This paper identifies and discusses the core legal framework for aforementioned topics in the UK and Europe, looking at how they are regulated and how the law treats failure. It also outlines what organisations are required to do in practice to protect patient data.