(1) Subject to subsection (3), a certificate signed by a Minister of the Crown certifying that exemption from all or any of the provisions listed in section 26(2) is, or at any time was, required in relation to any personal data for the purpose of safeguarding national security is conclusive evidence of that fact.
(2) A certificate under subsection (1) -
(a) may identify the personal data to which it applies by means of a general description, and
(b) may be expressed to have prospective effect.
(3) Any person directly affected by a certificate under subsection (1) may appeal to the Tribunal against the certificate.
(4) If, on an appeal under subsection (3), the Tribunal finds that, applying the principles applied by a court on an application for judicial review, the Minister did not have reasonable grounds for issuing a certificate, the Tribunal may -
(a) allow the appeal, and
(b) quash the certificate.
(5) Where, in any proceedings under or by virtue of the UK GDPR or this Act, it is
…