UK GDPR: The UK General Data Protection Regulation - the primary data protection legislation in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data
Data Protection Act 2018: The UK's implementation of data protection legislation that works alongside the UK GDPR, providing specific data protection requirements and derogations
PECR 2003: Privacy and Electronic Communications Regulations - specific rules for electronic communications, including rules about cookies, marketing calls, emails and texts
Freedom of Information Act 2000: Legislation providing public access to information held by public authorities, relevant for public sector organizations
Computer Misuse Act 1990: Legislation covering unauthorized access to computer systems and data, relevant for security aspects of data protection
Human Rights Act 1998: Particularly Article 8 which enshrines the right to respect for private and family life, home and correspondence
ICO Guidelines: Regulatory guidance and codes of practice issued by the Information Commissioner's Office, the UK's data protection authority
EDPB Guidelines: European Data Protection Board guidelines which, while not binding post-Brexit, remain influential in UK data protection practice
EU GDPR: The European Union's General Data Protection Regulation, relevant when processing data of EU residents or operating in the EU
International Transfer Requirements: Post-Brexit requirements for transferring personal data between the UK and other countries, including adequacy decisions and appropriate safeguards
Financial Services and Markets Act 2000: Specific regulations for financial services sector handling personal data, including additional security and privacy requirements
Health and Social Care Act 2012: Specific regulations for handling medical and healthcare data, including additional privacy and confidentiality requirements
