Implementing two systems this month and the subject of Exemptions arises. AXLR8 have tacit permission to copy the exemptions from another authority and put them in our model system along with standard documents, bank holidays and IR Types for their jurisdiction.
One client kept looking a “gift horse in the mouth” when I provided the list from a neighbouring authority.
The problem was Section 29 exemptions. I had copied them from a very competent source. He said they are out of date. So, I copied and pasted the exemptions from three other in neighbouring authorities then took a look at three more. They all listed exemptions from the old 1998 Data Protection Act Section 29. On May 2018, those were replaced.
Cheat sheet
Eventually, I looked in Dudley MBC’s system and their elite IG team had them right.
- DPA – Sch 2, Part 1, 2(1)(a) prevention/detection of crime
- DPA – Sch 2, Part 1, 2(1)(b) apprehension/prosecution offenders
- DPA – Sch 2, Part 1, 2(1)(c) assessment/collection tax or duty
- DPA – Sch 2, Part 3, 16 (1) Protection of the rights of others
- DPA – Sch 2, Part 2, 7 Functions designed to protect the public etc (see table in Act)
- DPA – Sch 2, Part 4, 24 Confidential References
- DPA – Sch 2, Part 4, 22 Management Forecasts/Planning
- DPA – Sch 2, Part 4, 23 Negotiations
- DPA – Sch 2, Part 4, 19 Legal Professional Privilege
- DPA – Sch 3, Part 2, 3(1) Health data processed by a court
- DPA – Sch 3, Part 2, 5(1) Health serious harm
- DPA – Sch 3, Part 3, 9(1) Social Worker Data Processed by a court
- DPA – Sch 3, Part 3, 11 Social Work serious harm
- DPA – Sch 3, Part 3, 44 (4) controller’s general duties
My client still did not trust them until he had checked them all in detail.
I have now dropped a line to a couple of clients to ask their views. Every day is a schoolday!
