Sign-in Help

GDPR compliance

View Practice Compliance by content type:

News
Practice notes
Precedents
Q&As

Latest Practice Compliance News

Practice Compliance weekly highlights—15 April 2021

Practice Compliance weekly highlights—15 April 2021

The following Practice Compliance news provides comprehensive and up to date legal information on Practice Compliance weekly highlights—15 April 2021

SEC official says agency can help self-reporting companies dig up information, achieve 'closure' in US FCPA cases

SEC official says agency can help self-reporting companies dig up information, achieve 'closure' in US FCPA cases

The following Corporate Crime news provides comprehensive and up to date legal information on SEC official says agency can help self-reporting companies dig up information, achieve 'closure' in US FCPA cases

Practice Compliance weekly highlights—8 April 2021

Practice Compliance weekly highlights—8 April 2021

The following Practice Compliance news provides comprehensive and up to date legal information on Practice Compliance weekly highlights—8 April 2021

LexisPSL and MLex trial new interactive EU GDPR enforcement tracker

LexisPSL and MLex trial new interactive EU GDPR enforcement tracker

The following Commercial news provides comprehensive and up to date legal information on LexisPSL and MLex trial new interactive EU GDPR enforcement tracker

Featured Practice Compliance content

Facilitation payments under the Bribery Act 2010

Facilitation payments under the Bribery Act 2010

Facilitating the performance of a duty by public officialsFacilitation payments, also known as facilitating or grease payments, are generally small...

What is a solicitor's undertaking?

What is a solicitor's undertaking?

An undertaking is a commitment by a solicitor to do something. It can be enforced against the solicitor by the courts. Failure to comply with an...

Active bribery, passive bribery and bribing foreign public officials

Active bribery, passive bribery and bribing foreign public officials

The purpose of this Practice Note is to provide a general understanding of the offences under section 1, 2 and 6 of the Bribery Act 2010 (BA 2010). It...

High-risk third countries tracker

High-risk third countries tracker

This Practice Note lists high-risk third countries identified by the Financial Action Task Force (FATF), HM Treasury and the European Commission as...

Precedents

Modern slavery: contract clauses

1DefinitionsModern Slavery Policy•means the Customer's anti-slavery and human trafficking policy as set out in Schedule [insert] as updated by the...
Read More >
9th Nov
tag iconIn-house
Practice notes

AML and counter-terrorist financing—source of funds

Source of funds and wealth was a key focus of the SRA’s Preventing Money Laundering and Financing of Terrorism thematic review, published in March...
Read More >
9th Nov
tag iconIn-house
Practice notes

Introduction to retained EU law

This Practice Note provides an introduction to retained EU law, which is an entirely new legal concept introduced to UK domestic law in preparation...
Read More >
9th Nov
tag iconBrexit
Precedents

Standard contractual clauses—set II—controller to controller (Model Clauses)

DRAFTING FOR BREXIT: For the latest information on the impact of Brexit on the drafting, negotiation and enforceability of this Precedent, see...
Read More >
9th Nov
Precedents

Anti-bribery and corruption for law firms—post-training assessment questions

How to use this testThese questions are designed to test your understanding after your attendance at our training on avoiding bribery and...
Read More >
9th Nov
Practice notes

Compliance officer for legal practice—COLP—title and duties 2011 [Archived]

The compliance officer for legal practice (COLP) sits at the heart of the firm's regulatory arrangements. This does not mean that the firm and its...
Read More >
9th Nov

Most recent GDPR compliance content

Precedents

Privacy policy—law firms and professional services

STOP PRESS: Draft Legal Sector Affinity Group (LSAG) AML guidance was published on 20 January 2021. It awaits approval by HM Treasury and any content...
Read More >
22nd Feb
Precedents

Subject access request flowchart—law firms [Archived]

ARCHIVED: This archived Flowchart reflects the data protection regime before 25 May 2018 under the Data Protection Act 1998. This Fl...
Read More >
22nd Feb
Precedents

Data breach assessment and action plan

1Data breach teamThe first step is to assemble a team to manage and respond to the breach.Data breach team lead[Insert the name or description of the...
Read More >
22nd Feb
Precedents

Personal data breach plan

1Introduction1.1This personal data breach plan:1.1.1places obligations on staff to report actual or suspected personal data breaches; and1.1.2sets out...
Read More >
22nd Feb
Practice notes

Data protection officer—law firms

This document reflects the UK GDPR regime. References and links to the GDPR refer to the UK GDPR (Retained Regulation (EU) 2016/679) unless expressly...
Read More >
17th Feb
Precedents

Records retention schedule

1Introduction1.1This Record retention schedule accompanies and is incorporated into [insert organisation’s name]’s Records management policy. It sets...
Read More >
16th Feb
Q&As

If a client makes a subject access request, what information are we obliged to provide and what can we retain? Can we give the client a summary of the data held or do we need to provide a copy?

The right of access is set out in the Article 15 of the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR). A data subject has the...
Read More >
15th Feb
Q&As

Does the GDPR prevent law firms or other professional services providers from charging clients for storing or retrieving their files?

Law firms—sector specific guidancePlease see Q&A: Can I charge a client for retrieving and or returning their file? This is based on Law Society...
Read More >
15th Feb
Q&As

What are the potential lawful grounds for processing special category personal data of third parties received by a law firm in the course of advising a client?

Special category personal data is:•personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade...
Read More >
15th Feb
Q&As

Is an expert witness a controller or processor of personal data under the General Data Protection Regulation?

The question of whether a person or entity is a data processor or data controller will depend on the circumstances of each individual case. The key...
Read More >
15th Feb
Q&As

Do I have to refresh marketing email consent obtained by a pre-ticked box on our website?

This Q&A considers the question of whether a commercial organisation needs to refresh marketing email consent obtained by a pre-ticked box on its...
Read More >
15th Feb
Q&As

What lawful basis for processing can a firm rely on where the firm provides required information to third parties, eg a third party referrer or funder?

The General Data Protection Regulation (GDPR) sets out the possible bases for lawful processing in Article 6 for ordinary personal data and Article 9...
Read More >
Produced in partnership with Shobana Iyer of Swan Chambers 15th Feb
Q&As

Should law firms redact personal data from transaction bibles?

All personal data must be processed in accordance with the GDPR, including the seven data protection principles set out in Article 5 of Retained...
Read More >
15th Feb
Q&As

Is a law firm a data controller or data processor under the General Data Protection Regulation? If a law firm acts as data processor, what contractual terms are required?

In the vast majority of cases, solicitors will act as the data controller in relation to personal data processed in connection with a client’s...
Read More >
15th Feb
Q&As

What is the effect of the GDPR on direct marketing? Once the GDPR is applicable, can an organisation send direct marketing to customers, where they don’t know whether these customers have opted-in or opted-out to such marketing?

This response is limited to UK law as regulated by the Information Commissioner’s Office. For the purposes of this response we assume that no special...
Read More >
Produced in partnership with Daradjeet Jagpal of Information Law Solutions 15th Feb
Q&As

Does the prohibition on unsolicited telephone calls advertising claims management services (Privacy and Electronic Communications (EC) Directive Regulations 2003, SI 2003/2426) apply to law firms?

This prohibition on unsolicited telephone calls advertising claims management services derives from the Privacy and Electronic Communications (EC)...
Read More >
15th Feb
Q&As

When a solicitor instructs counsel to appear at a hearing and advise generally in respect of a matter, should the barrister be considered a processor, a controller or a joint controller (along with the solicitor) of the data?

The General Data Protection Regulation (GDPR) distinguishes between ‘data controllers’ and ‘data processors’.The GDPR definition of a data controller...
Read More >
15th Feb
Precedents

Response to subject access request—able to comply with request—law firms [Archived]

ARCHIVED: This archived Precedent reflects the data protection regime before 25 May 2018 under the Data Protection Act 1998. This Precedent is for...
Read More >
14th Feb
Q&As

If an employer dismisses a data protection officer with less than two years’ service on the grounds that they were insufficiently expert and/or capable to do the job, what individual rights of redress would that officer have in respect of that dismissal? What enforcement action might the ICO take? How would a data protection officer dismissed in contravention of the GDPR bring a claim for compensation for that dismissal under the GDPR? Does the reference in Article 79(2) of the GDPR to ‘data subject’ in any way affect or limit the right to bring a claim for compensation under Article 82(1) of the GDPR?

Regulation (EU) 2016/679, General Data Protection Regulation (GDPR) itself describes issues pertaining to data protection officers (DPOs) at Articles...
Read More >
14th Feb
Q&As

When will a consultant be a processor for the purposes of Regulation (EU) 2016/679, the GDPR?

For further information, see the sections in Practice Note: The General Data Protection Regulation (GDPR), headed: Controllers and Processors.Under...
Read More >
14th Feb

Popular documents

LEXISNEXIS

What is practical completion?

Practical completion marks the end of the construction period of a project, when the works are 'finished' and the employer can occupy and/or use them. Practical completion also typically marks the start of the defects liability period/maintenance period.As explained below, practical completion is an

LEXISNEXIS

Recklessness in criminal cases

What is recklessness?In respect of some statutory offences and common law crimes the prosecution are required to prove a mental element of recklessness on the part of the defendant.Recklessness means unjustified risk taking on the part of the accused.Prior to the House of Lords decision in Re G

LEXISNEXIS

Directors’ remuneration

Company directors are not, by virtue only of their office as director, automatically entitled under company law to remuneration for services as a director or to reimbursement of expenses incurred in rendering such services. Power to pay directors remuneration for their services will need to be

LEXISNEXIS

The Single Rulebook

Background to the Single RulebookHistorically, the European Commission (Commission) favours using Directives (rather than Regulations) to set out its legislation in respect of the financial services sector. However, Directives, allowing Member States greater flexibility in how they implement