"There's a good range of Risk and Compliance materials, checklists and outline frameworks in one place. I think that's the difference. Everything's much more searchable, it cuts time and we can find what we really want."
Southampton FC
Access all documents on Data
This term is not defined in the cpr. In normal usage it means information that has been organised and categorised for a pre-determined purpose.
It can also generally relate to information.
Speed up all aspects of your legal work with tools that help you to work faster and smarter. Win cases, close deals and grow your business–all whilst saving time and reducing risk.
For our full legal glossary and more legal research sources, register for a free Lexis+ trial
EU Securitisation Regulation—timeline This timeline shows key developments relating to Regulation (EU) 2017/2402 (the EU Securitisation Regulation) from January 2024 onwards. For earlier developments, see EU and UK Securitisation Regulations—timeline [Archived]. 2025 Date Source Document Description 1 April 2025 AFME The Joint Associations’ response to the ESMA consultation of February 2025 on the revision of the disclosure framework for private securitisation AFME, Commercial Real Estate Finance Council (CREFC) Europe and International Capital Market Association (ICMA) submitted a joint response to the European Securities and Markets Authority's (ESMA) consultation on revising private securitisation disclosure requirements. The joint response argues against: introducing a simplified reporting regime for EU-originated securitisations before wider reforms, citing concerns about potential changes to private securitisation definitions, continued template-based reporting requirements, and unresolved third-country reporting issues. They propose an alternative approach focusing on supervisory reporting needs while allowing more flexible investor disclosures.See: LNB News 01/04/2025 71. 31 March 2025 EBA Joint Committee Report on the implementation and functioning of the Securitisation Regulation (Article 44) The Joint Committee...
EU operational resilience—timeline This timeline shows key developments relating to EU operational resilience requirements for financial services firms from January 2024 onwards. For earlier developments, see Operational resilience—timeline [Archived] 2025 Date Source Document Description 15 April 2025 FSB FSB finalises the common Format for Incident Reporting Exchange (FIRE) The Financial Stability Board (FSB) has published its finalised format for incident reporting exchange (FIRE), which aims to standardise and streamline cyber and operational incident reporting. Developed with private sector collaboration, FIRE addresses fragmentation in reporting requirements across multiple jurisdictions and supports phased implementation. It is interoperable with existing systems and applicable to a wide range of incidents, including those involving third-party service providers. The initiative promotes convergence in cyber incident reporting, reduces the reporting burden for firms, and improves communication among authorities.See: LNB News 15/04/2025 37. 24 March 2025 European Commission COMMISSION DELEGATED REGULATION (EU) …/... supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the elements that a financial...
Discover our 239 Checklists on Data
Evaluating an objection to processing request—flowchart This document reflects the UK GDPR regime. References and links to the GDPR refer to the UK GDPR (Assimilated Regulation (EU) 2016/679) unless expressly stated otherwise. The UK General Data Protection Regulation (UK GDPR) provides a number of rights for data subjects, including providing a right to object. Data subjects can make a request to an organisation to exercise their right to object to processing at any time. This is not, however, an absolute right to object—it only applies in specific circumstances. There are strict time limits for complying with requests made. See Practice Notes: • Data subject rights—objection to processing • How to handle data subject requests This Flowchart maps out a process for evaluating a data subject request under the right to object that your organisation receives under the UK GDPR. It reflects the requirements in the UK GDPR and the Data Protection Act 2018 (DPA 2018) together with guidance issued by the Information Commissioner’s Office (ICO). It should be...
Data protection impact assessments—flowchart This flowchart illustrates how to establish whether or not you need to conduct a data protection impact assessment (DPIA) in relation to a particular project, and how to conduct one if it is required. See also Precedents: Data protection impact assessment—DPIA and Data protection impact assessment—DPIA—short form, which is based on a template issued by the Information Commissioner’s Office (ICO). The ICO’s Data Protection Impact Assessments guidance sets out seven steps to conducting a DPIA, whereas the ICO’s Data protection impact assessments guidance sets out a nine-stage process, as shown above. The two processes are broadly the same but the latter is more intuitive and is adopted in this flowchart. Note 1: Identify the need for a DPIA If you have a data protection officer (DPO), ask them for advice. For further information, see Practice Note: How to complete a data protection impact assessment—DPIA—Who should conduct the DPIA? A DPIA is compulsory in the case of: • a systematic and extensive evaluation of personal aspects...
Discover our 24 Flowcharts on Data
ARCHIVED: This Practice Note has been archived and is not maintained. The Investigatory Powers Act 2016 (IPA 2016) provides the main legal framework governing the use of covert surveillance by public bodies. The provisions which govern the acquisition and disclosure of communications data are contained within IPA 2016, Pts 2 and 3 and repealed the provisions relating to the interception and acquisition of communications data contained in Regulation of Investigatory Powers Act 2000 (RIPA 2000). For information on the acquisition and use of communications data under IPA 2016, see Practice Notes: Acquisition, retention and disclosure of communications data under the Investigatory Powers Act 2016 and Interception of communications under the Investigatory Powers Act 2016.For information on the scope of IPA 2016 generally, see Practice Note: The regulation of intelligence gathering—an introductory guide.Communications dataRegulation of Investigatory Powers Act 2000 (RIPA 2000) set out a framework for the requisition, provision and handling of communications data. This statutory framework places duties on those who deal with communication data. The legislation is read...
Disclosure—solicitors' obligations This Practice Note identifies solicitors’ obligations in relation to disclosure to their client and the court. It also explains the need to preserve documents, provide the required disclosure and co-operate with the other side particularly in relation to electronic disclosure (e-disclosure). This Practice Note does not cover the provisions of the disclosure scheme operating in the Business and Property Courts. For guidance, see: Disclosure scheme—overview. Obligations Throughout the disclosure process you have obligations to your client, to the court and in accordance with other relevant provisions. These include, but are not limited to: • advising your client of the need to preserve documents—see further: Preservation of documents • ensuring your client complies with all relevant and applicable provisions and makes compliant disclosure—see further: Full disclosure • co-operating with the other side, specifically in relation to e-disclosure and/or where the claim is proceeding on the multi-track and does not involve a claim for personal injury—see further: Co-operating with the other side • a reasonable duty to manage...
Discover our 2284 Practice Notes on Data
Copyright licence 1 The copyri
Letter of instruction to single joint expert—employment tribunal proceedings Private & confidential [Insert name and address of expert] [Insert date] Dear [insert name of expert] [Insert case heading, eg Ms R Jones v Supermarkets Plc, ET Case Number: 12345] Instruction to act as single joint expert Thank you for agreeing to act as the expert witness in this matter. As you know you will be acting as a single joint expert. We act for [insert name of client] who is [bringing OR defending OR an employment tribunal claim against [insert name of opposing party/parties]. This letter has been countersigned by the solicitors acting on behalf of [insert name of opposing party/parties] to confirm their agreement to the terms of this letter. The aim of this letter is to provide you with the relevant factual background, key documents and to identify the issues you will need to consider. As an expert witness you will be aware of the need for you to comply with certain duties and ensure...
Dive into our 733 Precedents related to Data
If a data controller shares personal data with another data controller based outside the EEA, and in doing so exports that personal data outside of the EEA using one of the permitted data export exceptions or adequacy solutions under Schedule 4 of the Data Protection Act 1998 (DPA 1998), does the transferor data controller retain any liability for the processing of that personal data by the transferee controller under the DPA 1998? For the purposes of this Q&A we have focused solely on the law under the UK’s Data Protection Act 1998 (DPA 1998) as regulated by the Information Commissioner’s Office (ICO). Please note that: • the General Data Protection Regulation (GDPR) will introduce substantial amendments to data protection law and will replace the current DPA 1998 and the current Directive 95/46/EC (the Data Protection Directive). The GDPR will be directly applicable and fully enforceable in all EU Member States from 25 May 2018. For further information, see Practice Note: Introduction to the EU GDPR and...
What is 'personal data' for the purposes of the Data Protection Act 1998? For the purposes of the Data Protection Act 1998 (DPA 1998), 'personal data' is defined as: 'data which relate to a living individual who can be identified— (a)    from those data, or (b)    from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual' This definition refers to several key terms which are further defined in DPA 1998. The term 'data' is defined to include information which: '(a)    is being processed by means of equipment operating automatically in response to instructions given for that purpose (b)    is recorded with the intention that it should be processed by means of such equipment (c)    is recorded as part of a "relevant filing system" or...
See the 617 Q&As about Data
The Data (Use and Access) Bill (DUA) is set to receive Royal Assent and become an Act of Parliament on Thursday 19 June 2025. This follows its parliamentary review being finalised on 11 June 2025 and marks the culmination of nearly eight months of parliamentary procedure. Under section 139 of the DUA, most provisions will come into force as and when the Secretary of State appoints regulations. However, a limited number of provisions will come into force upon Royal Assent. This includes section 78, which relates to reasonable and proportionate searches for data subject access requests. It also includes sections 126–128 on the retention of biometric data, and schedule 16 on the grant of energy smart meter communication licences.
The European Commission has made legally binding a series of commitments by AliExpress to address concerns under the EU Digital Services Act (EU DSA), including measures to improve the detection of illegal products, platform transparency, trader traceability, and access to data. It has also issued preliminary findings that AliExpress breached its duty to assess and mitigate systemic risks linked to the dissemination of illegal goods. AliExpress may now respond to the findings before a final decision is taken. If confirmed, the Commission may issue a non-compliance decision, impose a fine, and require a remedial action plan.
Read the latest 1977 News articles on Data
**Trials are provided to all ÑÇÖÞÉ«ÇéÍø content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these ÑÇÖÞÉ«ÇéÍø services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
0330 161 1234