UK New Data Protection Act

On May 23, UKP data protection act completed legislative process.

  • Data protection act 2018 (DPA 2018) replaces previous data protection act 1998.
  • On May 23, UK's Information Commissioner Denham, welcomed the new statute.

Relationship with EU Law

  • The Act sits alongside GDPR, implements the EU Law Enforcement Directive (LED).
  • Extend domestic data protection law to areas which are not covered by the GDPR.
  • New Act sets out the exemptions and derogations, permitted under the EU GDPR.
  • In preparation for Brexit, DPA ensures GDPR's standards are enshrined in UK law.

Key Provisions

  • Additional grounds, which permit processing, special categories of personal data.
  • Including, for example, for employment, social security or protection, equality of
    opportunity or treatment, prevention of fraud, or for certain insurance purposes.
  • Exemptions from certain GDPR principles, similar to exemptions under DPA 1998.
  • E.g. in relation to crimes and taxation, legal proceedings or regulatory functions.
  • Extended ICO's enforcement powers, including no notice inspections of premises.
  • ICO can require compliance with information, enforcement notices within 24 hrs.
  • Power to apply for court order where is failure to comply with information notice.


  • Comes into force partly on May 23, Jul. 23, remainder on a day to be appointed.
  • A commencement order brought the main provisions into force on May 25, 2018.