Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

UK Government Releases Statement of Intent on Proposed Data Protection Bill

By Victoria Hordern & Paul Maynard on August 11, 2017
Email this postTweet this postLike this postShare this post on LinkedIn

On 7 August 2017, the UK Department for Culture, Media and Sport (DCMS) published its Statement of Intent on a proposed Data Protection Bill, which will replace the current UK Data Protection Act 1998 (DPA).

The proposals set out in the Statement of Intent are intended to reassure businesses concerned about the impact of Brexit on data flows between the UK and the rest of Europe. The Bill is designed to fully implement the two new laws emanating from the EU – the General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) –  in an effort to make the UK’s transition out of the EU as smooth as possible from a data protection perspective and to ensure that both commercial and law enforcement data flows ‘remain uninterrupted after the UK’s exit from the EU’. While this is not an explicit statement that the UK hopes to receive a finding of adequacy from the European Commission after Brexit, such an outcome remains a distinct possibility.

The Bill also means that UK law will closely mirror all key aspects found in the GDPR, from enhanced rights for individuals to increased accountability for controllers. Further, the Statement of Intent provides information on how the UK will exercise its discretion under certain sections of the GDPR where derogations apply; for example, in relation to the age at which children are able to give consent (without parental consent also being required) and to restrictions on rights and obligations where necessary to protect the public interest.

In all, the Statement of Intent appears to be designed to ensure that processing that is lawful under the DPA remains lawful under the Bill (e.g. that private companies will continue to be able to lawfully process personal data relating to criminal convictions for purposes such as pre-employment checking and fraud prevention) while also complying with the GDPR and DPLED. While the text of the Data Protection Bill has not yet been released, and it may be some time before it becomes law in the UK, the Statement of Intent reiterates that the GDPR will become part of UK law, and that companies need to think about being ready for it as soon as possible.

Elizabeth Campion, in our London office, contributed to this post.

Photo of Victoria Hordern Victoria Hordern
Read more about Victoria HordernEmail
  • Posted in:
    Privacy and Cybersecurity
  • Blog:
    HL Chronicle of Data Protection
  • Organization:
    Hogan Lovells

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo