The Data Protection Act 2018

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • The Data Protection Act 2018
  • Background
  • Extra-territorial reach of the DPA 2018
  • The impact of the DPA 2018 on general processing
  • Lawful basis for processing—public tasks
  • Children’s consent in relation to information society services
  • What is an information society service?
  • Age limit for consent in relation to an ISS
  • Specific provisions in the DPA 2018 regarding children’s consent in Scotland
  • Processing special categories of personal data
  • More...

The Data Protection Act 2018

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018. As first enacted it introduced four distinct data protection regimes into UK data protection law, covering the processing of personal data:

  1. within the scope of the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR)—assisting and supplementing the adoption of the EU GDPR into UK law by providing permitted national derogations/exceptions to the requirements of the EU GDPR

  2. outside the scope of the EU GDPR—applying EU GDPR standards to additional areas of processing not covered by the EU GDPR and EU law, such as the processing of unstructured manual files by public authorities, this regime was known as the ‘applied GDPR’

  3. by competent authorities for law enforcement purposes—implementing the Data Protection Law Enforcement Directive, Directive (EU) 2016/680 (DPLED) into UK law and extending standards to other law enforcement processing not covered by the DPLED

  4. by the intelligence services—based on the standards of the modernised version of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108)

At the same time, the DPA 2018 repealed the preceding Data Protection Act 1998 (DPA 1998), redefined the role of the Information Commissioner, increased the maximum level of fines in the UK so that they were consistent with the EU GDPR

Popular documents