In this section you can find links to some documents that may help you better understand the data-protection regulation and configure your processing accordingly.
EEA and UK
GDPR.General Data Protection Regulation is a regulation in EU law on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law outlining approaches to processing of personal data;
E-Privacy Directive.E-privacy Directive 2009/136/EC concerns the processing of personal data and the protection of privacy in the electronic communications sector. The E-privacy Directive covers processing of personal data and the protection of privacy including provisions on the security of networks and services; the confidentiality of communications; access to stored data; processing of traffic and location data; calling line identification; public subscriber directories; and unsolicited commercial communications ("spam").
UK GDPR and DPA 2018.The Data Protection Act 2018 is the UK’s implementation of the GDPR (UK GDPR). Meanwhile, the UK GDPR is supplemented by the DPA in some places. The DPA 2018 applies the GDPR’s provisions to certain types of processing that are outside the GDPR’s scope, including processing by public authorities. It sets out data processing regimes for law enforcement processing and intelligence processes. The UK GDPR and DPA 2018 should, therefore, be read together.
PECR.The Privacy and Electronic Communications Regulations sit alongside the Data Protection Act and the UK GDPR. They give people specific privacy rights in relation to electronic communications. PECR implement E-Privacy Directive into the UK law and cover specific rules on: marketing calls, emails, texts and faxes; cookies (and similar technologies); keeping communications services secure; and customer privacy as regards traffic and location data, itemized billing, line identification, and directory listings;
CAN-SPAM Act of 2003 and Rule. The CAN-SPAM Act, a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. Despite its name, the CAN-SPAM Act doesn't apply just to bulk email. It is supplemented with the CAN-SPAM Rule.
CPRA.The California Privacy Rights Act is an expansion of the California Consumer Privacy Act (CCPA). CPRA seeks to protect more types of privacy information, provide additional rights for consumers, establish an oversight entity, and detail rights specific to minors.