UK GDPR: UK General Data Protection Regulation - Primary data protection legislation in the UK post-Brexit, governing how personal data must be handled, processed, and secured
Data Protection Act 2018: The UK's implementation of data protection legislation, working alongside UK GDPR to provide a comprehensive data protection framework
PECR: Privacy and Electronic Communications Regulations - Specific rules for electronic communications, including marketing, cookies, and privacy in telecommunications
ISO 27001: International standard for information security management systems (ISMS), providing framework for policies and procedures including legal, physical and technical controls
Cyber Essentials: UK government-backed scheme helping organizations protect against common cyber attacks, including certification requirements and security controls
NIS Regulations 2018: Network and Information Systems Regulations - Legal requirements for essential services providers and digital service providers regarding cybersecurity
Computer Misuse Act 1990: Criminal law dealing with unauthorized access to computer systems and cybercrime, relevant for security assessments and incident response
Electronic Communications Act 2000: Legislation providing legal framework for electronic signatures and electronic communications in business
Companies Act 2006: Primary legislation governing company operations in the UK, including directors' duties regarding risk management and corporate governance
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations handling credit card information
NIST Cybersecurity Framework: International best practice framework for managing cybersecurity risk, widely adopted even outside the US
Critical National Infrastructure Regulations: Specific security requirements for organizations operating critical national infrastructure in the UK
