Information assets & security

View Risk & Compliance by content type:

News
Practice notes
Precedents
Q&As

Sub Topics We Cover

Artificial intelligence Cybersecurity ICT plan Information security International cybersecurity Protecting IP assets Website management

Latest Risk & Compliance News

Export Control Joint Unit announces Syria sanctions amendments and licence revocation

Export Control Joint Unit announces Syria sanctions amendments and licence revocation
Main challenges of EU AI Act-GDPR interplay identified by Member States

Main challenges of EU AI Act-GDPR interplay identified by Member States

The following EU Law news provides comprehensive and up to date legal information on Main challenges of EU AI Act-GDPR interplay identified by Member States

Fess up, or wait and see? SFO policy shift stirs DPA debate

Fess up, or wait and see? SFO policy shift stirs DPA debate

The following Corporate Crime news provides comprehensive and up to date legal information on Fess up, or wait and see? SFO policy shift stirs DPA debate

OFSI announces new and updated General Licences

OFSI announces new and updated General Licences

Featured Risk & Compliance content

How to manage legal risk

How to manage legal risk

How to manage legal riskIt is often said that running a business means taking risks and that the biggest risk an entrepreneur can take is not to think...

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?

Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal...

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?

Can I charge a fee for dealing with a data subject access request?The General Data Protection Regulation (GDPR) provides for enhanced rights for data...

Tipping-off and prejudicing an investigation

Tipping-off and prejudicing an investigation

Tipping-off and prejudicing an investigationThere are several offences of tipping-off and prejudicing an investigation that apply to the regulated...

Practice notes

Dawn raid—who can raid my organisation and why?

Dawn raid—who can raid my organisation and why?The UK Government has legislated to permit a number of UK authorities to obtain search warrants to...
Read More >
Produced in partnership with Michael Potts of PCB Byrne
28th Mar
tag iconIn-house
Practice notes

Contract management risk management guide

Contract management risk management guideWhy you need to manage this riskContract management is often seen by the business as an activity which is...
Read More >
Produced in partnership with Elizabeth Bourlet
28th Mar
tag iconIn-house
Practice notes

Confidentiality risk management guide

Confidentiality risk management guideWhy you need to manage this riskConfidential information is one of the most valuable assets of any business....
Read More >
Produced in partnership with Ishika Patel of Lawyers on Demand
2nd Mar
Practice notes

Money Laundering Regulations 2017—simplified due diligence

Money Laundering Regulations 2017—simplified due diligenceYou may apply simplified customer due diligence (SDD) measures in relation to particular...
Read More >
2nd Mar
Practice notes

SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyers

SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyersThis Practice Note provides guidance for in-house solicitors on the SRA Code of...
Read More >
1st Mar
Practice notes

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businesses

Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businessesThe Money...
Read More >
2nd Mar
Practice notes

Dealing with the National Crime Agency

Dealing with the National Crime AgencyThis Practice Note provides high-level guidance on dealing with the National Crime Agency. It sets out the role,...
Read More >
Produced in partnership with Peter Ratliff of 6KBW College Hill
28th Mar
Precedents

Public statement on data breach

Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber attack OR data protection breach] on [insert...
Read More >
2nd Mar
Practice notes

Money Laundering Regulations 2017—nominated officer

Money Laundering Regulations 2017—nominated officerThis Practice Note sets out when organisations must appoint a nominated officer (sometimes referred...
Read More >
2nd Mar
tag iconIn-house
Practice notes

Dealing with the Serious Fraud Office

Dealing with the Serious Fraud OfficeSFO—role and powersRoleThe Serious Fraud Office (SFO) is the authority in England, Wales and Northern Ireland...
Read More >
Produced in partnership with Miranda Hill of 6KBW College Hill
28th Mar
Practice notes

How to conduct a legitimate interest assessment (LIA)

How to conduct a legitimate interest assessment (LIA)The UK General Data Protection Regulation (UK GDPR) permits processing of personal data where...
Read More >
1st Mar
Q&As

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?

Refusing a data subject request—what is ‘manifestly unfounded or excessive’?The General Data Protection Regulation (GDPR) provides for enhanced rights...
Read More >
2nd Mar
Q&As

If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?

If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s...
Read More >
Produced in partnership with Alexander Dittel of Wedlake Bell
28th Mar
Practice notes

Dealing with dawn raids by the Information Commissioner’s Office

Dealing with dawn raids by the Information Commissioner’s OfficeThis document reflects the UK GDPR regime. References and links to the GDPR refer to...
Read More >
Produced in partnership with Michael Potts and Ilana Baines of PCB Byrne
1st Mar
Precedents

Data protection officer—DPO—job description and role profile

Data protection officer—DPO—job description and role profile1DPO detailsName of organisation[Insert name of organisation]Name of DPO[Insert...
Read More >
1st Mar
Precedents

Competition law compliance—post-training assessment questions

Competition law compliance—post-training assessment questionsHow to use this testThese questions are designed to test your understanding after your...
Read More >
1st Mar

Popular documents

How to manage data retention

How to manage data retentionThis Practice Note is intended for general commercial organisations based in the UK. It explains the retention requirements that apply to personal data and provides practical guidance on how to comply with these obligations. This Practice Note reflects the UK General Data

Bring your own device (BYOD)

Bring your own device (BYOD)What is BYOD?'Bring your own device' (BYOD) refers to arrangements where an organisation allows employees to connect to its corporate IT network using their own communications devices, for specific, work-related purposes. BYOD arrangements may cover a range of devices,

Scotland—the process for applying for sequestration

Scotland—the process for applying for sequestrationSequestration in Scotland is the legal process by which an insolvent debtor’s estate is gathered in, realised and then distributed among their creditors by a trustee appointed for that purpose. The process requires that a formal award of

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is