Legal & Regulatory

Regulatory Basics

England and Wales, Scotland and Northern Ireland are largely separate jurisdictions for a number of legal purposes. Scotland has a mixed common law and civil law system whereas England and Wales and Northern Ireland have a common law system.

Data Protection Act 1998 (DPA) (passed to implement the European Data Protection Directive 95/46/EC) - Data protection in the United Kingdom is regulated and enforced by the Information Commissioners Of ce (ICO), which also produces guidance and best practice guidelines for compliance with the legislation. To regulate the processing of personal data by businesses and other organizations.

Privacy and Electronic Communications (EC Directive) Regulations 2003 (the PECR) (passed to implement Directive 2002/58/EC) - To regulate, amongst other things, unsolicited electronic direct marketing to individuals. The PECR also regulate the use of cookies (and similar technologies) by websites.

European General Data Protection Regulation - The European Data Protection Directive (Directive 95/46/EC) (which is implemented in the UK by the Data Protection Act 1998) will be superseded by the pan-General Data Protection Regulation (GDPR) and represents the single largest change to data protection legislation for over twenty years. The text of the GDPR is expected to be finalised by mid-2016 and apply directly across all 28 EU Member States from 2018.

Consumer Rights Act 2015 (CRA) - The CRA reforms and consolidates pre-existing consumer laws in relation to:

  • Rights and remedies in respect of goods, services and digital content.
  • Unfair terms in consumer contracts.
  • Enhanced consumer remedies which can be imposed by public enforcement bodies.
  • Consolidation of existing legislation concerning enforcement powers for public bodies (currently over 60 instruments in place).
  • Consumer collective re-dress in relation to anti-competitive behaviour.

Consumer Protection from Unfair Trading Regulations 2008 (CPRs) – as amended by the Consumer Protection (Amendment) Regulations 2014 - The CPRs are in place to protect consumers from misleading commercial practices committed by traders.

Consumer Contract (Information, cancellation and additional charges) Regulations 2013 – known as the Consumer Contract Regulations 2013 (in force from 13 June 2014) - The regulations apply only to contracts between traders and consumers and implement the provisions of the EU Consumer Rights Directive into UK law. The Regulations do not cover certain types of contract, including: gambling, financial services, rental accommodation, construction, package travel or timeshare contracts.

Consumer Rights (Payment Surcharges) Regulations 2012 – in force since April 2013 - The regulations introduced a ban on charging consumers excessive surcharges relating to certain payment methods. The Regulations do not cover certain types of contract, including: gambling, financial services, rental accommodation, construction or timeshare contracts.

Electronic Commerce (EC Directive) Regulations 2002 - Regulations which detail certain requirements imposed on online traders. [1] 


  1. eCommerce Worldwide. United Kingdom Country Guide. "eCommerce in the United Kingdom"

$2,647.9 billion

OECD Risk Score:


Ease of doing business index


Household income