Regulatory data protection meaning

This Practice Note sets out detailed, relevant guidance on the principal legal and regulatory compliance obligations that a website operator should take into account within the EU, covering the following areas: the type and functionality of the website information disclosure requirements consumer protection data protection and privacy cookies accessibility cyber security platform-to-business online payments advertising, promotions and direct marketing AI competition law taxation liability for third party content intellectual property and observance of copyright geographic and territorial considerations Topics such as electronic data interchange (EDI), blockchain, smart contracts, or sector-specific laws and regulations—including those relating to financial services, intermediation services, or online auctions—fall outside the scope of this Practice Note. This Practice Note addresses only legislation that has been adopted to date by the EU. For further details on ongoing initiatives that may materially affect websites operating in the EU, also see Practice Note: Key EU digital...

This Checklist supports planning for a print marketing campaign. It concentrates on marketing-specific needs, excluding wider transactional matters (eg contract formation, distance selling). Scope includes targeting and placement, agency agreements, data protection, advertising compliance, and prize or price promotions. It also addresses conformity with the UK’s legislative and self-regulatory framework, notably the unfair commercial practices rules in the Digital Markets, Competition and Consumers Act 2024 (DMCCA 2024) and the UK Code of Non-broadcast Advertising and Direct & Promotional Marketing (CAP Code). Print ads remain pivotal to big-brand activity, across billboards, posters, brochures, leaflets, newspapers and magazines. In the UK, print advertising is overseen through a blend of industry self-regulation and statute. For a wider briefing on the UK advertising environment, see Practice Note: Advertising law and regulation. See also: Advertising copy approval—checklist; Planning a digital marketing campaign—checklist. A third column is available to capture observations or remarks while working through the Checklist... Checklist Further information Notes (if any) Targeting and placement ...

How to use this Checklist Use this Checklist when mapping out a digital marketing campaign. The emphasis is on marketing‑specific requirements, and it does not deal with general matters connected to transactional activity (eg contract formation and distance selling). It spans media selection, territorial targeting, agency contracts and agreements, data protection and safeguarding, advertising compliance, user‑generated content and material, influencer engagement and partnerships, prize and price promotions, and behavioural advertising. It also looks at adherence to the legislative and self‑regulatory regime in the UK, including the unfair commercial practices provisions in the Digital Markets, Competition and Consumers Act 2024 (DMCCA 2024) and the UK Code of Non‑broadcast Advertising and Direct & Promotional Marketing (CAP Code). Digital marketing can reach consumers at home, at work and, via their mobiles, tablets and video game consoles, almost everywhere else. Alongside unrivalled potential audience numbers, it gives brands the chance to target individuals on the basis of their specific interests, locations or habits. It is no surprise, then, that brands are moving...

This decision tree sets out a logical route for deciding whether you may undertake email marketing and, if so, who you can contact. It is just as applicable to text and SMS activity. Separate trees cover postal and live telephone direct marketing—see: Direct marketing decision tree—postal—data protection and Direct marketing decision tree—live telephone calls—data protection. Of all marketing channels, electronic marketing is the most demanding from a regulatory perspective. You must comply with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communication Regulations 2003 (PECR 2003). PECR 2003 applies different rules to different electronic marketing methods, depending on your audience and the goods/services being promoted. You must also meet the relevant UK GDPR obligations. For more guidance, see the following Practice Notes: Direct marketing compliance—Electronic mail How to handle personal data for direct marketing Direct marketing—UK GDPR and PECR 2003 interplay What is electronic mail direct marketing? Direct marketing is the communication, by any means, of...

In this issue: Horizon scanning Directors Status and worker categories Cross-border, international and jurisdictional issues Recruitment Protected characteristics Prohibited Conduct (discrimination etc) Diversity and gender pay gap Maternity, parents and carers Financial services and banking: employment issues Data protection and employee information Bribery, modern slavery, tax evasion and fraud Employment Tribunals Scotland Ireland LexTalk®Employment: a Lexis®Nexis community Dates for your diary Trackers New Q&As Employment resources on Lexis+® Daily and weekly news alerts Horizon scanning BTC launches call for evidence on Employment Rights Bill The Business and Trade Committee (BTC) has opened its first request for evidence for a new inquiry into the Employment Rights Bill (ERB). The inquiry will collect written and oral submissions to steer the Bill’s subsequent passage through Parliament and to gauge whether it is set to meet its stated aims. Written evidence should be submitted by Friday...

In this issue: Investigating criminal conduct Criminal procedure and evidence Proceeds of crime Sentencing Bribery, corruption, sanctions and export controls Consumer protection and cartels Cybercrime and data protection offences Environmental offences Financial services and pensions offences Health and safety and corporate manslaughter offences Insolvency offences and Companies Act offences Money laundering International Other corporate crime news Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information Investigating criminal conduct Standards of candour in closed hearings, and corporate witness statements (Attorney General v BBC; R (‘Beth’) v IPT) When scrutinising MI5’s actions across two High Court cases, the court addressed the grave consequences of presenting inaccurate material within closed hearings. It outlined the tightly confined situations that can justify a departure from open justice under section 6 of the Justice and Security Act 2013 (JSA 2013). The court further...

In this issue: Investigating criminal conduct Decision to prosecute and alternatives to prosecution Sentencing Bribery, corruption, sanctions and export controls Cybercrime and data protection offences Environmental offences Financial services and pensions offences Food safety and hygiene offences Fraud, forgery, tax and theft offences Health and safety and corporate manslaughter offences Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information Investigating criminal conduct Whistleblowing in the UK—Still a long road ahead Rahman Ravelli’s legal director, Dr Angelika Hellweger, together with associate, Tatiana Novikova, examine how the UK handles whistleblowing. They map out the present UK statutory position and other relevant mechanisms, assess the scope of the safeguards they afford, and set these against the options open to whistleblowers in the United States of America. They also describe the HM Revenue and Customs (HMRC) whistleblower reward initiative announced near the end of 2025,...

This Practice Note sets out the essentials of Regulation (EU) 2024/2847, the EU Cyber Resilience Act (CRA): its background, timeline, aims, and how it aligns with other EU laws. For details on the CRA’s scope or core duties for economic operators, see the following Practice Notes: The EU Cyber Resilience Act—scope and classification of products The EU Cyber Resilience Act—obligations, compliance and enforcement Regulation (EU) 2024/2847, known as the CRA, is the first EU measure to set mandatory cybersecurity requirements for ‘products with digital elements’ across the EU. From December 2027, products that do not satisfy these requirements cannot be placed on the EU market. Accordingly, compliance will be crucial for market entry for both hardware and software. Manufacturers, importers and distributors will have extensive cybersecurity responsibilities and risk significant fines for non-compliance. The CRA was published in the Official Journal of the EU on 20 November 2024, entered into force on 10 December 2024, and applies in full from 11...

This Practice Note serves as a practical ‘how to’ for delivering a compliant B2C telephone and print direct marketing campaign, and points you to relevant materials. It distils the key principles and legal rules governing direct marketing, and explains how they affect print and telephone activity. It also offers hands-on advice on the steps and issues to weigh up before dispatching marketing mailings or placing marketing calls to consumers. Given the variety of routes available for a direct marketing initiative, different legal considerations may arise depending on the campaign’s design, the copy used, the exact media chosen and the jurisdictions in scope. This Practice Note does not cover digital forms of direct marketing, such as social media advertising, mobile and virtual advertising. For a ‘how to’ on running a compliant direct marketing campaign in a digital setting, see Practice Note: How to run a compliant direct marketing campaign—digital. What is direct marketing? ‘Direct marketing’ means the communication, by any method, of advertising or marketing material directed at...

This Practice Note forms part of the Lexis+® UK Corporate private equity buyout transaction toolkit. Beyond choosing between a share sale and an asset sale structure, a range of matters should be weighed at the outset of a private equity buyout (MBO), before due diligence begins and the principal transaction documents are negotiated. These matters can influence the core commercial and legal terms, so each side is well advised to address them before settling any headline terms (and before executing heads of terms for both the acquisition and equity elements) and before fixing the transaction timetable. The topics outlined below (and in the Practice Notes referenced in this sub‑phase) may remain relevant throughout the deal, particularly during negotiation of the formal documentation, but they are highlighted early because lawyers for all interested parties ought to consider them and brief their clients as soon as possible. Corporate issues to consider Selected corporate law points are outlined below; applicability will vary with the nature of the deal and the parties...

1 Introduction 1.1 Keeping corporate records in an orderly and dependable manner is vital to meet our statutory and regulatory duties, for example concerning data protection, taxation and employment. Doing so also lowers costs and mitigates the risks of holding superfluous information. 1.2 This records management policy guides staff in the correct handling of [ insert organisation name ]’s records. It explains: 1.2.1 the meaning of records; 1.2.2 the methods for classifying and storing records; 1.2.3 the retention periods for different categories of record; 1.2.4 the approach to disposing of records. 2 Responsibility and application 2.1 [ Insert name, department or role holder ] has overall responsibility for this policy. 2.2 This policy covers everyone working for us, including employees, temporary and agency workers, other contractors, interns and volunteers. All staff must read and follow it. 2.3 This policy is not a term of any employment contract and [ insert organisation name ] may add to...

1 Description of outsourced services [ Describe the type of service delivered, eg digital transcription for the private client team ] 2 Outsourcing supplier [ Specify the outsourcing provider to which this entry pertains ] 3 Audit team Name Role [ List the individuals within your organisation who participate in the audit activity, eg head of dept, head of IT, senior PA, head of HR ] [ Add details of each individual’s responsibilities ] 4 Method of audit Audit methodology Select all that apply: Details of audit ☐ Physical inspection [ Provide particulars, eg inspection date(s), and whether visits were announced or unannounced etc ] ☐ Review of documents [ Note which documents were examined, eg information security policies and procedures, staff vetting policy etc ] ☐ Staff interviews [ Record the personnel consulted, eg DPO, Head of IT, X number of frontline staff etc ] ☐ Other [ Outline any additional methodology utilised...

1 Introduction Our website is a key channel for engaging with existing and prospective clients and is a significant expression of our brand. Accordingly, it is essential that our website activities are managed appropriately. This policy explains our procedures for running the website, including: who holds responsibility for website management; content governance; website security and data protection; permitted and prohibited use; linking; accessibility; client confidentiality. 2 Responsibility The [ state who ] holds overall responsibility for managing our website. Their responsibilities include: authorising and supervising content; ensuring the website meets legal and regulatory requirements; overseeing linking arrangements; maintaining the website terms and conditions and the privacy policy; and carrying out an annual review of this policy to confirm it operates effectively. 3 Cookies and other...