Doing Business In... 2025

UK Law and Practice Contributed by: Paolo Palmigiano, Rachael Roberts, Helen Farr, Debbie Heywood and Louise Popple, Taylor Wessing LLP

parts of a work can constitute infringement, but there are some “permitted uses”. 7.5 Others Copyright can subsist in original software text/ code. Databases are protected under the law of copyright if they are original – ie, if, by means of the selection or arrangement of the contents of the database, the database constitutes “the author’s own intellectual creation”. A separate right, called the database right, also protects databases for which there has been a “substantial investment” in ”obtaining, verifying or presenting the contents of the database”. Unlike copyright, there is no requirement for originality/creativity. “Investment” can mean ”any investment whether in financial, human or technical resources”. Like copyright, the data - base right is an automatic right that exists as soon as the database is fixed in recorded form. Trade secrets protect certain commercially sensitive and confidential information, such as industrial processes and recipes, against disclo - sure to or use by third parties without consent. These may be enforced against breach resulting in damages and injunction.

fundamentally similar. The UK GDPR places a range of obligations on those processing per - sonal data and confers rights on individuals in relation to their personal data. The DPA 2018 supplements the UK GDPR (including where the UK was given discretion as to its implementa - tion). It also implements the EU Law Enforce - ment Directive and covers the processing of personal data by the UK intelligence services. The Privacy and Electronic Communications Regulations 2003 as amended (PECR), based on the EU’s ePrivacy Directive, set out additional rules governing the privacy of communications. In particular, they cover direct marketing and the use of cookies and similar technologies. The Network and Information Systems Regula - tions 2018 (the “NIS Regulations”) implement the EU’s Network and Information Security (NIS) Directive 2016. They cover the security of IT systems and impose various cybersecurity and incident reporting obligations on relevant digital service providers and operators of essential ser - vices in designated sectors. The Product Security and Telecommunications Infrastructure Act 2022 deals with the security of consumer-related products. Together with related secondary legislation, it imposes secu - rity requirements throughout the supply chain. A variety of other sector-specific cybersecurity laws may be relevant, and the Data (Use and Access) Act also introduces new provisions relating to the sharing of personal and non-per - sonal data. 8.2 Geographical Scope Most of these laws have extraterritorial effect and apply to businesses operating in the UK, targeting or supplying the UK, or processing the personal data of UK individuals, regardless of

8. Data Protection 8.1 Applicable Regulations

The UK General Data Protection Regulation (UK GDPR) is the main legislation governing the processing of personal data. It is retained in EU law and largely mirrors the EU General Data Pro - tection Regulation 2016, but has recently been amended by the Data (Use and Access) Act 2025, which renders the UK legislation slightly further apart from the EU’s General Data Protec - tion Regulation, although the two laws remain

873 CHAMBERS.COM

Powered by