UK GDPR: The United Kingdom General Data Protection Regulation - the primary legislation governing data protection in the UK post-Brexit, setting out the key principles, rights and obligations for processing personal data
Data Protection Act 2018: The UK's implementation of data protection laws, working alongside and supplementing the UK GDPR, providing specific data protection requirements and derogations for the UK context
PECR 2003: Privacy and Electronic Communications Regulations - specific rules for electronic communications, including electronic marketing and cookies
EU GDPR: European Union General Data Protection Regulation - relevant when EU entities are involved in the group or when data transfers include EU territories
Standard Contractual Clauses: Pre-approved contractual terms for international data transfers, ensuring adequate protection when transferring personal data outside the UK/EEA
Binding Corporate Rules: Internal codes of conduct for multinational companies, allowing international data transfers within the same corporate group
Adequacy Decisions: Official determinations by relevant authorities that certain countries provide adequate level of data protection, facilitating easier data transfers
ICO Guidance: Official guidance and codes of practice from the Information Commissioner's Office, providing practical interpretation of data protection requirements
Employment Law: Relevant employment legislation that intersects with data protection when handling employee personal data within the group
Companies Act 2006: Primary legislation governing company operations in the UK, relevant for corporate governance aspects of intra-group arrangements
Data Transfer Mechanisms: Specific procedures and safeguards required for transferring data between group entities, including technical and organizational measures
Data Protection Principles: Core principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality
Data Subject Rights: Rights granted to individuals whose data is processed, including access, rectification, erasure, portability, and objection rights
Security Measures: Technical and organizational security requirements for protecting personal data during processing and transfer
Breach Notification: Procedures and timelines for reporting data breaches to authorities and affected individuals
Accountability Framework: Requirements for demonstrating compliance, including documentation, impact assessments, and appointment of responsible personnel
Record Keeping: Obligations to maintain detailed records of processing activities, data transfers, and compliance measures
