Government introduces Data Protection Bill in House of Lords

The Data Protection Bill was introduced into the House of Lords on 13 September 2017. It will replace the Data Protection Act 1998 and implement the EU General Data Protection Regulation (GDPR).

The Bill differs from the GDPR in that it covers, in addition to processing of personal data to which the GDPR applies, also law enforcement data and national security data.

According to the government factsheet, the Bill will include exemptions for:

• Processing of personal data by journalists for freedom of expression, and to expose wrongdoing, is to be safeguarded
• Scientific and historical research organisations, such as museums and universities, will be exempt from certain obligations which would impair their core functions
• National bodies responsible for the fight against doping in sport will continue to be able to process data to catch drug cheats
• In the financial services sector, the pricing of risk, or data processing done on suspicion of terrorist financing or money laundering will be protected
• Where it is justified, the Bill will allow the processing of sensitive and criminal conviction data without consent, including to allow employers to fulfil obligations of employment law.

Information Commissioner Elizabeth Denham said:
“The introduction of the Data Protection Bill is welcome as it will put in place one of the final pieces of much needed data protection reform. Effective, modern data protection laws with robust safeguards are central to securing the public's trust and confidence in the use of personal information within the digital economy, the delivery of public services and the fight against crime. I will be providing my own input as necessary during the legislative process."

See the Bill at

and an overview of the Bill at