Stage of legislative progress 
Eg. pre-consultation, in consultation

Statement of Intent published: draft legislation to be published in Autumn.

Approach to implementation 
Eg. amendments to existing law, total repeal of old laws

DPA '98 to be repealed. One Act to be implemented covering GDPR (i.e sections where UK must or can introduce domestic legislation for particular situations) and the Law Enforcement Directive. Where possible, derogations, or special rules under the DPA 1998 (for example, special conditions allowing the processing of sensitive personal data) will be carried forward into this new Bill. The new Bill will, therefore, aim to ensure continuity with the current UK regime in key areas, where permitted by GDPR and the LE Directive.

Timescale for implementation 
Eg. pre-consultation, in consultation

Draft legislation to be published September 2017.

Areas where Member States must have local laws:

Personal data and freedom of expression 

Current exemptions in s.32 DPA to be re-enacted.


Two new criminal penalties to be introduced:
1) re-identifying anonymised or pseudonymised data;
2)altering records with intent to avoid response to a subject access request.n/a


Areas where Member States may have local laws:

Professional secrecy 


Scientific, historical or statistical purposes 

Derogations to be introduced as permitted by GDPR; additional current conditions for processing sensitive personal data for research purposes to be re-enacted.

Employment context 


Personal data of deceased persons 


Children online (in relation to the offering of information society services)


Special rules for special categories of data

Current additional conditions (ie secondary legislation under Schedule 3 DPA) to be re-enacted. UK approach of permitting processing of criminal offence data where a condition for processing sensitive personal data can be met to be re-enacted.

Genetic, biometric or health data


Designation of a Data Protection Officer


National identification numbers/any other identifier of general application





Any other areas under discussion
Derogation for automated decision taking to be implement (examples given are financial services related).