Computer Misuse Act 1990 – this specifies various hacking offences

Official Secrets Act 1989 – this deals with national security

Communications Act 2003 – this is the main source of UK telecommunications law

Data Protection Act 1998 – this implements the Data Protection Directive 1995

Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426)

GDPR, NISD and Brexit

From 25 May 2018 the General Data Protection Regulation 2016/679 (GDPR) becomes directly effective in the UK. It will remain directly effective for so long as the UK remains a member of the European Union.

The Network and Information Security Directive 2016/1148 is due to be implemented in all member states of the European Union by 10 May 2018.

On Thursday 23 June 2016, the UK voted in a referendum to leave the European Union. At the beginning of 2017, both the timing and impact of Britain’s exit from the UK on data protection law is unclear. Updates will be provided by means of blog posts.


Please let us know if there are others we should include, or if any of the links no longer work.