UK General Data Protection Regulation (UK GDPR): The UK's primary data protection legislation that governs the processing of personal data, implementing similar provisions to the EU GDPR but tailored for the UK context.
Data Protection Act 2018 (DPA 2018): The UK's implementation of data protection legislation that complements the UK GDPR and provides additional data protection requirements specific to the UK.
Privacy and Electronic Communications Regulations 2003 (PECR): Regulations governing privacy and electronic communications, including rules on cookies, electronic marketing, and communication services.
Freedom of Information Act 2000: Legislation providing public access to information held by public authorities, relevant when one party to the agreement is a public body.
Network and Information Systems Regulations 2018: Regulations aimed at improving the cybersecurity of networks and information systems critical to UK services.
Common law duty of confidentiality: Legal principle requiring information shared in confidence to be kept confidential, derived from case law rather than statute.
Consumer Rights Act 2015: Legislation protecting consumer rights, relevant when data agreements involve consumer personal data or consumer services.
International data transfer mechanisms: Framework under UK GDPR governing how personal data can be transferred outside the UK while maintaining adequate protection.
UK Adequacy decisions: Determinations by the UK government about which countries provide adequate data protection levels for international transfers.
UK Standard Contractual Clauses: Standard contract terms approved for use in international data transfers from the UK to third countries.
Financial Services and Markets Act 2000: Regulatory framework for financial services, including specific requirements for handling financial data.
Health and Social Care Act 2012: Legislation governing healthcare services and the handling of healthcare data in England and Wales.
