Regulatory regime

Regulatory regime

Assimilated Regulation (EU) 2016/679, UK General Data Protection Regulation (UK GDPR) contains the following seven data protection principles, which are set out in Article 5:

•
Principle 1: Lawfulness, fairness and transparency

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

FCDO issue guidance on consolidating UK sanctions lists by January 2026

The Foreign, Commonwealth & Development Office (FCDO) has published guidance detailing the consolidation of UK sanctions designations into a single list. From 28 January 2026, the UK Sanctions List will become the sole source for UK sanctions designations, replacing the current dual-list system that includes the Office of Financial Sanctions Implementation (OFSI) Consolidated List of Asset Freeze Targets. The change requires businesses to update compliance systems that currently use OFSI Group ID identifiers.

How to strengthen cyber resilience through supply chain contracts

Commercial analysis: In today’s hyperconnected world, cyber risk is no longer a peripheral concern—it’s a central business issue for the vast majority of businesses. In 2024, 75% of software supply chains experienced attacks, with global economic losses projected to soar to £108bn by 2031. As cyber threats become more sophisticated and supply chain vulnerabilities grow, legal teams are playing a critical role in shaping organisational resilience. Adapting supply chain contracts to reflect the growing complexity and severity of cyber threats is one area where legal teams can protect their organisation. In this article Jocelyn S Paulley, partner at Gowling WLG, highlights practical ways to strengthen cyber clauses beyond simple policy compliance and explores what contract drafters should prioritise: governance, transparency, incident response and technical measures.

Practice Compliance weekly highlights—9 October 2025

This week's edition of Practice Compliance weekly highlights includes updated government guidance on AML information sharing under the Economic Crime and Corporate Transparency Act 2023, and the SRA's statement following the case of Julia Mazur & Ora v Charles Russell Speechlys LLP.

Government departments update ECCTA guidance on AML information sharing measures

The Home Office, HM Treasury, Ministry of Justice, Companies House, Serious Fraud Office and Department for Business and Trade have updated guidance on information sharing measures under the Economic Crime and Corporate Transparency Act (ECCTA) 2023. The updated guidance, published on 3 October 2025, sets out provisions for anti-money laundering (AML) regulated firms to share customer information directly or indirectly through third-party intermediaries to prevent, detect and investigate economic crime. The guidance covers warning and request conditions for direct sharing, practical considerations including cross-sector sharing mechanisms, and requirements for law enforcement reporting, UK General Data Protection Regulation compliance and customer redress. The measures, which came into force on 15 January 2024, disapply confidentiality obligations and civil liability for AML regulated firms when sharing information for specified economic crime prevention purposes.

View Practice Compliance by content type :

News