ºÚÁÏÊÓƵ

Data Protection Act 2018: Primary UK legislation that controls how personal information is used by organizations, businesses, or the government. Works alongside the UK GDPR to regulate data protection.

UK GDPR: The UK's implementation of the GDPR after Brexit, setting out key principles for processing personal data, individual rights, and organizational obligations regarding data protection.

Computer Misuse Act 1990: Legislation that makes unauthorized access to computer systems and data a criminal offense, relevant for security audit policies and incident response.

Privacy and Electronic Communications Regulations 2003: Regulations governing privacy in electronic communications, including rules about cookies, electronic marketing, and communication security.

Freedom of Information Act 2000: Legislation providing public access to information held by public authorities, important for public sector organizations' information handling policies.

ISO 27001: International standard for information security management systems (ISMS), providing framework for policies, procedures, and controls to manage information security risks.

NIST Cybersecurity Framework: Voluntary guidance for organizations to better manage and reduce cybersecurity risk, based on existing standards, guidelines, and practices.

PCI DSS: Payment Card Industry Data Security Standard - security standards for organizations handling credit card information to ensure secure transaction environment.

Cyber Essentials: UK government-backed scheme helping organizations protect against common cyber attacks, providing basic security controls framework.

ICO Guidelines: Regulatory guidance from the Information Commissioner's Office on data protection, privacy, and electronic communications regulations compliance.

NIS Regulations 2018: Network and Information Systems Regulations providing legal measures to boost overall level of security for network and information systems.

FCA Requirements: Financial Conduct Authority regulations for financial services firms, including specific requirements for information security and data protection.

NHS Data Security and Protection Toolkit: Healthcare sector-specific framework for managing information security in NHS organizations and their partners.

EU GDPR Compliance: Requirements for compliance with EU GDPR when dealing with EU data subjects, including international data transfer considerations.