UK GDPR: UK General Data Protection Regulation - Primary legislation governing personal data processing and protection in the UK post-Brexit
Data Protection Act 2018: The UK's implementation of data protection legislation that works alongside and supplements the UK GDPR
PECR 2003: Privacy and Electronic Communications Regulations - Specific rules for electronic communications, marketing, and cookies
Common Law Duty of Confidentiality: Legal obligation to keep personal information confidential when it has been shared in circumstances giving rise to an obligation of confidence
Human Rights Act 1998: Particularly Article 8 which establishes the right to respect for private and family life
Consent Requirements - Freely Given: Consent must be given without coercion or undue influence, with genuine free choice and control
Consent Requirements - Specific: Consent must be granular and clearly specify the exact purpose of data processing
Consent Requirements - Informed: Individual must be informed about what they're consenting to in clear, plain language
Consent Requirements - Unambiguous: Must involve clear affirmative action; silence or pre-ticked boxes are not valid consent
Data Controller Identity: Document must clearly identify who is collecting and processing the personal data
Processing Purpose: Clear explanation of why the personal data is being collected and how it will be used
Data Types: Specification of what types of personal data will be collected and disclosed
Data Recipients: Information about who will receive or have access to the personal data
Retention Periods: Clear information about how long the personal data will be kept
Data Subject Rights: Information about individual's rights regarding their personal data, including access, rectification, and erasure
Withdrawal Rights: Information about the right to withdraw consent and the process for doing so
International Transfers: Details about any international transfers of personal data and associated safeguards
