As data protection practitioners begin to digest the new Data Protection Bill (the "Bill"), published today, an immediate area for concern is the interplay between the Data Protection Bill, once passed, and the directly applicable General Data Protection Regulation ("GDPR") itself, during the period of overlap between May 2018 and the eventual passing of the Great Repeal Bill which is timetabled to come into force some time before March 2019. This represents a period during which both domestic data protection legislation and European legislation will be effective in the UK and although the Bill seeks to implement the GDPR, it also includes exemptions and derogations which are intended to make the GDPR provisions work better in the UK.
Here's a list of the key derogations in the Bill published by the Department of Digital, Culture Media & Sport:
While the GDPR specifically gives national authorities the option to derogate in various instances, this will inevitably create discrepancies and tensions, as it did historically in relation to the Data Protection Act 1998's derogations from the EU Data Protection Directive. While in the long term, these tensions may be resolved during Brexit negotiations, we do not know how these issues will be dealt with in the interim, or indeed if there will be any legacy European involvement in the oversight of domestic data protection legislation post-divorce.
We will provide further updates on the interplay between the Bill and the GDPR throughout the passage of the Bill through Parliament and after both regimes come into force.
Data protection webinar: privacy considerations for workplace monitoring
Assessing the impact of the Clearview AI decision - how clear is the future of the UK’s AI data protection law?
Key takeaways from the Ashfords x FinTech West: Future of Payments roundtable
We produce a range of insights and publications to help keep our clients up-to-date with legal and sector developments.
Sign up