The UK has laws that focus on the cyber security industry. These detail the actions an individual can take what actions are deemed offensive and therefore illegal, but also laws and guidance detailing how data should be held and the responsibilities of companies that hold valuable information.

The primary cybercrime legislation in the UK is the Computer Misuse Act 1990 (CMA). This defines specific malicious actions that are a criminal offence. This may include hacking, ransomware, data theft etc. Overarchingly, the Computer Misuse Act focusses on unauthorised actions that could be deemed offensive in nature and therefore criminalizes malicious actions with intent to access or impact computer systems.

The General Data Protection Regulation (GDPR) came into force in 2018 and forced an update to the Data Protection Act (DPA) that was originally created in 1998. These laws enshrine in EU and UK law, the protections afforded to Personally Identifiable Information (PII). All companies that gather and use personal data need to follow the data protection principals.

While the law is never fast enough to keep up with the changing face of technology, it is important that professionals working in the cyber security industry have an understanding of legislation that applies to their day to day activities and an awareness of the appropriate policies.

‍