UK GDPR: UK General Data Protection Regulation - The primary data protection legislation in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data
DPA 2018: Data Protection Act 2018 - The UK's implementation of data protection legislation that works alongside and supplements the UK GDPR
PECR 2003: Privacy and Electronic Communications Regulations 2003 - Specific rules for electronic communications, including rules about cookies, marketing calls, emails and texts
ICO Guidelines: Information Commissioner's Office Guidelines and Codes of Practice - Official guidance and interpretations of data protection requirements from the UK's data protection authority
EDPB Guidelines: European Data Protection Board Guidelines - While not binding post-Brexit, these guidelines remain influential in UK data protection practice and interpretation
Consumer Rights Act 2015: Legislation ensuring fairness and transparency in consumer contracts and privacy notices, affecting how privacy information must be presented to data subjects
Employment Law Requirements: Specific considerations for processing employee personal data, including additional obligations under employment law
Sector-Specific Regulations: Additional regulatory requirements that may apply depending on the industry sector (e.g., financial services, healthcare)
International Transfer Requirements: Post-Brexit requirements for transferring personal data outside the UK, including adequacy decisions and appropriate safeguards
Age-Appropriate Design: Special requirements when processing children's personal data, including the ICO's Age Appropriate Design Code
