Data Protection Act 2018
Amendment of National Shared Services Office Act 2017
232. The National Shared Services Office Act 2017 is amended—
(a) in section 2, by the insertion of the following definition:
“ ‘Data Protection Regulation’ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 201654 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).”,
(b) in section 9(2)(a)(iv), by the substitution of “processing (within the meaning of the Data Protection Regulation) personal data (also within the meaning of that Regulation)” for “processing (within the meaning of the Data Protection Act 1988) personal data (also within the meaning of that Act)”, and
(c) in section 35—
(i) in subsection (1)—
(I) by the substitution of “Notwithstanding anything contained in any enactment, but subject to the Data Protection Regulation and the Data Protection Act 2018” for “Notwithstanding anything contained in the Data Protection Acts 1988 and 2003”, and
(II) by the substitution of “controller” for “data controller” in each place it occurs,
(ii) in subsection (3), by the substitution of “controller” for “data controller”, and
(iii) in subsection (4)—
(I) by the substitution of the following definition for the definition of “data controller”:
“ ‘controller’ has the same meaning as it has in the Data Protection Regulation;”,
and
(II) by the deletion of the definition of “data subject”.