Retsudvalget 2014-15 (1. samling)
REU Alm.del Bilag 128
Offentligt
To:
From:
Hanne Rasmussen, Danish Parliament
John Woodhouse
Ref:
Home Affairs Section
Date:
x5036
2014/10/138-HAS
21 October 2014
Data protection
You asked the following questions:
How is the oversight/control of public authorities dealing with sensitive
personal data organised in your country?
Very briefly, any handling of personal data has to be in accordance with the
Data Protection
Act 1998.
The 1998 Act is overseen and enforced by the Information Commissioner’s Office
(ICO).
1
The Act requires every organisation that processes personal information to register
with the ICO unless they are exempt. Failure to do so is a criminal offence.
The ICO is sponsored by the Ministry of Justice and reports directly to Parliament.
The 1998 Act and sensitive personal data
Data controllers must adhere to the eight data protection principles set out in
Schedule 1
of
the 1998 Act; further information on the principles is available in a
guide
published by the
ICO. The Act distinguishes between “personal data” (s1) and “sensitive personal data” (s2):
Personal data
means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to
come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the
intentions of the data controller or any other person in respect of the individual.
Sensitive personal data
means personal data consisting of information as to -
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c) his religious beliefs or other beliefs of a similar nature,
1
http://ico.org.uk/about_us
C
ONTRIBUTING TO A WELL INFORMED
D
EMOCRACY