UK GDPR: UK General Data Protection Regulation - Primary legislation governing data protection and consent requirements in the UK post-Brexit
Data Protection Act 2018: UK's implementation of data protection standards, working alongside UK GDPR to provide comprehensive data protection framework
PECR 2003: Privacy and Electronic Communications Regulations governing electronic communications, cookies, and direct marketing consent
Human Rights Act 1998: Particularly Article 8 establishing the fundamental right to privacy in UK law
ICO Guidelines: Information Commissioner's Office regulatory guidelines on consent management and implementation
EDPB Guidelines: European Data Protection Board Guidelines - influential but non-binding post-Brexit guidance on data protection
ISO/IEC 27001: International standard for information security management systems, providing framework for securing consent data
BS 10012:2017: British Standard for Personal Information Management System, providing framework for managing personal data and consent
Valid Consent Requirements: Legal requirements for consent to be freely given, specific, informed, and unambiguous with clear affirmative action
Consent Record-Keeping: Requirements for maintaining records of when, how, and what consent was given by individuals
Consent Withdrawal Rights: Legal obligation to ensure individuals can withdraw consent as easily as they gave it
Age Verification Requirements: Specific requirements for obtaining and verifying consent for processing children's personal data
Security Measures: Technical and organizational measures required to protect consent records and associated personal data
Breach Notification: Requirements for notifying authorities and affected individuals of breaches involving consent data
International Transfers: Requirements for transferring consent records and associated data outside the UK
Retention Requirements: Guidelines and requirements for how long consent records should be retained and when they should be deleted
