The Queen’s Speech on 21 June 2017 confirmed the government’s plans for a new data protection law ensuring "that the United Kingdom retains its world-class regime protecting personal data".

The main focus of the Queen’s Speech was Brexit, with ‘Brexit Bills’ dominating the line-up. Among them was the Data Protection Bill intended to replace the existing Data Protection Act 1998. The government described the main purpose of the new bill as making "our data protection framework suitable for our new digital age, allowing citizens to better control their data".

The government had already confirmed that the new General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018, would apply to the UK. As a regulation, the GDPR is directly applicable in the UK while the UK remains a member of the EU. It seems that the purpose of the new UK bill is to incorporate the GDPR into national UK law so that the rules continue to apply in the UK post-Brexit. The bill will also implement the new Directive applying to law enforcement data processing.

The government stated in its written document further detailing its plans that one of the main benefits of the new bill is that it will help put the UK in the best position to maintain its ability to share data with other EU member states and internationally after the UK leaves the EU. In the case of national data protection laws equivalent to the GDPR, the government will presumably seek an "adequacy decision" from the European Commission allowing transfers of personal data to be made to the UK without additional legal protections. It is not yet clear when the government will seek this adequacy decision and whether this will be part of its Brexit negotiations so that the decision is in place at the time of Brexit.

This confirms the need for businesses to continue their preparations for GDPR-level compliance as they will need to maintain these standards in order to comply with the UK legislation after the date of Brexit.