UK GDPR and DPA 2018: Core data protection legislation in the UK post-Brexit, governing how personal data must be processed, stored, and protected
PECR 2003: Privacy and Electronic Communications Regulations governing electronic communications, cookies, and direct marketing
NIS Regulations 2018/2020: Network and Information Systems regulations covering cybersecurity requirements for essential services and digital service providers
ISO 27001: International standard for information security management systems, providing framework for policies and procedures including controls and risk management
Computer Misuse Act 1990: Criminal law addressing unauthorized access to computer systems and related cybercrime offenses
Serious Crime Act 2015: Updates to computer misuse offenses and tools for cybercrime
Common Law Contract Principles: Fundamental principles of contract law including formation, consideration, and enforcement under English law
Unfair Contract Terms Act 1977: Legislation controlling unfair terms in contracts, particularly regarding limitation of liability
Consumer Rights Act 2015: Legislation protecting consumer rights in contracts, relevant if the agreement has B2C implications
Financial Services Regulations: Including Financial Services and Markets Act 2000 and FCA regulations on operational resilience for financial sector
PCI DSS: Payment Card Industry Data Security Standard requirements for organizations handling credit card information
Cross-border Data Transfer Rules: Regulations governing international data transfers, including adequacy decisions and appropriate safeguards
NCSC Guidelines: National Cyber Security Centre's guidance and best practices for cybersecurity in the UK
Breach Notification Requirements: Mandatory incident reporting obligations under various regulations including GDPR and sector-specific requirements
Employment Law Framework: Including Employment Rights Act 1996 and Equality Act 2010 for security policies affecting employees
