The Data Protection Bill 2017 was introduced to the House of Lords on 13 September 2017. The Bill, which is due to come into force in May 2018, will replace the Data Protection Act 1998 and incorporate the General Data Protection Regulation into national law so that the rules continue to apply after the UK has left the European Union.

The aims of the Bill are to:

  • make UK data protection laws fit for the digital age in which an ever increasing amount of data is processed;
  • give individuals greater control over their personal data; and
  • ensure that the UK is prepared for the future after Brexit.

The Department for Digital, Culture, Media and Sport has published the following factsheets explaining various aspects of the Bill:

  • An Overview of the Bill;
  • General Processing;
  • Law Enforcement Processing;
  • National Security Processing; and
  • Information Commissioner and Enforcement.

Under the revised legislation, the maximum penalty for regulatory breaches will increase from £500,000 to £18 million or 4 per cent of the undertaking’s total worldwide turnover in the preceding financial year – whichever is higher.

The text of the Bill and updates on its progress through Parliament can be found at

If you need any help contact us today on 020 8263 6080 or click here for a free initial consultation.