With the focus of many a blog post and newspaper article on the General Data Protection Regulation, (or GDPR to its friends .. and others), coming into force on 25 May, you would be forgiven for having missed the news that the Data Protection Bill received royal assent on 23 May. Having successfully steered its way through Parliament it officially became the Data Protection Act 2018 (DPA 2018).

The new Act came into force at the same time as the GDPR, ensuring that the UK remains a committed party to the European-led modernisation of data law.

The DPA 2018 has three main purposes that all employers should be aware of:

  1. It incorporates the GDPR into UK law and aims to ensure that the standards set out in the GDPR have effect in the UK by enshrining those standards in UK law;
  2. It repeals the Data Protection Act 1998 as the primary piece of data protection legislation in the UK and replaces it with what the government has described as “a comprehensive and modern framework for data protection in the UK, with stronger sanctions for malpractice”; and
  3. Importantly, it ensures that the UK and EU data protection regimes will continue to be aligned post-Brexit so allowing the UK to continue to be able to freely exchange personal data with the EU.

With the dreaded 25 May 2018 commencement date now a thing of the past, and the GDPR and DPA 2018 in force, we are sure you will be glad to see the back of becoming compliance ready! However, the legislation is here to stay and the way in which personal data is collected and processed is more important than ever. Ongoing work is required to ensure that your business remains GDPR-compliant. Please do contact us if you have any queries and/or require some expert advice.