UK

Statement of Intent published: draft legislation to be published in Autumn.

DPA '98 to be repealed. One Act to be implemented covering GDPR (i.e sections where UK must or can introduce domestic legislation for particular situations) and the Law Enforcement Directive. Where possible, derogations, or special rules under the DPA 1998 (for example, special conditions allowing the processing of sensitive personal data) will be carried forward into this new Bill. The new Bill will, therefore, aim to ensure continuity with the current UK regime in key areas, where permitted by GDPR and the LE Directive.

Draft legislation to be published September 2017.

Areas where Member States must have local laws:

Current exemptions in s.32 DPA to be re-enacted.

Two new criminal penalties to be introduced:
1) re-identifying anonymised or pseudonymised data;
2)altering records with intent to avoid response to a subject access request.n/a

Areas where Member States may have local laws:

n/a

Derogations to be introduced as permitted by GDPR; additional current conditions for processing sensitive personal data for research purposes to be re-enacted.

n/a

n/a

13

Current additional conditions (ie secondary legislation under Schedule 3 DPA) to be re-enacted. UK approach of permitting processing of criminal offence data where a condition for processing sensitive personal data can be met to be re-enacted.

n/a

n/a

n/a

Other: