The Data Protection Act 2018 replaces the 1998 act, and will supplement the major data protection changes which are contained in the GDPR (General Data Protection Regulation). Importantly, it has the same aim as the GDPR; to modernise data protection laws to ensure they are effective in the years to come.


Elizabeth Denham, Information Commissioner, said:

"The introduction of the Data Protection Bill is welcome as it will put in place one of the final pieces of much needed data protection reform. Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."


What is the difference between The Data Protection Act 2018 and the GDPR?

The GDPR has already passed, and directly affects all EU member states. It contains the legal obligations for all organisations, however it does not contain the particulars of how the legislation applies in each member country.

The new Data Protection Act will incorporate the GDPR, to detail these particulars, but also make other provisions, including the continuation of GDPR post-Brexit.


The DPA 2018 – What to Expect

·         The Data Protection Act 2018 aims to address issue regarding processing, which does not fall under EU law (or the GDPR). However, it will aim to apply the GDPR standards.

·         It will set out the requirements for the processing of personal data for criminal ‘law enforcement purposes’

·         Also, outside of the scope of the GDPR is national security, which will be address by the new DPA

·         The duties of the ICO, their functions, powers and enforcement provisions will be outlined

·         Like the GDPR, the Data Protection Act aims to modernise UK data laws to keep pace with technological changes

·         The Bill increases the maximum level of fines in the UK so that it is consistent with the GDPR.