Applicable Legislation Policy

This policy outlines the applicable relevant legislation and regulation that pertains to {{company_name}}, how it is monitored and kept up to date.

You can download the policy from here: Applicable Legislation Policy

Applicable Legislation Policy


Effective: March 2021
Version: EC21


This policy outlines the applicable relevant legislation and regulation that pertains to {{company_name}}, how it is monitored and kept up to date.


This policy covers all information assessments present at {{company_name}}.

This policy applies to employees, contractors, consultants, temporaries, and other workers at {{company_name}}, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by {{company_name}}.


The follow list of laws, regulations and standards are considered as applicable legislation within {{company_name}}:

1. UK Data Protection Act 1998
2. Gibraltar Data Protection Act 2004
3. EU General Data Protection Regulation
4. Crimes (Computer Hacking) Act 2009 (Gibraltar)
5. US Code 18 C119 & C2511 (Wiretap and Interception)
6. UK Electronic Communications Act 2000
7. Consumer Protection Regulations 2000
8. Freedom Of Information Act 2000
9. The Telecommunications (Lawful Business Practice and Interception of Communications) Regulations 2000
10. Computer Misuse Act 1990
11. Communications Act 2006 (Gibraltar)
a. Communications (Combating Child Pornography) Regulations 2013
12. The Electronics Signatures Regulations 2002
13. The Telecommunications (Data Protection & Privacy, Direct Marketing) Regulations 1999
14. The Consumer Protection (Distance Selling) Regulations 2003
a. The Consumer Protection (Distance Selling)(Amendment) Regulations 2005
15. Regulation of Investigatory Powers Act 2000
16. Civil Contingencies Act (2014)
17. Copyright, Designs and Patents Act 1988 & Amendment 2010
18. Companies Act 2006
a. The Limited Liability Partnerships (Application of Companies Act 2006) (Amendment) Regulations 2013
19. The Human Rights Act 1998 & Amendment Order 2005
20. The Privacy and Electronic Communications (EC Directive) Regulations 2003
21. Data Retention and Investigatory Powers Act 2014
Supplemental Source for Health Records workers
1. NHS Guidance on Legal and Professional Obligations


Responsibility for monitoring changes and updates is that of the CEO. Updates are reviewed at the Board meetings as required. With each update an action is assigned by the relevant person to ensure the updates are reflected in Policy / Procedure and communicated as required.


Compliance Measurement

The {{company_name}} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.


Any exceptions to the policy must be approved by the CEO in advance.


Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.


• None


• ...

Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?