The UK's third generation of data protection law has entered Parliament. The Data Protection Bill was published on 14 September 2017 and aims to modernise data protection laws to ensure they are effective in the years to come.
What is the difference between the DP Bill and the GDPR?
The GDPR has direct effect across all EU member states and has already been passed. This means organisations will still have to comply with this regulation and we will still have to look to the GDPR for most legal obligations. However, the GDPR gives member states limited opportunities to make provisions for how it applies in their country. One element of the DP Bill is the details of these. It is therefore important the GDPR and the Bill are read side by side.
Information about how to get ready for the GDPR can be found on our Data protection reform webpage.
However, the DP Bill is not limited to the UK GDPR provisions.
What else does the Bill cover?
- The Bill has a part dealing with processing that does not fall within EU law, for example, where it is related to immigration. It applies GDPR standards but it has been amended to adjust those that would not work in the national context.
- It also has a part that implements the EU’s Law Enforcement Directive. This is part of the EU’s data protection reform framework and is separate from the GDPR. The Bill has provisions covering those involved in law enforcement processing. The ICO has produced a 12 step guide for preparing for the law enforcement requirements (part 3) of the DP Bill.
- National security is also outside the scope of EU law. The Government has decided that it is important the intelligence services are required to comply with internationally recognised data protection standards, so there are provisions based on Council of Europe Data Protection Convention 108 that apply to them.
- There are also separate parts to cover the ICO and our duties, functions and powers plus the enforcement provisions. The Data Protection Act 1998 is being repealed so it makes the changes necessary to deal with the interaction between FOIA/EIR and the DPA.
The Department for Digital, Culture, Media and Sport has created factsheets explaining more about the Bill.