Will GDPR replace the Data Protection Act?

The current Data Protection Act (DPA) came into force in 1998, and since that point, technology has made huge leaps forward, becoming an integral part of our daily lives. Data capture is standard practice, and with everyone from your hairdresser to a myriad of retailers holding some kind of personal information on you, the DPA no longer covers enough digital ground to offer the right level of protection.

If GDPR wasn’t tricky enough to get your head around, the question ‘will GDPR replace the Data Protection Act?’ is not actually as straightforward as it may seem; the answer is both ‘yes’ and ‘no’.

In 2017, the government published the first draft of the Data Protection Bill (due to launch on the 25th May alongside GDPR) and technically, it is this, which will replace the DPA. The DPA deals exclusively with data protection for the UK (as will the Data Protection Bill), whilst the GDPR is designed to raise standards and introduce a consistent approach to dta protection across the EU      

What’s the point of the Data Protection Bill?

There are a couple of reasons why we need the Data Protection Bill:

1.  It covers the areas of the GDPR that are left up to the individual EU          member states to decide
2. When Brexit finally comes about, there will be terminology used in parts of the GDPR, which no longer applies to the UK
3. It offers some consistency and maintains the same standards as the GDPR, making it easier to continue trading

Why do we need both?

1. The Data Protection Bill works alongside the GDPR. It references sections of the GDPR, but doesn’t replicate them, so you need to cross reference
2. The Bill contains legislation that is specific to the UK
3. Any country outside of the EU must have equivalent data protection standards in order to trade with EU states. The Data Protection Bill will uphold the standards introduced by the GDPR

Do I still need to worry about GDPR?

Absolutely, and here’s why:

1.  Until Brexit finally takes place we are still a member of the EU and subject to the penalties for failing to comply
2.  The rules of the GDPR must be adhered to in order to process the data of anybody from an EU member country, even if they live in the UK
3.  The Data Protection Bill purposely works the rules of the GDPR into UK law along with the allowed variations. The general gist is essentially the same, with the intention of keeping things consistent pre, and post Brexit

Get the full guide to GDPR

Have more questions about GDPR you're struggling to find the answers for? Our GDPR guide explains in plain English what the new regulation means for your business and answers some of the most frequently asked questions.