The Data Protection Act 2018 replaces the 1998 act, and
will supplement the major data protection changes which are contained in the
GDPR (General Data Protection Regulation). Importantly, it has the same aim as
the GDPR; to modernise data protection laws to ensure they are effective in the
years to come.
Elizabeth Denham, Information Commissioner, said:
introduction of the Data Protection Bill is welcome as it will put in place one
of the final pieces of much needed data protection reform. Effective, modern
data protection laws with robust safeguards are central to securing the
public's trust and confidence in the use of personal information within the
digital economy, the delivery of public services and the fight against crime. I
will be providing my own input as necessary during the legislative
What is the
difference between The Data Protection Act 2018 and the GDPR?
The GDPR has already passed, and directly affects all EU
member states. It contains the legal obligations for all organisations, however
it does not contain the particulars of how the legislation applies in each
The new Data Protection Act will incorporate the GDPR, to detail these particulars, but also make other provisions, including the
continuation of GDPR post-Brexit.
The DPA 2018 –
What to Expect
The Data Protection Act 2018 aims to address
issue regarding processing, which does not fall under EU law (or the GDPR).
However, it will aim to apply the GDPR standards.
It will set out the requirements for the
processing of personal data for criminal ‘law enforcement purposes’
Also, outside of the scope of the GDPR is
national security, which will be address by the new DPA
The duties of the ICO, their functions, powers
and enforcement provisions will be outlined
Like the GDPR, the Data Protection Act aims to
modernise UK data laws to keep pace with technological changes
The Bill increases the maximum level of fines in
the UK so that it is consistent with the GDPR.