Does the Data Protection Bill change anything? | DMA

Filter By

Show All

Connect to


Does the Data Protection Bill change anything?


The Data Protection Bill was published yesterday. It will implement the General Data Protection Regulation (GDPR) into UK law.

It will replace the UK’s existing Data Protection Act 1998 and will be the overarching legal framework governing the use of personal data.

The Bill does not deviate substantially from the GDPR but does refine some of the definitions for a UK context.

Derogations in the GDPR allow for member states to vary the law and the Data Protection Bill will implement the UK’s stance. For example, the UK has opted for age 13 as the age of consent for data processing. The GDPR permitted member states to vary the age between 13 and 16.

Furthermore, the Information Commissioner’s Office (ICO) will continue to be the data protection authority for the UK and with responsibility for enforcing the new law.

It will allow the ICO to levy higher administrative fines on data controllers and processors for the most serious data breaches, up to £17m (€20m) or 4% of global turnover for the most serious breaches, as per the GDPR.

The Bill also implements the Law Enforcement Directive and it covers the processing of personal data for the purposes of crime prevention, and the free movement of such data.

Under the new Directive, everyone’s personal data must be processed lawfully, fairly, and only for a specific purpose, linked to the activities surrounding crime prevention and detection.

The fact that the Bill does not diverge greatly from the GDPR is a positive for UK marketers as it will smooth the Brexit process.

Retaining the GDPR after Brexit should help the UK secure transitional agreement to secure UK-EU data flows, which currently take place without restriction.

Maintaining the free flow in data is equally in the interests of European companies that exchange personal data with UK-based organisations.

The Bill began in the House of Lords at the start of the legislative process. Before it can be passed and become an Act of Parliament the Bill will need to be debated and possibly amended by both the House of Lords and the House of Commons.

The 2nd reading of the legislation will take place in the House of Lords on the 10 October. The DMA will monitor debates for any substantial amendments suggested by peers or Members of Parliament.

You can monitor the Bill’s progress through Parliament here.

Buy your ticket to Data Protection 2017.

Hear more from the DMA

Please login to comment.