Book Review: Blackstone's Guide to the Data Protection Act 1998.

• Autor: Leif Gamertsfelder
• Cargo: IT Group. Deacons Graham & James. Brisbane, Australia.

Data protection laws and policies are being either revised or introduced in many developed jurisdictions throughout the world. The European Union leads the world in data protection initiatives by virtue of its issuing the Data Protection Directive (95/46/EC). This Directive required member states to implement legislation modelled on the Directive by 24 October 1998. Carey points out that the "motivation behind the Directive was a desire to promote personal data privacy rights and to harmonise the data protection laws of member states." The United Kingdom chose to comply with the Directive by enacting the Data Protection Act 1998 ("the Act").

Accordingly, Blackstone's Guide to the Data Protection Act 1998 ("the Guide") is a very timely publication as it provides an excellent reference for anyone affected by the new Act, specifically data processors, data controllers or data subjects.1 The Guide will enable these individuals to understand their rights and duties under the new legislation.

The Guide's chapters explore the following themes: the historical background of the Act; rights of individuals in relation to both personal data and sensitive personal data; the 8 data protection principles underpinning the Act; notification obligations of data controllers; exemptions (both permanent and transitional); enforcement; criminal offences; and transitional provisions.

A total of 84 pages are devoted to detailed commentary in these chapters with frequent comparisons to the provisions of the Data Protection Act 1984. This comprehensive discussion provides the reader with the information that is necessary to appreciate the policy and aims of the legislation.

The Guide also includes intelligent suggestions regarding the possible interpretation that may be given to certain provisions of the Act and practical examples of how the substantive provisions may operate in different contexts.2 The remainder of the Guide comprises the full text of the Data Protection Act 1998, including the schedules.

The Guide is not just relevant to data processing in the UK.3 It is also required reading for those individuals involved in data processing outside the United Kingdom and the European Union due to the eighth principle of the Directive,4 which finds expression in the Act. The eighth principle of the Directive provides that personal data shall not:

"be transferred to a country or territory outside the European Economic Area unless that country or territory ensures...