UK General Data Protection Regulation (UK GDPR): The primary data protection legislation in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data in the UK
Data Protection Act 2018 (DPA 2018): The UK's implementation of data protection law, complementing the UK GDPR and addressing areas of data processing not covered by the UK GDPR
Privacy and Electronic Communications Regulations 2003 (PECR): Specific rules for electronic communications, including regulations on cookies, electronic marketing, and privacy in telecommunications
Freedom of Information Act 2000: Legislation governing public access to information held by public authorities, relevant when one party is a public body
Network and Information Systems Regulations 2018: Legislation focusing on cybersecurity requirements and incident reporting for essential services and digital service providers
Computer Misuse Act 1990: Criminal law addressing unauthorized access to computer systems and data, relevant for security obligations in data processing
EU GDPR: European Union's data protection regulation, relevant for data transfers involving EU residents or businesses
ICO Guidelines: Regulatory guidance from the Information Commissioner's Office providing practical interpretation of data protection requirements
EDPB Guidelines: European Data Protection Board guidance documents providing interpretation of data protection requirements, particularly relevant for EU-UK data transfers
Standard Contractual Clauses (SCCs): Standard contract terms approved by regulatory authorities for international data transfers
Financial Services and Markets Act 2000: Sector-specific legislation containing additional requirements for handling financial data and customer information in the financial services sector
Health and Social Care Act 2012: Sector-specific legislation containing additional requirements for handling healthcare data and patient information
