On May 23, UKP data protection act completed legislative process.
- Data protection act 2018 (DPA 2018) replaces previous data protection act 1998.
- On May 23, UK's Information Commissioner Denham, welcomed the new statute.
Relationship with EU Law
- The Act sits alongside GDPR, implements the EU Law Enforcement Directive (LED).
- Extend domestic data protection law to areas which are not covered by the GDPR.
- New Act sets out the exemptions and derogations, permitted under the EU GDPR.
- In preparation for Brexit, DPA ensures GDPR's standards are enshrined in UK law.
Key Provisions
- Additional grounds, which permit processing, special categories of personal data.
- Including, for example, for employment, social security or protection, equality of
opportunity or treatment, prevention of fraud, or for certain insurance purposes. - Exemptions from certain GDPR principles, similar to exemptions under DPA 1998.
- E.g. in relation to crimes and taxation, legal proceedings or regulatory functions.
- Extended ICO's enforcement powers, including no notice inspections of premises.
- ICO can require compliance with information, enforcement notices within 24 hrs.
- Power to apply for court order where is failure to comply with information notice.
Effectiveness
- Comes into force partly on May 23, Jul. 23, remainder on a day to be appointed.
- A commencement order brought the main provisions into force on May 25, 2018.