Q&As

STOP PRESS: This document is being updated to reflect implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025) which amends the UK GDPR and Data Protection Act 2018. For more guidance on the compliance implications of DUAA 2025, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. This Practice Note consolidates information requirements located in different parts of the UK General Data Protection Regulation ( UK GDPR). While many relate to privacy notices, it also covers matters such as data breaches and the data protection officer ( DPO). It does not address information requirements where information society services are provided to children. Transparency is a core UK GDPR principle. Most organisations satisfy these obligations through a privacy notice or privacy policy. For a quick reference on the form and content of your notices, see Precedent: Privacy notice audit. For sample...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill obtained Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025), with provisions also coming into force in part on that day. Certain DUAA 2025 provisions, addressing matters such as handling data subject access requests and the conferral of powers to make further regulations, commenced straightaway on 19 June 2025. Other provisions, relating to notices issued by the Information Commissioner and specific aspects of law enforcement processing, took effect on 19 August 2025 (being two months from the date of Royal Assent). The majority of DUAA 2025’s provisions will only commence once additional regulations are made, in the form of statutory instruments, to bring them into effect. Parts 5 and 6 of DUAA 2025 serve to amend aspects of data protection and e Privacy law in the UK,...

This Practice Note outlines the principal cybersecurity ramifications posed by artificial intelligence ( AI) in relation to duties under UK law, including those arising from the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). It further sets out practical guidance on embedding AI as a relevant factor within existing cybersecurity compliance frameworks already in place. Advances in AI prompt concerns about the implications for cybersecurity and, as adoption grows, so too do related cybersecurity concerns. In January 2024, the UK National Cyber Security Centre ( NCSC), the UK’s technical authority on cyber threats, warned that AI will almost certainly render cyberattacks on UK organisations more effective and widespread. In April 2026, DSIT and the Cabinet Office published an open letter to businesses on AI cyber threats, warning that the development of AI models is...

When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...

This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...

Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...

I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...