About Risk & Compliance
Lexis+ Risk & Compliance is an online practical guidance product for in-house legal and compliance teams dealing with the ever-increasing and ever-shifting burden of risk and compliance.
Risk management guides
Each guide identifies five key priorities for the area of risk, and gives a heads-up on why each is a priority area. The priority is explained in further detail, with a series of mini-checklists and action points.
Competition & antitrust law compliance
Having a clear understanding of the nature of competition law compliance and the associated risks/challenges for businesses is the first step to setting effective compliance arrangements. We help organisations with this.
GDPR compliance
Practical guidance tools, registers, training aids and other templates to help you comply with data protection law and manage privacy risks
Regulation
Helping in-house counsel, privacy and compliance professionals manage the regulatory burden. GDPR, BA, MLR and plenty more, we've got it covered.
Topics We Cover
Latest Risk & Compliance News
Law360, London: An art gallery founder and reality TV art expert pleaded guilty to terrorist financing offences at a London criminal court on 9 May...
The Information Commissioner's Office (ICO) has published a consultation on its draft updated guidance on encryption. Respondents are asked to provide...
The Department for Business and Trade has published a letter from the Minister of State for Trade Policy and Economic Security, the Rt Hon Douglas...
Law360, London: Dyson will dispute claims in England that it did nothing about allegations of forced labour at Malaysian factories making components...
The House of Lords considered the amendments from the House of Commons to the Data (Use and Access) Bill on 12 May 2025. While the amendments...
Latest Risk & Compliance Practice Notes
How to conduct a health and safety risk assessmentHaving in place a well-thought-out and accessible structure on health and safety can help an...
How to formulate a privacy risk registerA privacy risk register is a tool that allows you to collate, record, track and manage all your data...
Responding to a data subject access request—information identifying other individualsThis Practice Note is intended for general commercial...
How to establish adequate anti-bribery and corruption proceduresUnder the Bribery Act 2010 (BA 2010) it is an offence to pay or receive a bribe. In...
How to process personal data lawfullyAn organisation cannot simply process personal data because it wishes to do so. It can only process personal data...
Latest Risk & Compliance Precedents
Response to data subject request—right of access—able to comply with request[Name of individual making request][Address of individual making...
Response to data subject request—right to object—unable to comply with request[Name of individual making request][Address of individual making...
Response to data subject request—right of rectification[Name of individual making request][Address of individual making request][Date of this...
Information management and security—annual review1General informationDate of review[insert date of review]Person(s) conducting review[insert name or...
Data protection impact assessment—DPIA—surveillance cameras1Project summaryProject informationDetailsProject name[Insert name]Project owner[Insert...
Latest Risk & Compliance Q&As
Featured Risk & Compliance content
How to manage legal risk
How to manage legal riskIt is often said that running a business means taking risks and that the biggest risk an entrepreneur can take is not to think...
Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?
Can I charge a fee for dealing with a data subject access request?
Tipping-off and prejudicing an investigation
Tipping-off and prejudicing an investigationThere are several offences of tipping-off and prejudicing an investigation that apply to the regulated...
Dawn raid—who can raid my organisation and why?
Dawn raid—who can raid my organisation and why?The UK Government has legislated to permit a number of UK authorities to obtain search warrants to...
Contract management risk management guide
Contract management risk management guideWhy you need to manage this riskContract management is often seen by the business as an activity which is...
Confidentiality risk management guide
Confidentiality risk management guideWhy you need to manage this riskConfidential information is one of the most valuable assets of any business....
Money Laundering Regulations 2017—simplified due diligence
Money Laundering Regulations 2017—simplified due diligenceYou may apply simplified customer due diligence (SDD) measures in relation to particular...
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyers
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyersThis Practice Note provides guidance for in-house solicitors on the SRA Code of...
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businesses
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businessesThe Money...
Dealing with the National Crime Agency
Dealing with the National Crime AgencyThis Practice Note provides high-level guidance on dealing with the National Crime Agency. It sets out the role,...
Public statement on data breach
Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber attack OR data protection breach] on [insert...
Money Laundering Regulations 2017—nominated officer
Money Laundering Regulations 2017—nominated officerThis Practice Note sets out when organisations must appoint a nominated officer (sometimes referred...
Dealing with the Serious Fraud Office
Dealing with the Serious Fraud OfficeSFO—role and powersRoleThe Serious Fraud Office (SFO) is the authority in England, Wales and Northern Ireland...
How to conduct a legitimate interest assessment (LIA)
How to conduct a legitimate interest assessment (LIA)The UK General Data Protection Regulation (UK GDPR) permits processing of personal data where...
Refusing a data subject request—what is ‘manifestly unfounded or excessive’?
If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?
Dealing with dawn raids by the Information Commissioner’s Office
Dealing with dawn raids by the Information Commissioner’s OfficeThis document reflects the UK GDPR regime. References and links to the GDPR refer to...
Associated legal terms
Capital under management
This is the amount of capital that the fund has at its disposal, and is managing, for investment purposes.
Clean Energy Package
The Clean Energy Package was presented as a set of legislative proposals and policy measures by the European Commission in late November 2016. The package comprises measures in various energy-related areas including efficiency'>energy efficiency, renewables, the Energy Union and aims to empower consumers while delivering economic growth and jobs creation.
Visa nationals
Nationals and citizens of certain foreign and Commonwealth countries or territorial entities and stateless persons who always require a visa, as a form of entry clearance, in order to be granted leave to enter the UK.
CONTACT US
