UK GDPR: The UK General Data Protection Regulation - Primary legislation governing data protection in the UK post-Brexit, setting out fundamental principles for personal data processing
Data Protection Act 2018: The UK's implementation of data protection legislation that works alongside and supplements the UK GDPR, providing specific data protection requirements for UK organizations
PECR 2003: Privacy and Electronic Communications Regulations - Specific rules for electronic communications, including rules on marketing, cookies, and electronic communications privacy
Freedom of Information Act 2000: Legislation providing public access to information held by public authorities, relevant for public sector organizations' privacy notices
Human Rights Act 1998: Incorporates Article 8 (Right to Privacy) of the European Convention on Human Rights into UK law, providing fundamental privacy rights
Consumer Rights Act 2015: Relevant for consumer-facing businesses, affecting how personal data is handled in consumer transactions and services
ICO Guidelines: Regulatory guidance from the Information Commissioner's Office providing practical interpretation and implementation advice for data protection laws
EDPB Guidelines: European Data Protection Board guidelines which, while not binding post-Brexit, remain influential in UK data protection practices
Transparency Requirements: Articles 13 & 14 of UK GDPR requiring clear communication about data processing activities to data subjects
Data Subject Rights: Articles 15-22 of UK GDPR outlining individual rights including access, rectification, erasure, and data portability
Lawful Processing Bases: Article 6 of UK GDPR defining the legal bases organizations must have for processing personal data
Special Category Processing: Article 9 of UK GDPR covering additional requirements for processing sensitive personal data such as health information or biometric data
International Transfers: Requirements for transferring personal data outside the UK, including adequate safeguards and transfer mechanisms
Data Retention: Principles governing how long personal data should be kept and requirements for disposal
Data Security: Measures required to ensure appropriate security of personal data, including technical and organizational measures
