GDPR to be incorporated in new UK Data Protection Bill

The British Government has completeded the Data Protection Bill that aims to align the country’s data protection regime with the soon to be introduced European Union General Data Protection Regulation (GDPR).

This will allow UK citizens to have more control over their private personal information and impose harsher penalties on the companies that breach the laws. The Bill is part of the multi-billion National Cyber Security Strategy.

The GDPR penalty regime that applies a maximum fine of up to €20 million or 4% of total global annual revenue is one of the clauses included in the bill. This Bill repeals the Data Protection Act 1998 when it becomes active. When the United Kingdom departs the European Union, GDPR will already be integrated into law by EU withdrawal bill. This means that firms will be obligated to adhere with GDPR when handling United Kingdom citizens’ data.

Apart from enacting the EU legislation, the bill also affects the law enforcement and national security agencies. It brings in key changes for employers to handle sensitive personal data like sexual orientation, religious beliefs, union membership, political opinion, health data, and information regarding on ethnic origin. As with GDPR, the new UK Bill obliges data processors to gather clear consent before processing sensitive personal data. Employers must handle sensitive personal data in line with GDPR obligations or exercise rights in employment law if a policy document satisfies additional requirements. This will also be the case with processing criminal conviction information.

Employers will not release information to employees when responding to subject access requests (SARs) for various categories of information such as that covered by legal professional privilege, information management planning, information regarding employer’s wishes during negotiations with the employee and confidential references given but not those received. The new bill includes the European Union data protection regulation and is was formulated to ensure that the United Kingdom maintains and protects the privacy of its citizens.

Link copied to clipboard
Photo of author

Posted by

Emma Taylor

Emma Taylor is the contributing editor of Defensorum. Emma started on Defensorum as a news writer in 2017 and was promoted to editor in 2022. Emma has written and edited several hundred articles related to IT security and has developed a deep understanding of the sector. You can follow Emma on and contact Emma at