UK GDPR: The United Kingdom General Data Protection Regulation - The primary data protection legislation in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data

Data Protection Act 2018: The UK's implementation of data protection legislation that works alongside and supplements the UK GDPR, providing additional requirements and specifications for data protection in the UK context

PECR 2003: Privacy and Electronic Communications Regulations - Specific rules for electronic communications, including rules about marketing, cookies and electronic communications services

Freedom of Information Act 2000: Legislation that provides public access to information held by public authorities, relevant for public sector organizations when handling data protection matters

Human Rights Act 1998: Particularly Article 8 which enshrines the right to respect for private and family life, home and correspondence in UK law

ICO Guidance: Official guidance and codes of practice from the Information Commissioner's Office, the UK's data protection regulator

EDPB Guidelines: European Data Protection Board guidelines which, while not binding post-Brexit, remain influential in UK data protection practice

EU GDPR: The European Union General Data Protection Regulation - Relevant when processing data of EU residents or operating in EU markets

International Transfer Mechanisms: Framework for international data transfers including UK adequacy decisions, Standard Contractual Clauses, and other transfer tools

Sector-Specific Regulations: Additional regulatory requirements specific to different sectors such as financial services, healthcare, or education that may impact data protection requirements