Following its Second Reading in the House of Lords, on 22 November 2017 the draft Data Protection Bill (the “Bill”) passed the Committee Stage and will next be considered at the Report Stage on 11 December 2017. The Bill was initially published on 14 September and once finalised it will repeal the current Data Protection Act 1998 (the “DPA”). The Bill implements various national derogations permitted by the GDPR and also extends the GDPR standards to certain areas of data processing outside EU competence. The Bill also provides for the continuation of the Information Commissioner’s role.The Bill will therefore stand alongside the GDPR until the UK leaves the EU. At that point, if the UK is no longer part of the EEA as currently envisaged, the GDPR will fall away but the UK Government intends to replicate the regulation in national legislation through the European Union (Withdrawal) Bill – the so-called “Great Repeal Bill”.

The Bill imports much of the DPA and therefore contains few surprises for businesses, but it does at least confirm for the first time the Government’s intention to retain many of the DPA derogations and exemptions, which is welcome news.

To access the draft Bill please click here.

To access the explanatory notes please click here.

Miriam Everett
Miriam Everett
Head of Data Protection and Privacy, London
+44 20 7466 2378
Nick Pantlin
Nick Pantlin
Partner, Head of TMT, Sourcing and Data, London
+44 20 7466 2570
Andrew Moir
Andrew Moir
Partner, Global Head of Cyber Security, London
+44 20 7466 2773
Claire Wiseman
Claire Wiseman
Senior Associate and Professional Support Lawyer, TMT, Sourcing and Data, London
+44 20 7466 2384