What laws govern the use of data and computers, and what do they require?
Describe the main laws affecting digital technology (data protection, the Computer Misuse Act and copyright law) and explain the duties and offences each defines.
A focused answer to the WJEC GCSE Digital Technology content on legislation, covering data protection law, the Computer Misuse Act and copyright law, with the rights, duties and offences each one defines.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
WJEC asks you to describe the main laws that govern how data is used and how computers may be accessed, and to explain what each law requires or forbids. The exam form is "describe the duties under data protection law" or "what does the Computer Misuse Act make illegal", so you need the purpose of each law and the specific rights, duties or offences it defines.
Data protection law
This law protects people's personal information.
These duties are why organisations use the protection methods from earlier in the topic, such as passwords, access rights and encryption.
The Computer Misuse Act
This law makes attacking computer systems a crime.
Copyright law
This law protects the work of creators.
Applying the law
The exam rewards matching the right law to a situation.
Why this matters
The law is a core part of the cyber security topic and is regularly examined, often as "which law applies" or "what duties does an organisation have". It connects the threats and protections to real responsibilities: data protection law explains why organisations must secure personal data, the Computer Misuse Act makes the attacks in this topic crimes, and copyright protects the digital media you create and use, including in the NEA components. Understanding these laws is also genuinely useful for acting legally and responsibly online.
Exam-style practice questions
Practice questions written in the style of WJEC exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
WJEC-style4 marksDescribe two duties that data protection law places on an organisation that stores people's personal data.Show worked answer →
The organisation must keep personal data secure, protecting it against loss, theft or unauthorised access, for example by using passwords, access rights and encryption.
It must only collect and use personal data for a specified, lawful purpose, and not use it for unrelated reasons, keeping only what is necessary and no longer than needed.
(Other valid duties include keeping data accurate and up to date, and respecting individuals' rights such as the right to see the data held about them.)
Markers award one mark for each duty correctly stated and one mark for a brief explanation or example, up to four marks. The duties must be genuine data-protection principles, not invented rules.
WJEC-style3 marksState what the Computer Misuse Act makes illegal, giving two examples of offences under it.Show worked answer →
The Computer Misuse Act makes it illegal to access computer systems or data without permission, and to interfere with them.
One offence is gaining unauthorised access to a computer or data (for example hacking into a system you have no right to use).
A second offence is unauthorised access with intent to commit a further crime, or making unauthorised changes such as deleting data or spreading malware.
Markers award one mark for the general aim (unauthorised access/interference is illegal) and one mark for each correct example offence, up to three marks. Generic "hacking is bad" without naming an offence earns less credit.
Related dot points
- Describe the main cyber threats (malware, phishing, social engineering, hacking, denial-of-service) and the vulnerabilities that attackers exploit.
A focused answer to the WJEC GCSE Digital Technology content on cyber threats, covering malware, phishing, social engineering, hacking and denial-of-service attacks, and the vulnerabilities that attackers exploit.
- Describe technical and behavioural methods of protecting systems and data, including passwords, firewalls, antivirus, encryption, updates and user training.
A focused answer to the WJEC GCSE Digital Technology content on protecting systems and data, covering passwords, two-step verification, firewalls, antivirus, encryption, software updates, backups, access rights and user training.
- Describe the consequences of cyber attacks and data loss for individuals and organisations, and explain how backups and business continuity support recovery.
A focused answer to the WJEC GCSE Digital Technology content on the consequences of cyber attacks and data loss, and how organisations recover through backups, disaster recovery and business continuity planning.
- Describe the ethical, social and environmental impacts of digital technology, including privacy, the digital divide, e-waste and energy use.
A focused answer to the WJEC GCSE Digital Technology content on the ethical, social and environmental impacts of digital technology, covering privacy, the digital divide, health and society, electronic waste and energy consumption.
- Describe social networking and online collaboration, and evaluate their benefits and risks for individuals and organisations.
A focused answer to the WJEC GCSE Digital Technology content on social networking, covering what it is, online collaboration, and the benefits and risks for individuals and organisations, including privacy and a digital footprint.
Sources & how we know this
- WJEC GCSE Digital Technology specification — WJEC (2021)
- WJEC GCSE Digital Technology Unit 1 guide — WJEC (2020)