United Kingdom: Adopted Data Protection Act 2018 containing data protection regulation provisions

On 23 May 2018, the Data Protection Act was adopted by the British Parliament. The Act implements the EU General Data Protection Regulation (GDPR) in the UK. In particular, the Act requires entities holding and processing personal data to follow "data protection principles". Moreover, sensitive data are protected by additional security requirements. Finally, the Act introduces a variety of data protection rights, including the right to: be informed about when and how data is being used, access personal data, update incorrect data, erase personal data, stop or limit the processing of data, and data portability. The Act will be implemented with the decision of the Secretary of State.