The following Risk & Compliance practice note provides comprehensive and up to date legal information covering:
Data security is a cornerstone of the UK General Data Protection Regulation (UK GDPR). The sixth data protection principle (the integrity and confidentiality principle) requires you to take appropriate technical and organisational measures to process personal data in a manner that ensures appropriate security, including:
protection against unauthorised or unlawful processing
accidental loss, destruction or damage
This Practice Note reflects ICO guidance on personal data breaches under the GDPR. It also contains additional useful practical information set out in ICO guidance on data security breach management issued under the previous data protection regime. This guidance has now been withdrawn.
This Practice Note also reflects guidance issued by the European Data Protection Board (EDPB). According to the ICO, although the UK has left the EU, these guidelines continue to be relevant.
Article 32 puts more flesh on the bones of the GDPR’s integrity and confidentiality principle. You are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account:
the nature, scope, context and purpose of processing
the risk of varying likelihood and severity for the rights and freedoms of data subjects
Your security measures should include, as appropriate:
the pseudonymisation and encryption of personal data
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and
Free trials are only available to individuals based in the UK
Complete all the fields above to proceed to the next step.
**Trials are provided to all LexisPSL and LexisLibrary content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Property: [insert name and/or address of the Property] (‘Property’)Purchaser: [insert name, address and (if applicable) company registration number of buyer]Transaction: [insert brief details]1Executive summary1.1Scope of reportThis report is addressed to you [insert buyer’s name] and has been
AML and counter-terrorist financing—source of funds and source of wealthSource of funds and wealth was a key focus of the SRA’s Preventing Money Laundering and Financing of Terrorism thematic review, published in March 2018. Its findings included that:•most firms understood the distinction between
SRA Code of Conduct for individuals and firmsThis Practice Note provides guidance on the SRA Codes of Conduct, contained in the SRA Standards and Regulations, in force from 25 November 2019. The SRA Standards and Regulations include two Codes of Conduct—a Code forSolicitors, RELs and RFLs and a Code
PRA Rulebook—introduction for the insurance and reinsurance sectorOn 29 August 2015, the Prudential Regulation Authority (PRA) published the PRA Rulebook (Rulebook). The transition from the Handbook to the Rulebook was intended to benefit PRA-authorised firms, to access clearer and more concise
0330 161 1234