The UK Data Protection Bill received Royal Assent on 23 May and its main provisions will commence on 25 May 2018. The UK Act is not limited to GDPR provisions but also covers national security issues and transposes the EU Law Enforcement Directive.
With regard to GDPR derogations, the age for a child’s consent in relation to information society services will be 13 instead of 16 in the GDPR. Whilst the GDPR does not require organisations to notify to the supervisory authority, the UK Act imposes a notification fee to be paid to the ICO.
Source: UK Data Protection Act receives Royal Assent and enters into force tomorrow – Privacy Laws & Business