The UK's third generation of data protection law has entered Parliament. The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come.

What is the difference between the DP Bill and the GDPR?

The GDPR has direct effect across all EU member states and has already been passed. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DP Bill is the details of these. It is therefore important the GDPR and the Bill are read side by side.

Information about how to get ready for the GDPR can be found in our Guide to the GDPR.

However, the DP Bill is not limited to the UK GDPR provisions.

What else does the Bill cover?

  • The Bill has a part dealing with processing that does not fall within EU law, for example, where it is related to immigration. It applies GDPR standards but it has been amended to adjust those that would not work in the national context.
  • It also has a part that transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive complements the General Data Protection Regulation (GDPR) and Part 3 of the Bill sets out the requirements for the processing of personal data for criminal ‘law enforcement purposes’. The ICO has produced a detailed Guide to Law Enforcement Processing in addition to a helpful 12 step guide for quick reference. 
  • National security is also outside the scope of EU law. The Government has decided that it is important the intelligence services are required to comply with internationally recognised data protection standards, so there are provisions based on Council of Europe Data Protection Convention 108 that apply to them.
  • There are also separate parts to cover the ICO and our duties, functions and powers plus the enforcement provisions. The Data Protection Act 1998 is being repealed so it makes the changes necessary to deal with the interaction between FOIA/EIR and the DPA.

What are the ICO views on the Data Protection Bill

As the bill makes its journey through Parliament, the Information Commissioner’s briefings will be published on our website. The briefings will be updated as necessary.
Information about the bill’s progress through Parliament and transcripts of the debates can be found on the Parliament UK website.

Further reading 

The Department for Digital, Culture, Media and Sport has created factsheets explaining more about the Bill.