Legislation
The Data Protection Act 2018 (DPA) received the “Royal Assent“ on 23 May 2018 and has since been the UK’s national privacy act. Link to the official text of the Data Protection Act 2018.
It supersedes the Data Protection Act 1998 and represents a comprehensive law in the field of data-protection. While Part 2 of the DPA fills the so-called “opening clauses” of the GDPR, the other parts of the law regulate the areas not covered by the GDPR:
- Part 3: Processing of personal data by the competent authorities for law-enforcement purposes (implements the Data-Protection Law on Prosecution Directive (Directive (EU) 2016/680)
- Part 4: Processing of personal data by intelligence services.
- Part 5: Provisions on the Information Commissioner of the UK.
- Part 6: Provisions on the enforcement of data-protection rules.
- Part 7: Additional provisions, including provisions on the application of this law to the Crown and the Parliament.
Guidelines of the supervisory authority
Link to the guide of the British data-protection authority ICO (Information Commissioner’s Office) to the GDRP.
Explanatory Notes of the British Data Protection Authority ICO to the DPA as PDF.