History (Brief)

As a member of the European Union, the United Kingdom is obliged to implement European Directives issued by ‘Brussels’.

Directive 95/46/EC of the European Parliament and of the Council was issued on 24 October 1995, “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”. The UK Government was required to implement this Directive which it did in the form of the Data Protection Act 1998. It came into force on 1 March 2000 although some provisions did not commence until October 2007.

It is generally accepted that the Data Protection Act was very badly written and, in places, is dense and hard work to read. It is not a page turner! Sections refer back to other sections which in turn refer back to other sections and exemptions. However, there are only a few parts which are relevant to the data subject. These are featured on this Web Site.

The Directive required that a body be set up to monitor the application of the provisions of the Directive and to be consulted when the Government is drawing up measures or regulations (Article 28 of the Directive). In the UK, we already had the Data Protection Registrar set up by the 1984 Data Protection Act and this was renamed the office of the Data Protection Commissioner. The Freedom of Information Act 2000 changed the name to, ‘The Information Commissioner’ when the Office took over responsibility for this Act.

The EU issued a reulation known as the GDPR (the General Data Protection Regulation) which was incorporated into the Data Protection Act 2018.