About Information Law
Lexis®+ Information Law is an online practical guidance product for contentious and non-contentious lawyers dealing with Data Protection, Confidential Information, Privacy, Cybersecurity and Freedom of Information issues.
Data protection
Get a good background to data protection law and view practical guidance focused on data protection matters for commercial transactions. See also our UK GDPR compliant pro-party clauses for use in commercial agreements.
Confidential Information
Protect trade secrets and know-how using the law of confidentiality. Get information and a set of pro-party confidentiality agreements here.
Key information law developments
View a range of trackers to enable horizon scanning and monitoring of key developments. The trackers are maintained - making them useful for keeping up-to-date and for business development.
Lexis+® Information Law
It’s our online practical guidance product for contentious and non-contentious lawyers dealing with Data Protection, Confidential Information, Privacy, Cybersecurity and Freedom of Information issues.
Our Information Law Experts
Adam Gillert
Hamish Corner
Anthony Taylor
Jon Bartley
Hazel Grant
Latest Information Law News
The Information Commissioner’s Office (ICO) has welcomed the Cyber Security and Resilience (Network and Information Systems) Bill, introduced to...
The European Commission has proposed extending the Interim Regulation allowing certain online communication service providers to continue voluntarily...
The European Commission has renewed its two 2021 adequacy decisions permitting the free and secure transfer of personal data between the European...
Banking & Finance analysis: The case of Macdonald Hotels alarmed lenders and their lawyers earlier in the year, with obiter comments suggesting that,...
Welcome to this week’s edition of the Information Law weekly highlights: a hand-picked summary of news analysis, updates and new content related to...
Latest Information Law Practice Notes
DeepfakesThis Practice Note provides a summary of UK law as it applies to the use of deepfakes. A deepfake is a form of audiovisual content that has...
Introduction to the EU GDPR and UK GDPRThis Practice Note provides an introduction to both the EU’s General Data Protection Regulation, Regulation...
Data (Use and Access) Act—trackerThis Practice Note tracks key developments relating to the Data (Use and Access) Act 2025 (DUAA 2025) which received...
Defamation—limitationThe ordinary time limit for defamation and malicious falsehood claimsA claimant must commence a claim for defamation within one...
Exemptions to the UK general data protection regimeFORTHCOMING CHANGE: On 19 June 2025, the Data (Use and Access) Bill received Royal Assent, becoming...
Latest Information Law Precedents
Personal data processing schedule—pro-supplier—UK GDPR and EU GDPRThis precedent uses the additional defined terms ‘Agreement’, ‘Business Day’,...
Personal data processing schedule—pro-customer—UK GDPR and EU GDPRThis precedent uses the additional defined terms ‘Agreement’, ‘Business Day’,...
UK GDPR—2022 standard contractual clauses (SCCs) for the transfer of personal data outside the UK—International Data Transfer Agreement (IDTA) In...
Personal data processing schedule—controller and processor—intra-groupDefined terms: In addition to the definitions below, this precedent also uses...
Personal data sharing schedule—controller to controller—pro-disclosing partyDefined terms: This precedent schedule uses the additional defined terms...
Latest Information Law Q&As
Featured Information Law content
The UK General Data Protection Regulation (UK GDPR)—Navigator [Archived]
The UK General Data Protection Regulation (UK GDPR)—NavigatorThis Practice Note serves as a reference guide to the Retained Regulation (EU) 2016/679...
Privacy law—misuse of private information
Privacy law—misuse of private informationThe tort of misuse of private information is focused on ‘the protection of human autonomy and dignity—the...
Confidentiality agreement—mutual
Confidentiality agreement—mutualThis Agreement is made on [date]Parties1[insert name of party] [of [insert details ] OR a company incorporated in...
The Information Commissioner’s Office (ICO)
The Information Commissioner’s Office (ICO)The Information Commissioner’s Office (ICO) is the UK’s independent regulator designed to uphold...
The UK General Data Protection Regulation (UK GDPR)
The UK General Data Protection Regulation (UK GDPR)This Practice Note provides a summary of the UK GDPR regime. For a higher-level introduction to UK...
Are recorded conversations between lay people legal and can they be used in legal proceedings?
Is it standard for a non-disclosure agreement to contain liability limitations (eg for loss of information and/or breach) and what arguments could be used to seek to remove any such provisions added by another party?
In the context of confidentiality agreements, what constitutes an ‘indirect’ disclosure? Is it necessary to specifically use the word ‘indirect’ to capture all types of disclosure by the main disclosing party?
Letter of claim—breach of confidence
Letter of claim—breach of confidence[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and confidential...
Trade secrets and confidential information—protection and enforcement
Trade secrets and confidential information—protection and enforcementThis Practice Note sets out the protection available for trade secrets and...
Introduction to the EU GDPR and UK GDPR
Introduction to the EU GDPR and UK GDPRThis Practice Note provides a high-level introduction to the EU’s General Data Protection Regulation,...
Data protection, privacy and confidential information case law tracker
Data protection, privacy and confidential information case law trackerThis Practice Note tracks noteworthy High Court, Court of Appeal and Supreme...
Commercial use of photographs—data protection and privacy issues
Commercial use of photographs—data protection and privacy issuesThis Practice Note addresses issues affecting professional photographers taking...
Letter of claim—breach of data protection law
Letter of claim—breach of data protection law[Insert name and address of recipient]Dear [insert organisation name],[Name of client] and breach of data...
What does IP completion day mean for Information Law? [Archived]
What does IP completion day mean for Information Law? [Archived]ARCHIVED: This Practice Note has been archived and is not maintained.11 pm (GMT) on 31...
Confidential information, privacy and injunctions
Confidential information, privacy and injunctionsThis Practice Note deals with the general principles of obtaining an injunction relating to...
The Data Protection Act 2018
The Data Protection Act 2018This Practice Note introduces the UK’s Data Protection Act 2018 (DPA 2018).For higher-level introductions to data...
Is someone’s voice personal identifiable information under GDPR? If someone is to do a voice over for content of some training for a business, would a consent form be needed?
Associated legal terms
Privacy notice
Commonly refers to an external-facing data protection notice (or ‘policy’) addressing the information and transparency requirements under data protection and privacy laws.
Privacy policy
Commonly refers to an external-facing data protection policy (or ‘notice’) addressing the information and transparency requirements under data protection and privacy laws.
Recipient
The UK GDPR and EU GDPR include obligations to record and provide data subjects with details of the recipients or categories of recipients of their personal data in a number of situations. The GDPR regimes also refer to recipients in other contexts, including certain provisions concerning processing records, data transfers and enforcement. Under the GDPR regimes, ‘recipient’ is defined as meaning: ‘…a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with [EU GDPR: EU or Member State/ UK GDPR: UK domestic] law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;’ (emphasis added)
CONTACT US
