The Government has today published its detailed plans for the eagerly-awaited UK Data Protection Bill (the Bill). The Bill intends to implement into UK law the entirety of the General Data Protection Regulation (the GDPR), due to take effect in all EU Member States as of 25 May 2018, and sets out the UK’s derogations permitted under the GDPR.
The Bill is not for the fainthearted. Rather than producing a consolidated version of the GDPR incorporating the UK’s derogations, the Bill and the GDPR have to be read side by side, also with reference to more than 100 pages of “Explanatory Notes”.
Interestingly, the Bill reserves the right for the UK to depart from parts of the GDPR where derogations are not actually permitted. And, unlike the promise to implement the “GDPR in full”, the explanatory notes to the Bill takes a more measured approach, stating that the “The Bill and GDPR apply substantively the same standards to the majority of data processing in the UK.” Will this really be a “full” implementation?
Detailed analysis on the Bill will follow shortly, and we will of course keep a close watch on the Bill’s progress through the UK parliamentary process. In the meantime, you can read the Bill in full here and the Explanatory Notes here.