To say the least: the Bill is a long and complex piece of legislation (consisting of seven parts, each sub-divided into chapters with additional 18 schedules). Its scope is also much broader than that of the GDPR. In addition to filling the gaps permitted under the GDPR, the Bill mainly aims at (1) implementing the Law Enforcement Directive into UK law and (2) providing data protection rules for UK intelligence services’ processing activities.

The UK government took the opportunity of the Bill to implement a number of flexibilities and derogations, within the boundaries set out by the GDPR. These include:

  • Children’s consent
  • Processing of special categories of data
  • Processing of personal data relating to criminal convictions and offences
  • Automated individual decision making
  • National security and defence exemption

The Bill is currently being reviewed by the House of Lords. Its date of royal assent cannot be precisely determined at this stage.