C1Part V Enforcement
41AF1Assessment notices
1
The Commissioner may serve a data controller within subsection (2) with a notice (in this Act referred to as an “assessment notice”) for the purpose of enabling the Commissioner to determine whether the data controller has complied or is complying with the data protection principles.
2
A data controller is within this subsection if the data controller is—
a
a government department,
b
a public authority designated for the purposes of this section by an order made by the Secretary of State, or
c
a person of a description designated for the purposes of this section by such an order.
3
An assessment notice is a notice which requires the data controller to do all or any of the following—
a
permit the Commissioner to enter any specified premises;
b
direct the Commissioner to any documents on the premises that are of a specified description;
c
assist the Commissioner to view any information of a specified description that is capable of being viewed using equipment on the premises;
d
comply with any request from the Commissioner for—
i
a copy of any of the documents to which the Commissioner is directed;
ii
a copy (in such form as may be requested) of any of the information which the Commissioner is assisted to view;
e
direct the Commissioner to any equipment or other material on the premises which is of a specified description;
f
permit the Commissioner to inspect or examine any of the documents, information, equipment or material to which the Commissioner is directed or which the Commissioner is assisted to view;
g
permit the Commissioner to observe the processing of any personal data that takes place on the premises;
h
make available for interview by the Commissioner a specified number of persons of a specified description who process personal data on behalf of the data controller (or such number as are willing to be interviewed).
4
In subsection (3) references to the Commissioner include references to the Commissioner's officers and staff.
5
An assessment notice must, in relation to each requirement imposed by the notice, specify—
a
the time at which the requirement is to be complied with, or
b
the period during which the requirement is to be complied with.
6
An assessment notice must also contain particulars of the rights of appeal conferred by section 48.
7
The Commissioner may cancel an assessment notice by written notice to the data controller on whom it was served.
8
Where a public authority has been designated by an order under subsection (2)(b) the Secretary of State must reconsider, at intervals of no greater than 5 years, whether it continues to be appropriate for the authority to be designated.
9
The Secretary of State may not make an order under subsection (2)(c) which designates a description of persons unless—
a
the Commissioner has made a recommendation that the description be designated, and
b
the Secretary of State has consulted—
i
such persons as appear to the Secretary of State to represent the interests of those that meet the description;
ii
such other persons as the Secretary of State considers appropriate.
10
The Secretary of State may not make an order under subsection (2)(c), and the Commissioner may not make a recommendation under subsection (9)(a), unless the Secretary of State or (as the case may be) the Commissioner is satisfied that it is necessary for the description of persons in question to be designated having regard to—
a
the nature and quantity of data under the control of such persons, and
b
any damage or distress which may be caused by a contravention by such persons of the data protection principles.
11
Where a description of persons has been designated by an order under subsection (2)(c) the Secretary of State must reconsider, at intervals of no greater than 5 years, whether it continues to be necessary for the description to be designated having regard to the matters mentioned in subsection (10).
12
In this section—
“public authority” includes any body, office-holder or other person in respect of which—
- a
an order may be made under section 4 or 5 of the Freedom of Information Act 2000, or
- b
an order may be made under section 4 or 5 of the Freedom of Information (Scotland) Act 2002;
- a
“specified” means specified in an assessment notice.
Pt. V applied (with modifications) (1.3.2000) by S.I. 1999/2093, reg. 36(1), Sch. 4
Pt. V applied (with modifications) (1.3.2000) by S.I. 2000/190, art. 5(2)