UK Data Protection Act 2018: Primary UK legislation governing how personal information must be handled, complementing and tailoring the UK GDPR within domestic law
UK General Data Protection Regulation (UK GDPR): Post-Brexit data protection regulation that sets out key principles for processing personal data in the UK
Computer Misuse Act 1990: Legislation that criminalizes unauthorized access to computer systems and data interference
Privacy and Electronic Communications Regulations (PECR) 2003: Specific rules for electronic communications, including requirements for security and confidentiality of services
Network and Information Systems Regulations 2018: Legislation aimed at improving cybersecurity for critical national infrastructure and essential services
ISO 27001: International standard for information security management systems, providing framework for policies and procedures
ISO 31000: International standard providing principles and guidelines for effective risk management
NIST Cybersecurity Framework: Voluntary guidance for organizations to better manage and reduce cybersecurity risk
PCI DSS: Payment Card Industry Data Security Standard - security standards for organizations handling credit card data
ICO Guidelines: Regulatory guidance from the Information Commissioner's Office on data protection and information security
Companies Act 2006: Primary legislation governing company operations, including aspects of corporate governance and record-keeping
Human Rights Act 1998: Legislation incorporating privacy rights and other fundamental human rights into UK law
Common Law Duties of Confidentiality: Legal obligations arising from case law regarding the protection of confidential information
EU GDPR: European Union data protection regulation that may apply to UK organizations handling EU residents' data
International Data Transfer Requirements: Regulations governing the transfer of personal data across international borders, including adequacy decisions and appropriate safeguards
