Notes Terminally Ill Adults (End of Life) Bill 2024-26 Explanatory Notes Found: notes that “the data protection legislation” under this Bill has the same definition as in the Data Protection Act |
Jun. 23 2025
HL Bill 112 (as brought from the Commons) Terminally Ill Adults (End of Life) Bill 2024-26 Bill Found: ). 30(3) In this section “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 20 2025
HL Bill 101 Running list of amendments – 20 June 2025 Border Security, Asylum and Immigration Bill 2024-26 Amendment Paper Found: following new Clause— “Exemption from UK GDPR: illegal migration and foreign criminals (1) The Data Protection Act |
Jun. 20 2025
HL Bill 84-VII Seventh marshalled list for Committee Children’s Wellbeing and Schools Bill 2024-26 Amendment Paper Found: (2) In subsection (1), “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 20 2025
Crime and Policing Bill: Delegated Powers Memorandum Crime and Policing Bill 2024-26 Delegated Powers Memorandum Found: with data protection legislation ( UK General Data Protection Regulation and Part 3 of the Data Protection Act |
Jun. 20 2025
Bill 266 2024-25 (as amended in Public Bill Committee) - large print Football Governance Bill [HL] 2024-26 Bill Found: (8) In this section— 15“the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 20 2025
Bill 266 2024-25 (as amended in Public Bill Committee) Football Governance Bill [HL] 2024-26 Bill Found: General (8) In this section— “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 19 2025
HL Bill 101 Running list of amendments – 19 June 2025 Border Security, Asylum and Immigration Bill 2024-26 Amendment Paper Found: following new Clause— “Exemption from UK GDPR: illegal migration and foreign criminals (1) The Data Protection Act |
Jun. 19 2025
HL Bill 111 (as brought from the Commons) Crime and Policing Bill 2024-26 Bill Found: meaning as in section 104; “data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 19 2025
HL Bill 111(Corrected) (as brought from the Commons) Crime and Policing Bill 2024-26 Bill Found: meaning as in section 104; “data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 19 2025
HL Bill 111 Explanatory Notes Crime and Policing Bill 2024-26 Explanatory Notes Found: by these restrictions provided that the disclosure is compliant with Human Rights Act 1998, Data Protection Act |
Jun. 18 2025
HL Bill 101 Running list of amendments – 18 June 2025 Border Security, Asylum and Immigration Bill 2024-26 Amendment Paper Found: following new Clause— “Exemption from UK GDPR: illegal migration and foreign criminals (1) The Data Protection Act |
Jun. 18 2025
HL Bill 84-VI Sixth marshalled list for Committee Children’s Wellbeing and Schools Bill 2024-26 Amendment Paper Found: section “the data protection legislation” and “processing” have the same meaning as in the Data Protection Act |
Jun. 18 2025
All proceedings up to 18 June 2025 at Report Stage Crime and Policing Bill 2024-26 Bill proceedings: Commons Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 18 2025
Consideration of Bill Amendments as at 18 June 2025 - Large print Crime and Policing Bill 2024-26 Amendment Paper Found: (2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act 2018 ( |
Jun. 18 2025
Consideration of Bill Amendments as at 18 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: (2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act 2018 (“ |
Jun. 17 2025
Consideration of Bill Amendments as at 17 June 2025 - Large print Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 17 2025
Consideration of Bill Amendments as at 17 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 17 2025
Report Stage Proceedings as at 17 June 2025 Crime and Policing Bill 2024-26 Bill proceedings: Commons Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 17 2025
HL Bill 81-X Tenth marshalled list for Committee Employment Rights Bill 2024-26 Amendment Paper Found: (3) Paragraph 4 of Schedule 2 to the Data Protection Act 2018 shall not apply to personal data to |
Jun. 17 2025
Written evidence submitted by Mind (further submission) (MHB36) Mental Health Bill [HL] 2024-26 Written evidence Found: (5)In subsection (4) “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 16 2025
Notices of Amendments as at 16 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 13 2025
HL Bill 84-V Fifth marshalled list for Committee Children’s Wellbeing and Schools Bill 2024-26 Amendment Paper Found: section “the data protection legislation” and “processing” have the same meaning as in the Data Protection Act |
Jun. 13 2025
Notices of Amendments as at 13 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 12 2025
Notices of Amendments as at 12 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 12 2025
HL Bill 81-IX Ninth Marshalled list for Committee Employment Rights Bill 2024-26 Amendment Paper Found: (3) Paragraph 4 of Schedule 2 to the Data Protection Act 2018 shall not apply to personal data to |
Jun. 12 2025
HL Bill 81-IX Corrected Ninth Marshalled list for Committee Employment Rights Bill 2024-26 Amendment Paper Found: (3) Paragraph 4 of Schedule 2 to the Data Protection Act 2018 shall not apply to personal data to |
Jun. 12 2025
HL Bill 110 (as brought from the Commons) Planning and Infrastructure Bill 2024-26 Bill Found: (7) In subsection (6), “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 12 2025
HL Bill 110 Explanatory Notes Planning and Infrastructure Bill 2024-26 Explanatory Notes Found: under section 38A do not authorise the disclosure or use of information that contravenes the Data Protection Act |
Jun. 12 2025
Written evidence submitted by Mind (MHB35) Mental Health Bill [HL] 2024-26 Written evidence Found: (5)In subsection (4) “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 11 2025
Bill 261 2024-25 (as amended in Public Bill Committee) - large print Absent Voting (Elections in Scotland and Wales) Bill 2024-26 Bill Found: In this paragraph— 10 1 “the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 11 2025
Bill 261 2024-25 (as amended in Public Bill Committee) Absent Voting (Elections in Scotland and Wales) Bill 2024-26 Bill Found: (6) In this paragraph— 20“the data protection legislation” has the same meaning as in the Data Protection Act |
Jun. 11 2025
Notices of Amendments as at 11 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: information in contravention of the data protection legislation within the meaning of the Data Protection Act |
Jun. 11 2025
HL Bill 84-IV(Rev) Revised fourth marshalled list for Committee Children’s Wellbeing and Schools Bill 2024-26 Amendment Paper Found: section “the data protection legislation” and “processing” have the same meaning as in the Data Protection Act |
Jun. 10 2025
Notices of Amendments as at 10 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: (2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act 2018 (“ |
Jun. 10 2025
HL Bill 84-IV Fourth marshalled list for Committee Children’s Wellbeing and Schools Bill 2024-26 Amendment Paper Found: section “the data protection legislation” and “processing” have the same meaning as in the Data Protection Act |
Jun. 09 2025
Notices of Amendments as at 9 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: (2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act 2018 (“ |
Jun. 06 2025
Notices of Amendments as at 6 June 2025 Crime and Policing Bill 2024-26 Amendment Paper Found: (2) For the purposes of Article 6(1) of the UK GDPR, section 35 of the Data Protection Act 2018 (“ |
Jun. 06 2025
HL Bill 81-VIII Eighth Marshalled list for Committee Employment Rights Bill 2024-26 Amendment Paper Found: (3) Paragraph 4 of Schedule 2 to the Data Protection Act 2018 shall not apply to personal data to |
APPG Publications |
---|
Modernising Employment APPG Document: Artificial Intelligence in Hiring Found: addressed by other regulations, such as the UK General Data Protection Regulations (UK GDPR) and Data Protection Act |
Department Publications - Guidance |
---|
Thursday 3rd July 2025
Department for Work and Pensions Source Page: Get help with your Universal Credit claim Document: Get help with your Universal Credit claim (webpage) Found: All requests for information will be considered under the Data Protection Act. |
Wednesday 2nd July 2025
Department for Transport Source Page: HS2 site restoration requests Document: (webpage) Found: The Planning Inspectorate is registered under the Data Protection Act, so that we may hold information |
Tuesday 1st July 2025
Department for Environment, Food and Rural Affairs Source Page: Hedgerow survey handbook Document: (PDF) Found: database on contact details of land managers should be established within the constraints of the Data Protection Act |
Monday 30th June 2025
Department of Health and Social Care Source Page: DHSC group accounting manual 2025 to 2026 Document: (PDF) Found: special severance payments conflicting with a legal obligation arising as a result of the Data Protection Act |
Friday 27th June 2025
Department for Science, Innovation & Technology Source Page: Data (Use and Access) Act 2025: data protection and privacy changes Document: Data (Use and Access) Act 2025: data protection and privacy changes (webpage) Found: The DUAA will not replace the UK General Data Protection Regulation (“UK GDPR”), Data Protection Act |
Friday 27th June 2025
Foreign, Commonwealth & Development Office Source Page: UK sanctions guidance for Kyrgyz businesses Document: licence for oil and oil products (PDF, 142 KB) (PDF) Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
Friday 27th June 2025
Foreign, Commonwealth & Development Office Source Page: Nepal mental health support abroad Document: (webpage) Found: Office holds and uses data for purposes notified to the Information Commissioner under the Data Protection Act |
Tuesday 17th June 2025
HM Treasury Source Page: OFSI General Licence INT/2025/6403704 Document: (PDF) Found: third parties only in compliance with the UK General Data Protection Regulation and the UK Data Protection Act |
Tuesday 10th June 2025
Department for Education Source Page: Safe use of generative AI in education: module 3 Document: (PDF) Found: over their personal data under the UK General Data Protection Regulation or UK GDPR and the Data Protection Act |
Tuesday 10th June 2025
Department for Education Source Page: Using AI in education: support for school and college leaders Document: (PDF) Found: Follow legal guidance, such as the Data Protection Act and UK GDPR. |
Friday 6th June 2025
Home Office Source Page: Bulk personal datasets - low or no reasonable expectation of privacy: code of practice Document: (PDF) Found: Services Act 1994 43 The Counter-Terrorism Act 2008 44 The Human Rights Act 1998 44 The Data Protection Act |
Friday 6th June 2025
Home Office Source Page: Third party bulk personal datasets: code of practice Document: (PDF) Found: personal data’ for the purposes of the Act is as defined in section 86(7)(a) to (e)of the Data Protection Act |
Thursday 5th June 2025
Home Office Source Page: Forensic science activities: statutory code of practice - version 2 Document: (PDF) Found: case is concluded. 32.1.4 Material supplied by the initial forensic unit is subject to the Data Protection Act |
Department Publications - Transparency |
---|
Thursday 3rd July 2025
HM Treasury Source Page: National Savings and Investments Annual Report and Accounts 2024 to 2025 Document: (PDF) Found: to customer data, as well as destruction of data, in line with our obligations under the Data Protection Act |
Thursday 3rd July 2025
HM Treasury Source Page: National Savings and Investments Annual Report and Accounts 2024 to 2025 Document: (PDF) Found: to customer data, as well as destruction of data, in line with our obligations under the Data Protection Act |
Wednesday 2nd July 2025
HM Treasury Source Page: Financial Ombudsman Service Annual Report 2024 to 2025 Document: (PDF) Found: and freedom of information (FOI) requests The Financial Ombudsman Service is covered by the Data Protection Act |
Thursday 19th June 2025
Department for Science, Innovation & Technology Source Page: Met Office Framework 2025 Document: (PDF) Found: under the Freedom of Information Act 2000, Environmental Information Regulations 2004 or the Data Protection Act |
Tuesday 17th June 2025
Cabinet Office Source Page: Census 2021: General report for England and Wales Document: (PDF) Found: staff, and suppliers must protect the confidentiality of census data by law, including the: • Data Protection Act |
Tuesday 17th June 2025
Cabinet Office Source Page: Census 2021: General report for England and Wales Document: (PDF) Found: staff, and suppliers must protect the confidentiality of census data by law, including the: • Data Protection Act |
Department Publications - Consultations |
---|
Wednesday 2nd July 2025
Department for Energy Security & Net Zero Source Page: Improving the Energy Efficiency of Socially Rented Homes in England Document: (PDF) Found: Section 8(d) of the Data Protection Act 2018 states that this will include processing of personal data |
Wednesday 25th June 2025
Department for Energy Security & Net Zero Source Page: Climate-related transition plan requirements Document: (PDF) Found: be disclosed in accordance with UK legislation (the Freedom of Information Act 2000, the Data Protection Act |
Monday 9th June 2025
Ministry of Justice Source Page: Regulation of the debt enforcement sector Document: (PDF) Found: to information regimes (these are primarily the Freedom of Information Act 2000 (FOIA), the Data Protection Act |
Department Publications - Policy and Engagement |
---|
Friday 27th June 2025
Department for Science, Innovation & Technology Source Page: Evaluation survey for the Software Security Code of Practice Document: (PDF) Found: as set out in Articles 13 and 14 of UK General Data Protection Regulation (UK GDPR) and the Data Protection Act |
Department Publications - Policy paper |
---|
Tuesday 10th June 2025
Department for Transport Source Page: Transport artificial intelligence action plan Document: (PDF) Found: DfT is also committed to ensuring that its policies and practices comply with the Data Protection Act |
Non-Departmental Publications - Guidance and Regulation |
---|
Jul. 03 2025
UK Visas and Immigration Source Page: Detention centre rule 35 and Short term Holding Facility rule 32 Document: (PDF) Guidance and Regulation Found: health is considered to be special category data under UK data protection law - UKGDPR and Data Protection Act |
Jul. 03 2025
UK Visas and Immigration Source Page: Criminal investigations: indecent and obscene materials Document: (PDF) Guidance and Regulation Found: their obligations under the UK General Data Protection Regulation (UK GDPR) and Part 3 of the Data Protection Act |
Jul. 02 2025
High Speed Two (HS2) Limited Source Page: HS2 site restoration requests Document: (webpage) Guidance and Regulation Found: The Planning Inspectorate is registered under the Data Protection Act, so that we may hold information |
Jul. 01 2025
Defence and Security Accelerator Source Page: Competition: Defence and Security Accelerator (DASA) Open Call for Innovation - CY2025 - Cycle 3 Document: (PDF) Guidance and Regulation Found: In this clause, "data protection legislation" has the same meaning as in the Data Protection Act 2018 |
Jun. 30 2025
Maritime and Coastguard Agency Source Page: Remote Operator Training and Certification Pilot Framework Document: (PDF) Guidance and Regulation Found: safeguarding regulations are complied with. 15.0 GDPR 15.1 TPs must comply with the UK General Data Protection Act |
Jun. 25 2025
UK Space Agency Source Page: Unlocking Space for Business: Call 2 Document: (webpage) Guidance and Regulation Found: commissions or agencies from time to time carrying out functions on its behalf;DPA 2018 means the Data Protection Act |
Jun. 25 2025
Parole Board Source Page: Member Guidance on Prisoners who are Transgender Document: (PDF) Guidance and Regulation Found: Recognition Act 2004 ................................ ................................ .... 11 Data Protection Act |
Jun. 20 2025
HM Revenue & Customs Source Page: Authorising an agent to deal with your tax affairs Document: (PDF) Guidance and Regulation Found: This authorisation covers acts under: • UK General Data Protection Act (UK GDPR) • Data Protection Act |
Jun. 19 2025
Competition and Markets Authority Source Page: How to engage with our civil engineering market study Document: statement of scope (PDF, 372KB) (PDF) Guidance and Regulation Found: accordance with the CMA’s obligations under the UK General Data Protection Regulation and the Data Protection Act |
Jun. 17 2025
Environment Agency Source Page: Reservoir incident and safety: notify the Environment Agency of a potential concern Document: Reservoir incident and safety: notify the Environment Agency of a potential concern (webpage) Guidance and Regulation Found: handle your report in confidence process any information relating to you in accordance with the Data Protection Act |
Jun. 17 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2025/6403704 Document: (PDF) Guidance and Regulation Found: third parties only in compliance with the UK General Data Protection Regulation and the UK Data Protection Act |
Jun. 17 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2025/6397444 Document: (PDF) Guidance and Regulation Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
Jun. 12 2025
Office of Financial Sanctions Implementation Source Page: OFSI General Licence INT/2023/3263556 Document: (PDF) Guidance and Regulation Found: to third parties only in compliance with the UK General Data Protection Regulation and the Data Protection Act |
Jun. 10 2025
Regulator of Social Housing Source Page: New entrants registration forms Document: (webpage) Guidance and Regulation Found: the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Data Protection Act |
Jun. 10 2025
Regulator of Social Housing Source Page: New entrants registration forms Document: (webpage) Guidance and Regulation Found: the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Data Protection Act |
Jun. 09 2025
HM Passport Office Source Page: Data protection: caseworker guidance Document: Data protection: caseworker guidance (webpage) Guidance and Regulation Found: protection: caseworker guidance This guidance tells HM Passport Office staff about the Data Protection Act |
Jun. 05 2025
Forensic Science Regulator Source Page: Forensic science activities: statutory code of practice - version 2 Document: (PDF) Guidance and Regulation Found: case is concluded. 32.1.4 Material supplied by the initial forensic unit is subject to the Data Protection Act |
Non-Departmental Publications - Statistics |
---|
Jun. 25 2025
HM Revenue & Customs Source Page: Environmental Impact of Taxes study Document: (webpage) Statistics Found: awarded this in August 2008.The UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act |
Jun. 25 2025
HM Revenue & Customs Source Page: Environmental Impact of Taxes study Document: (webpage) Statistics Found: awarded this in August 2008.The UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act |
Non-Departmental Publications - Transparency |
---|
Jun. 19 2025
Met Office Source Page: Met Office Framework 2025 Document: (PDF) Transparency Found: under the Freedom of Information Act 2000, Environmental Information Regulations 2004 or the Data Protection Act |
Non-Departmental Publications - News and Communications |
---|
Jun. 19 2025
Competition and Markets Authority Source Page: Civil engineering market study Document: Statement of scope (PDF, 372KB) (PDF) News and Communications Found: accordance with the CMA’s obligations under the UK General Data Protection Regulation and the Data Protection Act |
Non-Departmental Publications - Open consultation |
---|
Jun. 05 2025
Competition and Markets Authority Source Page: Draft rules for digital markets competition regime levy Document: (PDF) Open consultation Found: This legislation is the General Data Protection Regulation 2016 and the Data Protection Act 2018. |
Scottish Committee Publications |
---|
Thursday 29th May 2025
Report - A report by the Delegated Powers and Law Reform Committee of its consideration of the supplementary delegated powers in the Care Reform (Scotland) Bill (Scotland) Bill (as amended at Stage 2). Supplementary Delegated Powers in the Care Reform (Scotland) Bill (as amended at Stage 2) Delegated Powers and Law Reform Committee Found: that any scheme established will operate within devolved competence and be compatible with the Data Protection Act |
Scottish Written Answers |
---|
S6W-37428
Asked by: Balfour, Jeremy (Scottish Conservative and Unionist Party - Lothian) Monday 12th May 2025 Question To ask the Scottish Government whether it has plans to make the Scottish Kept Birds Register publicly searchable, and, if not, for what reason. Answered by Fairlie, Jim - Minister for Agriculture and Connectivity The Scottish Government has no plans to make the Scottish Kept Birds Register publicly searchable. The Scottish Kept Bird Register is a mandatory register for bird keepers in Scotland under the Avian Influenza (Preventive Measures) (Scotland) Amendment Order 2024. It was established to allow Scottish Government and its deliver body, the Animal and Plant Health Agency, to send vital biosecurity information to bird keepers to minimise the risk of the spread of notifiable avian diseases, particularly highly pathogenic avian influenza. The register also supports mandatory surveillance activities during disease outbreaks. The information has also been used to help support public health response in the offer of vaccinations to poultry keepers. In accordance with Data Protection Act 2018 a commitment was made to those registering, in the Scottish Kept Bird Register Privacy Notice, as to how the data collected would be used. This can be summarised as to determine the size and location of the kept bird population in Scotland, for communication and disease control activities during notifiable avian disease outbreaks, and for promoting bird welfare and public health. To make this data public would be in breach of the Data Protection Act of 2018, as the Scottish Government would be unable to control the uses to which the data was being put. The Scottish Government is legally required to make arrangements to ensure that the data collected is retained securely and protected from data breach. This is in common with registers for other animals and livestock across Scotland held by Scottish Government. |
Scottish Parliamentary Debates |
---|
Scottish Public Inquiries (Cost-effectiveness)
283 speeches (148,163 words) Tuesday 27th May 2025 - Committee Mentions: 1: None However, the reality was that the council could not provide that, because of the Data Protection Act - Link to Speech |
Welsh Committee Publications |
---|
Wednesday 25th June 2025
PDF - Letter from the Leader of Cardiff Council to the Chair in relation to the Bus Services (Wales) Bill - 25 June 2025 Inquiry: Bus Services (Wales) Bill Found: SWYDDFA’R ARWEINYDD LEADER'S OFFICE Your information is processed under the Data Protection Act 2018 |
Friday 7th February 2025
PDF - Marshalled List of Amendments - 7 February 2025 Inquiry: Report on the Welsh Language and Education (Wales) Bill Found: ending on 31 August, ( ) “data protection legislation” has the same meaning as in the Data Protection Act |
Wednesday 5th February 2025
PDF - Notice of Amendments (v3) - 5 February 2025 Inquiry: Report on the Welsh Language and Education (Wales) Bill Found: ending on 31 August, ( ) “data protection legislation” has the same meaning as in the Data Protection Act |
Tuesday 21st January 2025
PDF - Welsh Government Response - 21 January 2025 Inquiry: Children on the Margins Found: share information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act |
PDF - Notice of Amendments – 10 March 2023 Inquiry: Report on the Agriculture (Wales) Bill Found: (3) In this section “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - Marshalled list of Amendments – 23 March 2023 Inquiry: Report on the Agriculture (Wales) Bill Found: (3) In this section “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - report Inquiry: Report on the Agriculture (Wales) Bill Found: provisions are compliant with the data protection principles enshrined in the UK GDPR and the Data Protection Act |
PDF - response Inquiry: Report on the Agriculture (Wales) Bill Found: provisions are compliant with the data protection principles enshrined in the UK GDPR and the Data Protection Act |
PDF - Revised Explanatory Memorandum Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: sharing, it is intended that the Commission will be a public authority for the purposes of the Data Protection Act |
PDF - Revised Explanatory Memorandum Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: sharing, it is intended that the Commission will be a public authority for the purposes of the Data Protection Act |
PDF - Letter from the Counsel General and Minister for the Constitution – 10 November 2023 Inquiry: Elections and Elected Found: duty into account) contravene the data protection legislation within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Explanatory Memorandum Inquiry: Elections and Elected Found: duty into account) contravene the data protection legislation within the meaning of the Data Protection Act |
PDF - Explanatory Memorandum Inquiry: Elections and Elected Found: duty into account) contravene the data protection legislation within the meaning of the Data Protection Act |
PDF - Notice of amendments Inquiry: Report on the Welsh Language and Education (Wales) Bill Found: ending on 31 August, ( ) “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - Marshalled List of Amendments Inquiry: Report on the Welsh Language and Education (Wales) Bill Found: ending on 31 August, ( ) “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - responded Inquiry: Hospital discharge and its impact on patient flow through hospitals Found: used in line with the requirements of the UK General Data Protection Regulation (UKGDPR), the Data Protection Act |
PDF - 7 March 2025 Inquiry: The Welsh Government’s Legislative Consent Memorandum on the Data (Use and Access) Bill Found: provided by UK legislation set out in the General Data Protection Regulation (GDPR) and the Data Protection Act |
PDF - Culture, Communications, Welsh Language, Sport, and International Relations Committee Report: The Data Protection and Digital Information (No. 2) Bill Legislative Consent Memoranda No.1 and No.2 - July 2023 Inquiry: The Welsh Government’s Legislative Consent Found: This code must be consistent with the data sharing code prepared and issued under the Data Protection Act |
PDF - report Inquiry: The Welsh Government’s Legislative Consent Found: exemption to the Information Commissioner’s assessment notices powers under section 147(6) of the Data Protection Act |
PDF - wrote Inquiry: The Welsh Government’s Legislative Consent Found: Bill, clause 41 Interview Notices (clause 38 as introduced) inserts new provisions into the Data Protection Act |
PDF - responded Inquiry: The Welsh Government’s Legislative Consent Found: Response: Clause 41 Interview Notices (clause 38 as introduced) inserts new provisions into the Data Protection Act |
PDF - report Inquiry: The Welsh Government’s Legislative Consent Found: The GDPR works in tandem with the UK’s Data Protection Act 2018 (the DPA 2018) to govern the processing |
PDF - responded to the report Inquiry: The Welsh Government’s Legislative Consent Found: currently in place across the EU and the UK (the General Data Protection Regulation (GDPR) and the Data Protection Act |
PDF - Legislative Consent Memorandum Inquiry: The Welsh Government’s Legislative Consent Found: The UK’s Data Protection Act (DPA) 2018 received Royal Assent around the same time, and both pieces |
PDF - 2 January 2025 Inquiry: The Welsh Government’s Legislative Consent Memorandum on the Data (Use and Access) Bill Found: interacts with a wide range of other key legislation: • Births and Deaths Registration Act 1953 • Data Protection Act |
PDF - Supplementary Legislative Consent Memorandum Inquiry: Procurement Bill Found: been included after clause 88 (Data protection), which seeks to give assurances that the Data Protection Act |
PDF - Supplementary Legislative Consent Memorandum Inquiry: The Welsh Government’s Legislative Consent Memoranda Found: UK Government amendments 65 and 66 remove a cross reference to s183A of the Data Protection Act 2018 |
PDF - The Retained EU Law (Revocation and Reform) Act 2023 (Consequential Amendment) Regulations 2023 Inquiry: Report on the Statutory Instrument Consent Memorandum for The Retained EU Law (Revocation and Reform) Act 2023 (Consequential Amendment) Regulations 2023 Found: Economy Act 2017 (c. 30), and was amended by paragraph 135(4) and (5) of Schedule 19(1) to the Data Protection Act |
PDF - Tertiary Education and Research (Wales) Bill, as amended at Stage 3 Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: legislation. 10 (3) In this section, “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - Tertiary Education and Research (Wales) Bill, as passed Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: (3) In this section, “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - Explanatory Memorandum Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: sharing, it is intended that the Commission will be a public authority for the purposes of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill - as amended at Stage 2 Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill - as amended Stage 3 Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill - as passed Inquiry: Elections and Elected Found: the duty into account) contravene the data protection legislation (within the meaning of the Data Protection Act |
PDF - Elections and Elected Bodies (Wales) Bill Inquiry: Elections and Elected Found: duty into account) contravene the data protection legislation 20 (within the meaning of the Data Protection Act |
PDF - Marshalled list of amendments Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: (3) In this section, “data pr otection legislation” has the same meaning as in the Data Protection Act |
PDF - Tertiary Education and Research (Wales) Bill Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: legislation. 10 (3) In this section, “data protection legislation” has the same meaning as in the Data Protection Act |
PDF - Tertiary Education and Research (Wales) Bill Inquiry: Report on the Tertiary Education and Research (Wales) Bill Found: (3) In this section, “data protection legislation” has the same meaning as in the Data Protection Act |
Welsh Government Publications |
---|
Friday 4th July 2025
Source Page: Distribution Sub Group meeting: 4 July 2025 Document: Paper 09 (PDF) Found: Data was supplied via postcodes and handled in accordance with the 1998 Data Protection Act with special |
Thursday 19th June 2025
Source Page: Patterns of attainment in reading and numeracy: September 2018 to August 2024 Document: Patterns of attainment in reading and numeracy: September 2018 to August 2024 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Tuesday 17th June 2025
Source Page: Homelessness and Social Housing Allocation (Wales) Bill: impact assessments Document: Data protection impact assessment (webpage) Found: Section 8 of the Data Protection Act 2018 (“the 2018 Act”) supplements Article 6(1) of the UK GDPR by |
Monday 16th June 2025
Source Page: FOI release 24727: Wales and West Housing Association Document: Doc 1 (PDF) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Monday 16th June 2025
Source Page: FOI release 24727: Wales and West Housing Association Document: Doc 2 (PDF) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Monday 16th June 2025
Source Page: FOI release 24727: Wales and West Housing Association Document: Wales and West Housing Association (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Wednesday 11th June 2025
Source Page: FOI release 24708: Staff policies Document: Doc 1 (PDF) Found: Act 2010 4.2 Gender Recognition Act 2004 4.3 UK General Data Protection Regulation and Data Protection Act |
Wednesday 11th June 2025
Source Page: FOI release 24699: Indian Office Document: Indian Office (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Monday 9th June 2025
Source Page: FOI release 24700: Planning Applications Document: Planning Applications (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Friday 6th June 2025
Source Page: FOI release 24466: Planning inspectors Document: Internal Review (PDF) Found: data protection principles, or (b) would do so if the exemptions in section 24(1) of the Data Protection Act |
Friday 6th June 2025
Source Page: FOI release 24466: Planning inspectors Document: Planning inspectors (PDF) Found: dictated by data protection regulations; General Data Protection Regulations UK (UK GDPR) and Data Protection Act |
Wednesday 4th June 2025
Source Page: FOI release 24689: Brexit Document: Brexit (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 3rd June 2025
Source Page: FOI release 24688: Newtown Bypass Document: Newtown Bypass (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 3rd June 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 23 May 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 23 May 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Tuesday 20th May 2025
Source Page: FOI release 24539: Free School Meals Document: Free School Meals (PDF) Found: Education Act 1996 and that their processing of personal data is in line with UK GDPR and the Data Protection Act |
Monday 19th May 2025
Source Page: Small Grants – Environment (water): general rules booklet 2025 Document: Small Grants – Environment (water): general rules booklet 2025 (webpage) Found: in accordance with the obligations and duties under the Freedom of Information Act 2000, the Data Protection Act |
Monday 19th May 2025
Source Page: FOI release 23214: River Basin Management Plans Document: River Basin Management Plans (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Monday 19th May 2025
Source Page: Rights, respect, equality anti-bullying guidance Document: Rights, respect, equality: statutory guidance for schools and settings (draft) (PDF) Found: protection legislation, such as the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act |
Monday 19th May 2025
Source Page: Development management manual Document: Development management manual (without annexes) (PDF) Found: However, under the Data Protection Act 1998, the addresses and other contact information of private |
Thursday 15th May 2025
Source Page: Commons Act 2006: apply under section 38 Document: Commons Act 2006: apply under section 38 (PDF) Found: Organisation (if applicable) Date You must keep a copy of your completed form Data Protection Act |
Wednesday 14th May 2025
Source Page: Welsh Government’s standard conditions for the supply of services Document: Standard conditions for the supply of services (PDF) Found: this Contract in respect of which such Party is liable to the other; DPA 2018 means the Data Protection Act |
Monday 12th May 2025
Source Page: Partnership arrangements for care and support: guidance Document: Part 9 statutory guidance: partnership arrangements (PDF) Found: other duties, including its duties under the General Data Protection Regulations 2018, the Data Protection Act |
Thursday 8th May 2025
Source Page: Assets Collaboration Programme Wales Phase 3 (ACPW3): grant offer letter Document: Grant offer letter (webpage) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Wednesday 7th May 2025
Source Page: Access Broadband Cymru: sample standard grant letter Document: Access Broadband Cymru: sample standard grant letter (webpage) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Tuesday 6th May 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 25 April 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 25 April 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 28th April 2025
Source Page: Iaith Athrawon Yfory Incentive Scheme: guidance for ITE partnerships from 2023 and 2024 Document: Iaith Athrawon Yfory Incentive Scheme: guidance for ITE partnerships from 2023 and 2024 (webpage) Found: Information Regulations 2004 (the “EIR”) the General Data Protection Regulation (GDPR) and Data Protection Act |
Monday 28th April 2025
Source Page: National multi-agency practice framework for children’s services Document: National multi-agency practice framework for children’s services (webpage) Found: their legal obligations, namely the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act |
Thursday 24th April 2025
Source Page: FOI release 24584: Ceredigion Local Development Plan Document: Doc 1 (PDF) Found: Under the UK GDPR, Data Protection Act 2018 and the Freedom of Information Act 2000 the contents of |
Thursday 24th April 2025
Source Page: FOI release 24584: Ceredigion Local Development Plan Document: Ceredigion Local Development Plan (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 22nd April 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 11 April 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 11 April 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Wednesday 16th April 2025
Source Page: Bus Services (Wales) Bill 2020 (withdrawn): integrated impact assessment Document: Bus Services (Wales) Bill 2020 (withdrawn): integrated impact assessment (PDF) Found: will process personal data, or require another organisation to do so, must comply with the Data Protection Act |
Monday 14th April 2025
Source Page: FOI release 24421: Swansea maternity services Document: Swansea maternity services (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Friday 11th April 2025
Source Page: Standard for digital health identity verification in primary care Document: The NHS Wales digital health identity standard for primary care (NHS login) (PDF) Found: have a legal requirement: • to adhere to the General Data Protection Regulation (GDPR), Data Protection Act |
Thursday 10th April 2025
Source Page: Young people not in education, employment or training (NEET): 2024 Document: Young people not in education, employment or training (NEET): 2024 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Tuesday 8th April 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 28 March 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 28 March 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 7th April 2025
Source Page: FOI release 24503: Godre'r Graig Primary School Document: Doc 2 (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Wednesday 2nd April 2025
Source Page: FOI release 23323: Tertiary Education Document: Tertiary Education (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Friday 28th March 2025
Source Page: FOI release 24464: Hendy Wind Farm Document: Hendy Wind Farm (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Friday 28th March 2025
Source Page: Food Business Accelerator scheme: pre-qualification form Document: Food Business Accelerator scheme: pre-qualification form (PDF) Found: obligations under the Freedom of Information Act 2000, the Environmental information Act 2004, Data Protection Act |
Friday 28th March 2025
Source Page: Welsh Revenue Authority equality report 2025 Document: Welsh Revenue Authority equality report 2025 (webpage) Found: great importance on protecting people’s privacy and their data in full compliance with the Data Protection Act |
Friday 28th March 2025
Source Page: FOI release 24479: Misoprostol Document: Misoprostol (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Thursday 27th March 2025
Source Page: Relative income poverty: April 2023 to March 2024 Document: Relative income poverty: April 2023 to March 2024 (webpage) Found: are presented impartially and objectively and are in accordance with the requirements of the Data Protection Act |
Wednesday 26th March 2025
Source Page: Eliminating profit from the care of looked after children: data protection impact assessment Document: Data protection impact assessment (PDF) Found: In our view the requirements of section 10 of and paragraph 1 of Schedule 1 to the Data Protection Act |
Tuesday 25th March 2025
Source Page: FOI release 24554: Brilliant Basics Grant Document: Brilliant Basics Grant (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 25th March 2025
Source Page: FOI release 24487: Wildlife poisoning Document: Wildlife poisoning (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 25th March 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 14 March 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 14 March 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 17th March 2025
Source Page: Food Business Accelerator scheme (window 2): general rules booklet Document: Food Business Accelerator scheme (window 2): general rules booklet (webpage) Found: obligations under the Freedom of Information Act 2000, the Environmental information Act 2004, Data Protection Act |
Thursday 13th March 2025
Source Page: Participation of young people in education and the labour market: 2022 and 2023 (provisional) Document: Participation of young people in education and the labour market: 2022 and 2023 (provisional) (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Wednesday 12th March 2025
Source Page: FOI release 24353: A470 access road Document: A470 access road (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 11th March 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 28 February 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 28 February 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 10th March 2025
Source Page: Scoping study for mixed attainment teaching practice in schools in Wales: report Document: Scoping study for mixed attainment teaching practice in schools in Wales (PDF) Found: The information you provide will be handled in accordance with the UK Data Protection Act 1998, which |
Thursday 6th March 2025
Source Page: Ffermio Bro - Farming in Designated Landscapes (stage 1): rules booklet Document: Ffermio Bro - Farming in Designated Landscapes (stage 1): rules booklet (webpage) Found: obligations under the Freedom of Information Act 2000, the Environmental Information Act 2004 or the Data Protection Act |
Thursday 6th March 2025
Source Page: FOI release 23347: Grooming Gangs Document: Grooming Gangs (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Thursday 6th March 2025
Source Page: FOI release 23347: Grooming Gangs Document: Doc 3 (PDF) Found: The present study complied with the 2018 Data Protection Act, which allows sensitive study data to be |
Tuesday 4th March 2025
Source Page: Attendance and absence from schools: September 2023 to August 2024 Document: Attendance and absence from schools: September 2023 to August 2024 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Friday 28th February 2025
Source Page: Small Grants – Woodland Creation (windows 7, 8 and 9): rules booklet Document: Small Grants – Woodland Creation (windows 7, 8 and 9): rules booklet (webpage) Found: in accordance with the obligations and duties under the Freedom of Information Act 2000, the Data Protection Act |
Friday 28th February 2025
Source Page: FOI release 23327: Physician associate students Document: Physician associate students (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Friday 28th February 2025
Source Page: Woodland Creation Grant (window 5): rules booklet Document: Woodland Creation Grant (window 5): rules booklet (webpage) Found: in accordance with the obligations and duties under the Freedom of Information Act 2000, the Data Protection Act |
Wednesday 26th February 2025
Source Page: FOI release 23335: Ainon Welsh Baptist Chapel, Treorchy Document: Ainon Welsh Baptist Chapel, Treorchy (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Wednesday 26th February 2025
Source Page: Small Grants – Efficiency (window 4): general rules booklet Document: Small Grants – Efficiency (window 4): general rules booklet (webpage) Found: obligations under the Freedom of Information Act 2000, the Environmental information Act 2004 or the Data Protection Act |
Tuesday 25th February 2025
Source Page: FOI release 23329: Protocols Document: Protocols (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 25th February 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 14 February 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 14 February 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 24th February 2025
Source Page: FOI release 23301: Brilliant Basics Grant for Llansteffan North Carpark Document: Brilliant Basics Grant for Llansteffan North Carpark (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Monday 24th February 2025
Source Page: FOI release 23294: Ty Llwyd Quarry Document: Doc 1 (PDF) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Wednesday 19th February 2025
Source Page: Single Application Form (SAF) 2025: rules booklet Document: Single Application Form (SAF) 2025: rules booklet (PDF) Found: accordance with its obligations and duties under the: • Freedom of Information Act 2000 • The Data Protection Act |
Thursday 13th February 2025
Source Page: FOI release 23265: Tŷ Llwyd Quarry Document: Doc 1 (PDF) Found: Information Act 2000 (the “FOIA”), the Environmental Information Regulations 2004 (the “EIR”), the Data Protection Act |
Wednesday 12th February 2025
Source Page: FOI release 23211: Special Advisers Document: Special Advisers (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Wednesday 12th February 2025
Source Page: FOI release 23253: Cafcass policies Document: Cafcass policies (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 2018 (‘the DPA 2018’) |
Tuesday 11th February 2025
Source Page: Contracting authority onboarding Document: Contracting authority onboarding (webpage) Found: It is a requirement under Article 26 of Data Protection Act 2018 and is quite commonly used in Central |
Tuesday 11th February 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 31 January 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 31 January 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Monday 10th February 2025
Source Page: FOI release 23243: E Harley Street Primary Care Solutions Document: E Harley Street Primary Care Solutions (PDF) Found: ‘Personal data’ is defined in sections 3(2) and (3) of the Data Protection Act 1998 (‘the DPA 2018’) |
Tuesday 28th January 2025
Source Page: Attendance of pupils in maintained schools: 2 September 2024 to 17 January 2025 Document: Attendance of pupils in maintained schools: 2 September 2024 to 17 January 2025 (webpage) Found: personal data underlying these statistics are processed in accordance with the requirements of the Data Protection Act |
Welsh Written Answers | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
WQ96336
Asked by: Gareth Davies (Welsh Conservative Party - Vale of Clwyd) Friday 2nd May 2025 Question What Welsh Government guidance is provided to GP practices regarding charging patients for accessing their medical records? Answered by Cabinet Secretary for Health and Social Care The General Data Protection Regulations and the Data Protection Act 2018 were made by the UK government and apply to the four nations of the UK. GP practices cannot charge patients for reasonable access to their medical record. Guidance for GPs has been issued by the BMA to help practices in understanding their statutory obligations. bma-access-to-health-records-nov-19.pdf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WQ90609
Asked by: Andrew RT Davies (Welsh Conservative Party - South Wales Central) Tuesday 30th January 2024 Question What is the average time taken to respond to FOI requests, broke down by department, over each of the last three years? Answered by First Minister The information for the calendar years 2021, 2022 and 2023 are provided in the tables below. Please note: The statistics relate to the handling of requests for recorded information under the Freedom of Information Act 2000 (FOIA), the Environmental Information Regulations 2004 (EIRs) and the Data Protection Act 2018 (DPA2018) / UK General Data Protection Regulation (UK GDPR). The FOIA and EIRs both require public bodies to normally respond to written requests for information within 20 working days of receipt, with limited exceptions. The FOIA allows for a reasonable extension to the 20 working day deadline when considering a public interest tested exemption and the EIRs allow for an extension of a maximum of a further 20 working days if the request is complex and voluminous. This means that some requests that took over 20 working days to respond would still have been responded to within the statutory deadline.
Requests Received in 2021:
Note: *These requests did not fall under any specific group area and were dealt with centrally by the Information Rights Unit.
Requests Received in 2022: (Note there was an organisational change in April 2022):
Note: *These requests did not fall under any specific group area and were dealt with centrally by the Information Rights Unit.
Requests Received in 2023:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
WQ82325
Asked by: Andrew RT Davies (Welsh Conservative Party - South Wales Central) Friday 26th March 2021 Question Will the Minister detail operating costs, including rent, utilities, staffing and expenses, for each of the Welsh Government’s offices abroad during this current Senedd term to date? Answered by Minister for Finance and Trefnydd Information on the running costs for each international office can be found within the State of the Estate report at the following link https://gov.wales/state-estate-report-2018-to-2019. Data protection legislation requires us to protect personal information being held in relation to individual members of staff, and others, and to ensure that it is only used for the purposes for which it was collected. As there are a small number of staff in each of the offices, disclosure of the total staff costs for each office is likely to allow the actual salaries of each individual to be identified. We believe that releasing this information would be in breach of the Data Protection Act. The figures in the State of the Estate report does not cover the whole of the Senedd term. Therefore, I will write to you shortly with the figures for 2019/20, once the information has been collated. The figures for 2020/21 are not yet available.
|
Welsh Senedd Research |
---|
Generative AI in the public sector
Wednesday 3rd July 2024 www.senedd.wales Welsh Parliament Senedd Research Generative AI – an overview Research Briefing July 2024 The Welsh Parliament is the democratically elected body that represents the interests of Wales and its people. Commonly known as the Senedd,... Found: protects people against discrimination and supports equal employment opportunities; The Data Protection Act |
COVID-19 Register of Experts for Wales horizon scanning survey - Senedd Commission Privacy Notice
Monday 1st February 2021 COVID-19 Register of Experts for Wales horizon scanning survey - Senedd Commission Privacy Notice How your information will be used The Senedd Commission is the data controller of the information you provide, and will ensure it is protected and u... Found: Article 6(1)(e) of the General Data Protection Regulation read together with section 8(d) of the Data Protection Act |
Senedd Commission Privacy Notice – COVID-19 Register of Experts for Wales
Thursday 21st January 2021 Senedd Commission Privacy Notice – COVID-19 Register of Experts for Wales This Privacy Notice sets out how the Senedd Commission’s Research Service (Senedd Research) collects and uses the information you provide The Senedd Commission is the data... Found: 6(1)(e) of the General Data Protection Regulation read together with section 8(d) of the Data Protection Act |
Public Services Ombudsman (Wales) Bill
Monday 11th March 2019 National Assembly for Wales Senedd Research www.assembly.wales/research Public Services Ombudsman (Wales) Bill Bill Summary March 2019 http://www.assembly.wales/research The National Assembly for Wales is the democratically elected body that repr... Found: Other significant amendments seek to include references to the Data Protection Act 2018. |
The Queen’s Speech 2017
Wednesday 5th July 2017 Research Briefing The Queen’s Speech 2017 National Assembly for Wales Research Service Author: Alys Thomas Date: July 2017 The National Assembly for Wales is the democratically elected body that represents the interests of Wales and its people, m... Found: establish a new data protection regime for non-law enforcement data processing, replacing the Data Protection Act |
Landfill Disposals Tax (Wales) Bill
Tuesday 20th June 2017 Research Briefing Landfill Disposals Tax (Wales) Bill National Assembly for Wales Research Service - Bill Summary - Summary of Stage 2 changes - Welsh Glossary The National Assembly for Wales is the democratically elected body that represents the... Found: ruling in relation to the drafting of information sharing provisions and the application of the Data Protection Act |
Welsh Senedd Debates |
---|
5. Member Debate under Standing Order 11.21(iv)—Biometric data in schools
None speech (None words) Wednesday 8th March 2023 - None |
2. Questions to the Counsel General and Minister for the Constitution
None speech (None words) Wednesday 7th December 2022 - None |
Group 19: Information (Amendments 133, 36, 134, 135, 136, 137)
None speech (None words) Thursday 12th May 2022 - None |