UK GDPR: UK General Data Protection Regulation - The primary data protection legislation in the UK post-Brexit, setting out fundamental principles for personal data processing
DPA 2018: Data Protection Act 2018 - The UK's implementation of data protection standards, complementing and supplementing the UK GDPR
PECR: Privacy and Electronic Communications Regulations 2003 - Specific rules for electronic communications, including rules on cookies and direct marketing
ICO Guidelines: Information Commissioner's Office Guidelines and Codes of Practice - Official guidance from the UK's data protection regulator on implementing data protection requirements
EDPB Guidelines: European Data Protection Board Guidelines - While not binding post-Brexit, these guidelines remain influential in UK data protection practice
Transparency Requirements: Articles 13 and 14 of UK GDPR requiring clear information about data processing activities to be provided to data subjects
Lawful Bases: Legal grounds under UK GDPR for processing personal data, such as consent, contract, legal obligation, legitimate interests
Data Subject Rights: Rights granted to individuals under UK GDPR including access, rectification, erasure, portability, and objection to processing
International Transfers: Rules and safeguards for transferring personal data outside the UK, including adequacy decisions and appropriate safeguards
Data Retention: Requirements for specifying and adhering to defined periods for keeping personal data
Security Measures: Technical and organizational measures required to ensure appropriate security of personal data
Special Category Data: Additional requirements for processing sensitive personal data such as health, racial, religious, or biometric information
Breach Notification: Procedures and obligations for notifying authorities and affected individuals of personal data breaches
