NMWM16110 - Disclosure of information: Data Protection Act 1998

Relevant legislation

The legislation that applies to this page is as follows:

• Data Protection Act 1998

General

In addition to the Commissioners for Revenue and Customs Act 2005 (NMWM16030), there are other, more general pieces of legislation which impact on the way we use and disclose information, such as the Data Protection Act and the UK GDPR.

The Data Protection Act covers the use of personal data and is intended to protect the privacy of individuals. The requirements of the Data Protection Act are contained within eight fundamental principles (‘the 8 Principles’) and these set out requirements for the way that personal data must be handled.

The Data Protection Act covers the ‘processing’ of personal data and in this context, processing covers most of the things that HM Revenue & Customs (NMWM02030) does with data including collection, storage, alteration, disclosure and deletion.

The Data Protection Act also defines what constitutes personal data. Most of the information HM Revenue & Customs processes about individuals falls within the scope of the Act but some data that is held manually is not necessarily personal data within the meaning of the Data Protection Act.

Information which does not relate to an individual, for example company information or partnership information is not personal data. But where a business is operated as a sole proprietorship, information about the affairs of the business will be personal data (NMWM16120).

Requests for information under the Data Protection Act can only be met in specific circumstances (NMWM16130) taking into account certain issues relevant to HM Revenue & Customs’ disclosures (NMWM16120).