UK GDPR: The UK General Data Protection Regulation - the primary legislation governing personal data processing in the UK post-Brexit, setting out principles for data protection and privacy
Data Protection Act 2018: The UK's implementation of data protection laws, complementing and working alongside the UK GDPR, providing specific data protection requirements and derogations
NIS Regulations 2018: Network and Information Systems Regulations governing cybersecurity requirements for essential services and digital service providers
PECR: Privacy and Electronic Communications Regulations 2003 governing electronic communications, including rules on cookies, marketing, and privacy in telecommunications
Financial Services and Markets Act 2000: Key legislation for financial services sector, including requirements for data handling and outsourcing in financial institutions
FCA Regulations: Financial Conduct Authority regulations providing specific requirements for financial services firms, including operational resilience and outsourcing arrangements
EU GDPR Compliance: Consideration of EU General Data Protection Regulation requirements when dealing with EU resident data subjects or cross-border data transfers
International Data Transfer Requirements: Rules and requirements governing the transfer of personal data outside the UK, including adequacy decisions and appropriate safeguards
Contract Law Principles: Common law principles governing contract formation, interpretation, and enforcement under English and Welsh law
Confidentiality Obligations: Common law and statutory requirements regarding confidentiality and protection of sensitive information
ISO 27001: International standard for information security management, often required in data outsourcing arrangements
ICO Guidance: Guidelines and recommendations from the Information Commissioner's Office on data protection and privacy compliance
EDPB Guidelines: European Data Protection Board guidelines providing interpretation and guidance on data protection requirements
Cybersecurity Requirements: Technical and organizational measures required to ensure security of processed data, including breach notification obligations
