The GDPR will be in force from 25 May 2018, meaning that the UK must comply with its requirements as a European Member State. However, on exiting the European Union, the UK has stated that it will retain European standards in respect of data protection and will incorporate the GDPR into its national legislation. This legislation will also incorporate the provisions of the Policing Directive (which the UK currently opt out of) and also account for national security considerations, which is outside the scope of the GDPR.
The UK Data Protection Bill is currently progressing through Parliament. The various stages, and links to information from each can be viewed here.
The Information Commissioner’s Office has provided briefings during the process. Here can be seen ‘Annex II’, in which the ICO responds to points raised during the Committee Stage scrutiny and emphasises issues that remain of interest or concern. Previous communications from the ICO on this topic can be accessed here.
Other useful information about the Data Protection Bill:
The wording of the Data Protection Bill (HL Bill 66): https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/lbill_2017-20190066_en_1.htm
Data Protection Bill Factsheet: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/644634/2017-09-13_Factsheet01_Bill_overview.pdf