GDPR and UK Data Protection
For clarity, and to stop spawn of discussion on the facts:
1) Current EE Data Protection DIRECTIVE (1995) is implemented in UK via UK Data Protection (1998)
2) New EU General Data Protection REGULATION applies to all EU (and EEA) countries, directly, from May 25th this year.
3) UK, after Brexit, is planning to continue to 'apply' GDPR requirements via the UK Data Protection Bill currently doing the approval rounds. This Bill will cover areas where GDPR allows member states to choose their own rules (i.e. Security, Defence etc) AND where states can implement GDPR flexibly (such as age of children, 13 versus 16 etc).
4) When it comes to personal data used for marketing rules, EU Privacy DIRECTIVE is implemented in UK via Privacy & Electronic Communications Regulation (PECR) (2003).
5) EU is planning to update ePrivacy DIRECTIVE to be a new EU ePrivacy REGUALTION later this year.
You may all wake up now.