Sign-in Help

Data breaches

View Risk & Compliance by content type:

Practice notes
Precedents
Q&As

Featured Risk & Compliance content

Money Laundering Regulations 2017—simplified due diligence

Money Laundering Regulations 2017—simplified due diligence

You may apply simplified customer due diligence (SDD) measures in relation to particular business relationships or transactions which you determine...

Facilitation payments under the Bribery Act 2010

Facilitation payments under the Bribery Act 2010

Facilitating the performance of a duty by public officialsFacilitation payments, also known as facilitating or grease payments, are generally small...

What is a solicitor's undertaking?

What is a solicitor's undertaking?

An undertaking is a commitment by a solicitor to do something. It can be enforced against the solicitor by the courts. Failure to comply with an...

Dawn raid—who can raid my organisation and why?

Dawn raid—who can raid my organisation and why?

The UK Government has legislated to permit a number of UK authorities to obtain search warrants to 'raid' a business premises. The potential for a...

Practice notes

Active bribery, passive bribery and bribing foreign public officials

The purpose of this Practice Note is to provide a general understanding of the offences under section 1, 2 and 6 of the Bribery Act 2010 (BA 2010). It...
Read More >
Produced in partnership with Joanne Kane of Carmelite Chambers 9th Nov
Practice notes

High-risk third countries tracker

This Practice Note lists high-risk third countries identified by the Financial Action Task Force (FATF), HM Treasury and the European Commission as...
Read More >
9th Nov
tag iconIn-house
Practice notes

Getting the Deal Through: Merger Control 2021

Jurisdictions coveredThe following jurisdictions are covered in this report:Albania; Australia; Austria; Belgium; Bosnia and Herzegovina; Brazil;...
Read More >
9th Nov
Precedents

Modern slavery: contract clauses

1DefinitionsModern Slavery Policy•means the Customer's anti-slavery and human trafficking policy as set out in Schedule [insert] as updated by the...
Read More >
9th Nov
tag iconIn-house
Practice notes

AML and counter-terrorist financing—source of funds

Source of funds and wealth was a key focus of the SRA’s Preventing Money Laundering and Financing of Terrorism thematic review, published in March...
Read More >
9th Nov
tag iconIn-house
Practice notes

Introduction to retained EU law

This Practice Note provides an introduction to retained EU law, which is an entirely new legal concept introduced to UK domestic law in preparation...
Read More >
9th Nov
tag iconBrexit
Precedents

Standard contractual clauses—set II—controller to controller (Model Clauses)

DRAFTING FOR BREXIT: For the latest information on the impact of Brexit on the drafting, negotiation and enforceability of this Precedent, see...
Read More >
9th Nov
Practice notes

Money Laundering Regulations 2017—nominated officer

This Practice Note sets out when organisations must appoint a nominated officer, the duties of the nominated officer and practical steps nominated...
Read More >
9th Nov
tag iconIn-house

Most recent Data breaches content

Precedents

Data breach assessment and action plan

1Data breach teamThe first step is to assemble a team to manage and respond to the breach.Data breach team lead[Insert the name or description of the...
Read More >
19th Nov
Precedents

Letter notifying data subject of data breach

On [insert date] we became aware that [describe what has happened, ie how the breach occurred]. The data [accessed OR stolen OR lost OR corrupted][...
Read More >
19th Nov
Precedents

Data breach—panic sheet

1. Data breach teamDamage limitation is a priority immediately following a security breach. You will need a team of people to manage the data...
Read More >
19th Nov
Precedents

Personal data breach plan

1Introduction1.1This personal data breach plan:1.1.1places obligations on staff to report actual or suspected personal data breaches; and1.1.2sets out...
Read More >
19th Nov
Precedents

Data breach report form—internal

If you know or suspect a personal data breach has occurred, please:•complete this form, and•email or deliver it to the [insert, eg the Data Protection...
Read More >
19th Nov
Precedents

Data breach register

This Precedent reflects reporting and recording requirements under the General Data Protection Regulation (GDPR). It can be used to help you record,...
Read More >
19th Nov
Precedents

Public statement on data breach

Statement by [insert name of organisation] concerning a significant [cyber attack OR data protection breach] on [insert date].On [date], we were made...
Read More >
19th Nov
Practice notes

Managing a personal data breach—process flowchart

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it...
Read More >
19th Nov
Practice notes

Managing personal data breaches

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it...
Read More >
19th Nov
Q&As

When does the 72–hour time limit for notifying the ICO of a data breach come into force and start to run?

Article 33 of the General Data Protection Regulation (GDPR), which imposes data breach notification requirements, came into force on 25 May 2018. The...
Read More >
5th Oct
Precedents

Letter notifying data breach to insurer

Letter notifying data breach to insurers[Data insurer’s name and address][Date]Dear [insert organisation name],Notification under Policy Number...
Read More >
5th Oct
Q&As

Do I need to report a data breach to the ICO during the coronavirus (COVID-19) epidemic?

This Q&A considers whether commercial organisations are obliged to comply with GDPR personal data breach reporting requirements during the coronavirus...
Read More >
29th Sep
tag iconCOVID-19
Precedents

Privacy risk register

Please click for an Excel version of this register. The register consists of three tabs:•sample Privacy risk register—this has been populated with a...
Read More >
26th Sep
Precedents

Data breach monitoring record

1General informationDate of monitoring review[insert date of monitoring review]Person conducting monitoring review[insert name]2Volume of data...
Read More >
26th Sep
Precedents

Information audit form

InformationWhy is it processed?How is it stored?How is it used?How long is it needed?[Personnel files][To record employment history and for appraisals...
Read More >
26th Sep

Popular documents

LEXISNEXIS

What is practical completion?

Practical completion marks the end of the construction period of a project, when the works are 'finished' and the employer can occupy and/or use them. Practical completion also typically marks the start of the defects liability period/maintenance period.As explained below, practical completion is an

LEXISNEXIS

Conditions precedent in commercial contracts

This Practice Note considers the meaning and use of conditions precedent in commercial arrangements. It also considers typical conditions precedent and drafting issues.What are conditions precedent?A condition precedent in a commercial contract details an event which must take place before:•a

LEXISNEXIS

Money laundering offences—tipping off and prejudicing an investigation

Tipping off and prejudicing an investigationIt would undermine the benefit to the authorities if, a suspicious activity report (SAR) having been made, the alleged offender were to be made aware of the interest in their activities so that they could take steps to cover up their misdeeds or disappear.

LEXISNEXIS

Compulsory winding up of a company—the process and procedure

STOP PRESS: The Corporate Insolvency and Governance Act 2020 contains provisions which, on a temporary basis (presently until 31 December 2020) impose significant limitations on the ability for a creditor to seek a winding-up order against a company. For further reading, see Practice Note: Corporate