The global outlook on data protection—the UK

The global outlook on data protection—the UK

As part of a series on different data protection regimes across the globe and how UK businesses operate within them, we consider the future of the UK data protection regime as it enters uncertain times. Adam Rose, partner at Mishcon de Reya, discusses the effect that Brexit will have on the Data Protection Act 2018 (DPA 2018), and on UK data protection more generally.

What changes did DPA 2018 bring? Why were they necessary?

DPA 2018 did a number of things. The General Data Protection Regulation (EU) 2016/679 (GDPR)—being an EU regulation—became UK law as an automatic matter on 25 May 2018 and the UK need not have done anything further.

Instead, DPA 2018 did the following: In DPA 2018, part 2, a number of provisions in GDPR—which provided that Member States could choose to implement certain optional aspects—were introduced into UK law. For example, whereas GDPR provided that for online services, a ‘child’ could be an under-16-year-old or an under-13-year-old, DPA 2018 went with age 13 as the cut-off. A number of other aspects left to the Member State were also introduced in this part of DPA 2018—most notably, various exemptions are set out in schedules 2, 3, and 4. DPA 2018, part 2 could be seen to supplement GDPR.

DPA 2018, part 2 also sets out what is called the ‘Applied GDPR’—in effect, it repeats GDPR and applies it to situations where GDPR itself does not apply. For instance, where certain activities fall outside of the scope of EU law.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author: