The new Data Protection Bill was given its first reading in the House of Lords last week. The Bill will replace the Data Protection Act 1998 (DPA), implement the EU General Data Protection Regulation (GDPR – which applies in all member states from 25 May 2018) and provide continuity of data protection standards in the UK following Brexit.
The Minister of State for Digital, Matt Hancock, said the Bill will "bring our data protection laws up to date" and will also "bring EU law into our domestic law" (link to “A New Data Protection Bill: Our Planned Reforms” is available here) . The Bill’s three main objectives are to:
+ Maintain public trust in how personal data is handled.
+ Ensure uninterrupted data flows between the UK, EU and globally for trade purposes.
+ Maintain the ability to share, receive and protect data for security and law enforcement purposes following Brexit.
In a press release last week (link here), the Minister also announced the Bill would:
+ Set new standards for protecting general data in accordance with the GDPR, giving individuals more control over use of their data and new rights to transfer or erase personal data.
+ Preserve existing exemptions which worked well in the DPA. These include exemptions for journalists, research organisations, financial services firms in relation to money laundering and processing of sensitive and criminal conviction data without consent to allow employers to fulfil employment law obligations.
+ Provide a bespoke framework tailored to the needs of the UK's criminal justice agencies and national security organisations.
The current text of the Data Protection Bill is available at:
We will provide further comments on the Bill and the GDPR in due course.