UK GDPR: The UK General Data Protection Regulation - the primary data protection legislation in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data in the UK
Data Protection Act 2018: The UK's implementation of data protection legislation that works alongside and supplements the UK GDPR, providing additional local requirements and specifications
PECR 2003: Privacy and Electronic Communications Regulations - specific rules for electronic communications, including rules about cookies, email marketing and telephone calls
Freedom of Information Act 2000: Legislation providing public access to information held by public authorities, which may interact with privacy obligations
Consumer Rights Act 2015: Main consumer rights legislation that may impact privacy policies, particularly regarding transparency and fairness in consumer contracts
E-Commerce Regulations 2002: Electronic Commerce (EC Directive) Regulations governing online business activities including requirements for information provision to customers
ICO Guidelines: Information Commissioner's Office guidance and codes of practice providing authoritative interpretation of data protection requirements in the UK
EDPB Guidelines: European Data Protection Board guidelines which, while not binding post-Brexit, remain influential in UK data protection practice
EU GDPR: European Union General Data Protection Regulation - relevant when dealing with EU residents or data subjects, requiring compliance for cross-border activities
International Transfer Requirements: Specific rules and requirements governing the transfer of personal data outside the UK, including adequacy decisions and appropriate safeguards
