check_circle Done

Society and Culture Society and Culture

Bring forward a new data protection law

Last updated: 09:19am 17 January 2019

Alongside this commission, we will bring forward a new data protection law, fit for our new data age, to ensure the very best standards for the safe, flexible and dynamic use of data and enshrining our global leadership in the ethical and proportionate regulation of data.

Conservative Party Manifesto 2017, p.79

Our verdict

At the point at which the Conservative Party’s manifesto was written, data protection in the UK was regulated by the Data Protection Act 1998. However, this law was considered insufficient to provide adequate protection of personal information in the internet age.

To modernise the regulation of data protection in the UK, the new Data Protection Act (DPA) 2018 was introduced. This goes hand in hand with the General Data Protection Regulation (GDPR) which sets EU-wide standards for the processing of personal data. Moreover, the new DPA covers aspects of data protection which are UK-specific and go beyond the scope of the EU law.

The new DPA received Royal Assent on 23 May 2018. As a consequence, the GDPR will remain enshrined in law after Brexit and UK data protection is now regulated by a new data protection law. Arguments can still be had about whether the DPA ensures the “very best standards” and is “ethical and proportionate”, but a new law was promised and has been delivered – this policy is ‘done’.

Love the detail?

There's always room for debate

We’re serious about providing clear, up-to-date, non-partisan information. We focus on being consistent and fair in how we reach our verdicts, and always explain our reasoning. But there is always room for debate. So if you see it differently, we’d love you to tell us why. Or even better, submit an edit.