This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy



Digital Business Lawyer

Statement of intent published on new UK data protection bill

The Department for Digital, Culture, Media and Sport (‘DCMS’) published, on 7 August 2017, its statement of intent (‘the Statement’) regarding a new data protection bill (‘the Bill’), which will implement the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).

According to the Statement, implementation will be carried out in a way that ‘as far as possible preserves the concepts of the Data Protection Act 1998 to ensure that the transition for all is as smooth as possible, while complying with the GDPR and the Data Protection Directive with respect to Law Enforcement (Directive (EU) 2016/680) in full.’ In particular, the Statement highlights that several provisions of the GDPR will be implemented, including around data breach notification, Data Protection Impact Assessments, appointment of data protection officers and increased powers for the ICO to issue fines of up to £17 million, or 4% of global turnover.

The Statement follows a consultation launched earlier this year on derogations under the GDPR, upon which the DCMS has based a number of the decisions included in the Statement. Specifically, the Statement provides that the GDPR ‘requires some modification to make it work for the benefit of the UK and the Bill will make the necessary changes.’ According to the Statement, the Bill will exercise some of the available derogations in the GDPR to allow for the implementation of government commitments including, the ability to require social media platforms to, on request, delete information held about them at the age of 18. In addition, parental consent will be required for information services where a child is under the age of 13, and exemptions will be introduced with respect to profiling, where suitable measures are put in place to safeguard the individual’s rights, freedoms and legitimate interests.

Search Publication Archives



Our publication archives contain all of our articles, dating back to 1999.
Can’t find what you are looking for?
Try an Advanced Search

Log in to digital business lawyer
Subscribe to digital business lawyer
Register for a Free Trial to digital business lawyer
E-Law Alerts
digital business lawyer Pricing

Social Media

Follow digital business lawyer on Twitterdigital business lawyer on LinkedIndigital business lawyer RSS Feed