(b)shall not process the personal data referred to in sub-paragraph (a) above—
(i)to a greater extent than is necessary for the purpose of issuing or maintaining that certificate, or
(ii)to a greater extent than is necessary for any other purpose to which the data subject has explicitly consented,
(2) The obligation to comply with paragraph (1) above shall be a duty owed to any data subject who may be affected by a contravention of paragraph (1).
(3) Where a duty is owed by virtue of paragraph (2) above to any data subject, any breach of that duty which causes that data subject to sustain loss or damage shall be actionable by him.
(5) Paragraph (4) above shall not prejudice any right that a data subject may have by virtue of paragraph (3) above to bring civil proceedings for the contravention or apprehended contravention of paragraph (1) above.
(6) Paragraph (1) above applies to a certification-service-provider in respect of personal data only if the certification-service-provider is established in the United Kingdom and the personal data are processed in the context of that establishment.
(7) For the purposes of paragraph (6) above, each of the following is to be treated as established in the United Kingdom—
(a)an individual who is ordinarily resident in the United Kingdom,
(b)a body incorporated under the law of, or in any part of, the United Kingdom,
(c)a partnership or other unincorporated association formed under the law of any part of the United Kingdom, and
(d)any person who does not fall within sub-paragraph (a), (b) or (c) above but maintains in the United Kingdom—
(i)an office, branch or agency through which he carries on any activity, or
(ii)a regular practice.
(8) In this regulation—
“obtain” shall bear the same interpretation as “obtaining” in section 1(2) of the Data Protection Act 1998.
- No Data Protection in Outer Space! (itsecurityexpert.co.uk)
- EC steps up pressure on UK to strengthen data protection (computeractive.co.uk)
- Estate agents warned to take care of Data Protection obligations (theRatandMouse.co.uk)
- Data protection policy and your business [Iain Mackintosh] (ecademy.com)