April/May 2018 (vol. 14/6)

ContentsFeaturesNewsLegal NewsResearch DigestResearch PlusCPD

Back in the GDPR: The General Data Protection Regulation and Data Protection Bill


The EU General Data Protection Regulation comes into force on 25 May 2018 and has significant implications for occupational health practice. OH legal expert Diana Kloss explains.

The European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was agreed in 2016 and will come into force throughout the EU including the UK on 25 May 2018. As a regulation rather than a directive it does not need to be adopted by Member States in domestic legislation. It will automatically repeal the UK Data Protection Act 1998 (DPA). The Regulation does not apply to all data and allows Member States to make their own derogations to a limited extent in some areas. Therefore, a Data Protection Bill is currently proceeding through Parliament and is planned to become law on 25 May 2018.

As it is not yet law any comments about the Bill in this article are based on the current edition, which may eventually be varied.

After Brexit the UK will, in theory, be free to change these laws, but that is unlikely to happen because …

Diana Kloss is a barrister, former part-time employment judge, Acas arbitrator and author.

Author: Kloss D


Occupational Health at Work April/May 2018 (vol. 14/6) pp31-37

Download full article CPD