Skip to content
English
Incident Support Customer Portal
Contact Us
  • There are no suggestions because the search field is empty.

What cyber security laws are relevant to UK organisations?

UK businesses must comply with various cyber security laws and regulations to protect sensitive data, prevent breaches, and avoid heavy fines.

Different laws apply across industries and geographical locations, affecting everything from data protection to critical infrastructure security.  Some of which are stated below:

πŸ”Ή Key Cyber Security Laws & Regulations in the UK

1️⃣ UK GDPR (General Data Protection Regulation) – Data Protection

πŸ“œ What it Covers:

  • Governs how personal data is collected, processed, and stored.
  • Applies to any UK organisation handling personal data.

⚠️ Penalties for Non-Compliance:

  • Fines up to Β£17.5M or 4% of annual turnover (whichever is higher).
  • Example: British Airways was fined Β£20M for a data breach.

2️⃣ Data Protection Act 2018 (DPA 2018)

πŸ“œ What it Covers:

  • Supplements UK GDPR by detailing national data protection rules.
  • Includes exemptions for law enforcement, national security, and intelligence services.

3️⃣ NIS Regulations (Network and Information Systems) – Critical Infrastructure Security

πŸ“œ What it Covers:

  • Applies to critical service providers (e.g., healthcare, energy, transport, finance).
  • Mandates cyber resilience, incident reporting, and risk management.

⚠️ Penalties for Non-Compliance:

  • Fines up to Β£17M for serious failures in cyber security.

4️⃣ Computer Misuse Act 1990 (CMA) – Cyber crime Law

πŸ“œ What it Covers:

  • Criminalises unauthorised access, hacking, malware attacks, and denial-of-service (DDoS) attacks.
  • Makes it illegal to steal, modify, or destroy data without permission.

⚠️ Penalties:

  • Up to 10 years in prison for serious offences.

5️⃣ Cyber Essentials – Government-Backed Security Standard

πŸ“œ What it Covers:

  • Not a law but a mandatory certification for organisations working with the UK government.
  • Ensures basic cyber security protections (firewalls, anti-malware, secure access).

⚠️ Why It’s Important:

  • Required for UK government contracts involving sensitive data.
  • Reduces the risk of common cyber attacks by 80%.

6️⃣ PCI DSS (Payment Card Industry Data Security Standard) – Payment Security

πŸ“œ What it Covers:

  • Required for any UK business handling card payments.
  • Protects credit/debit card transactions from fraud and data theft.

⚠️ Penalties:

  • Non-compliance can lead to fines from card issuers (Visa, Mastercard).
  • Risk of losing the ability to process card payments.

7️⃣ Online Safety Act 2023 – Digital Safety & Cyber security

πŸ“œ What it Covers:

  • Regulates social media platforms, websites, and apps to prevent online harm.
  • Targets illegal content, fraud, and child protection online.

⚠️ Penalties:

  • Fines up to 10% of global turnover for non-compliance.

πŸ”Ή Industry-Specific Cyber Regulations

πŸš‘ NHS DSP Toolkit – Cyber security standard for healthcare organisations.
πŸ’° FCA Regulations – Financial firms must comply with cyber risk controls.
🏭 ISO 27001 – International standard for information security management.