Data Protection Act 2018: UK's implementation of data protection standards, working alongside UK GDPR to regulate how personal data is processed and protected
UK GDPR: Post-Brexit version of EU GDPR, setting out key principles for data protection, individual rights, and organizational responsibilities in data handling
Computer Misuse Act 1990: Legislation criminalizing unauthorized access to computer systems and data modification, relevant for security breach assessments
NIS Regulations 2018: Network and Information Systems Regulations implementing EU directive on cybersecurity, particularly for essential services and digital providers
PECR 2003: Privacy and Electronic Communications Regulations governing electronic communications, cookies, and marketing communications
Financial Services and Markets Act 2000: Primary legislation for financial services regulation, including IT security requirements for financial institutions
Payment Services Regulations 2017: Regulations governing payment services, including security requirements for payment processing systems
ISO 27001: International standard for information security management systems, providing framework for security controls and risk assessment
ISO 31000: International standard providing principles and guidelines for effective risk management
NIST Cybersecurity Framework: Voluntary guidance for managing and reducing cybersecurity risk, widely adopted internationally
PCI DSS: Payment Card Industry Data Security Standard, mandatory for organizations handling payment card data
NHS Digital Standards: Specific security standards and requirements for healthcare sector IT systems in the UK
Government Security Classifications: UK government system for classifying and protecting information assets based on sensitivity
Companies Act 2006: Primary legislation governing companies in the UK, including aspects of corporate governance related to risk management
CIS Controls: Set of prioritized actions to protect organizations and data from known cyber attack vectors
