On September 13, the U.K. government introduced in Parliament the Data Protection Bill. The main aim of the bill is to implement the General Data Protection Regulation (EU) 2016/679 into U.K. domestic law. However, as perhaps reflected in the length and complexity of the bill, it is also intended to do several other things. This post outlines key observations on the structure and content of the bill.
On 7 August 2017, the UK Department for Culture, Media and Sport published its Statement of Intent on a proposed Data Protection Bill, which will replace the current UK Data Protection Act 1998. The Bill is designed to fully implement the two new laws emanating from the EU – the General Data Protection Regulation and the Data Protection Law Enforcement Directive – in an effort to make the UK’s transition out of the EU as smooth as possible from a data protection perspective and to ensure that both commercial and law enforcement data flows ‘remain uninterrupted after the UK’s exit from the EU’.