Sky high thinkers

Welcome to the Libryo blog


GDPR is only one of many relevant data protection laws. Do you know the others?

Written by Garth Watson
on March 29, 2018

Because there has been so much hype around GDPR, many people think that it is the be all and end all of data protection regulation. It is not.

There are many statutory instruments (e.g. Acts of parliament and regulations) that apply to companies' handling of personal data, other than GDPR.


Find the needles in the data-protection regulation haystack

To illustrate this point, I've used the UK as an example, and I've included a list below which is a sample of regulations taken from a stack of statutory instruments which apply to a UK company's handling of personal data. Although this is a list of UK and EU statutes, for companies operating in other countries, the same principle holds true - namely that there are many regulations dealing with the handling of personal data other than GDPR.

That all of these statutory instruments regulate a company's use of data is a bit counter-intuitive because the names of the regulations often don't include the phrase: "data-protection". Nevertheless, each of these statutory instruments include at least one provision which apply to the domain of data:

(Note this is not a full list. I've deliberately omitted certain statutes relevant to the data protection domain. The point is to show us all that there's more to data protection regulation than GDPR!)

  1. Civil Contingencies Act, 2004
  2. Companies Act 2006
  3. The Companies (Trading Disclosures) Regulations 2008
  4. Computer Misuse Act 1990
  5. Copyright, Designs and Patents Act, 1988
  6. Copyright (Computer Programs) Regulations, 1992
  7. Defamation Act, 2013
  8. Electronic Communications Act, 2000
  9. Equality Act, 2010
  10. European Communities Act 1972
  11. Alternative Dispute Resolution for Consumer Disputes (Competent Authorities and Information) Regulations, 542 of 2015
  12. Business Protection from Misleading Marketing Regulations 2008
  13. Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013
  14. Consumer Protection (Distance Selling) Regulations, 2003
  15. Consumer Protection From Unfair Trading Regulations, 2008
  16. Copyright (Computer Programs) Regulations, 1992
  17. Electronic Commerce (EC Directive) Regulations, 2002
  18. Electronic Identification and Trust Services for Electronic Transactions Regulations, 2016
  19. The Provision of Services Regulation, 2009
  20. The Intellectual Property (Enforcement, etc.) Regulations 2006
  21. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
  22. The Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018
  23. Public Order Act, 1986
  24. Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I)
  25. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  26. Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)
  27. Terrorism Act, 2000
  28. The Companies (Trading Disclosures) Regulations 2008
  29. The Intellectual Property (Enforcement, etc.) Regulations 2006
  30. Trade Marks Act 1994

Now you know.


Towards knowing simply, what data protection regulation requires

You may think "I wish the law was better organised and that there were fewer regulations to keep track of!" Indeed, part of the problem with regulation is that it is terribly organised. Fortunately, however, legal technology is being put to work to simplify the complicated organisation of regulatory texts. Using legal technology, it is possible to filter out the provisions of the above data-protection regulations which do not apply to your company. This filtering, combined with the use of smart meta-data, enables anyone, in any organisation to experience freedom in knowing what data protection regulations require of them, without having to sift through reams of complicated and irrelevant regulatory texts! Freedom in complexity is possible.


Learn more 

We'd love to know what you thought about this post.

Add your comment below.

You may also like:

Legal compliance GDPR

GDPR Budgets: How To Avoid The Hidden Costs

If you do a quick Google search for 'GDPR budgets', 'budgeting for the GDPR' or 'how should I budget for the GDPR', most...