From 25 May 2018, this Act ceased to apply to the processing of personal data (within the meaning of this Act) other than the processing of such data for the purposes of safeguarding the security of the State, the defence of the State or the international relations of the State, or the processing of such data under the Criminal Justice (Forensic Evidence and DNA Database System) Act 2014 or the Vehicle Registration Data (Automated Searching and Exchange) Act 2018 to the extent that this Act is applied in those Acts but is still applicable to complaints made under s. 10 and contraventions of this Act that occurred before 25 May 2018, see s. 8 of the Data Protection Act 2018 (No. 7).
(1) Personal data processed by a data processor shall not be disclosed by him, or by an employee or agent of his, without the prior authority of the data controller on behalf of whom the data are processed.
(2) A person who knowingly contravenes subsection (1) of this section shall be guilty of an offence.