​The Data Protection Bill - “Brexit-Proofing” the GDPR

09 October 2017


The UK’s draft Data Protection Bill was laid before Parliament on 13th September 2017. The Bill (subject to amendments) will eventually become the Data Protection Act 2018.

This is another important development in Data Protection law, following on from the EU General Data Protection Regulation (GDPR) which will soon be applicable across the EU.

One of the main purposes of the Bill is to ensure that even after the UK’s divorce from the EU, the substance of the GDPR will continue to apply in UK law. This Bill will provide important continuity and certainty for businesses and organisations who are striving to get ready for the GDPR when it comes into force on 25th May 2018. It will ensure that, even post-Brexit, UK law will continue to provide comparable protections for personal data to those set out in the GDPR. This is crucial, to allow the free transfer of data between the UK and the EU after Brexit.

The GDPR allows Member States discretion in a number of areas, and the Bill provides additional details about how the GDPR framework will be implemented in the UK. For example the GDPR allows Member States to set an age of consent for participating in social networks and similar online services, and the Bill specifies that this will be 13 in the UK.

The Bill also extends the GDPR principles into additional areas which are not covered by the EU Regulation itself. In particular, the Bill addresses data processing in the areas of law enforcement and the intelligence services.

If you would like any further information about how your business can get ready for these important Data Protection law reforms, please do not hesitate to contact a member of our Data Protection team.