Example Legislations

To help you complete this section - here are some common laws and regulations:

  1. The General Data Protection Regulation (GDPR): Although an EU regulation, the UK has incorporated GDPR into its national law under the UK GDPR. It applies to the processing of personal data and has stringent requirements around data protection and security.

  2. The Data Protection Act 2018: Working alongside the UK GDPR, this act sets out the framework for data protection law in the UK. It supplements the general data protection regime and controls how personal information is used by organisations.

  3. The Computer Misuse Act 1990: This act makes certain activities illegal, such as hacking into other people's systems, downloading or distributing virus software, or helping others to gain unauthorised access to a computer.

  4. The Privacy and Electronic Communications Regulations (PECR): PECR sits alongside the Data Protection Act and the GDPR, giving people specific privacy rights in relation to electronic communications.

  5. Network and Information Systems Regulations 2018 (NIS Regulations): This regulation imposes security and incident reporting obligations on operators of essential services and digital service providers.

  6. The Payment Card Industry Data Security Standard (PCI DSS): While not a law, this is a widely accepted set of policies and procedures intended to optimise the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information.

  7. The Regulation of Investigatory Powers Act 2000 (RIPA): This act governs the powers of public bodies to carry out surveillance and investigation, and the interception of communications.

  8. The Copyright, Designs and Patents Act 1988: Pertinent to intellectual property, this act covers the unauthorised use, copying, or distribution of copyrighted materials.

  9. The Freedom of Information Act 2000: This act provides public access to information held by public authorities. It does this in two ways: public authorities are obliged to publish certain information about their activities, and members of the public are entitled to request information from public authorities.

  10. The Health and Safety at Work Act 1974: In the context of information security, this act might apply to the physical safety and security of hardware or data centres.

Last updated