Featured documents
This Practice Note outlines the law concerning criminal recklessness. The subjective test for recklessness Certain statutory and common law offences allow the prosecution to prove mens rea through ‘recklessness’. Put simply, recklessness is where the accused takes an unjustified risk that results in unlawful harm or damage. The House of Lords in R v G reaffirmed the subjective approach to recklessness. Before R v G, two distinct tests were used, depending on the offence charged: Subjective recklessness from R v Cunningham: the prosecution had to establish that the accused personally foresaw the risk. Objective recklessness from R v Caldwell: the prosecution only needed to show that the risk would have been obvious to a reasonable person, without proving the accused themselves foresaw it. In R v G, the House of Lords concluded that the objective test could operate unfairly where a defendant did not foresee the
This Practice Note examines the remedy of rescission, explaining when and in what manner a contract can be unwound (at common law, in equity and under statute) and thereby terminated and brought to an end. It covers the consequences and effects of rescission, the principal grounds for setting aside an agreement (misrepresentation, mistake, undue influence, duress, non‑disclosure, fiduciary misdealing and bribery) and the main obstacles to claiming rescission—affirmation, the intervention of third‑party rights and the impossibility of restitution. For further guidance on rescission in the context of misrepresentation, see Practice Note: Misrepresentation—rescission as a remedy. There are many ways in which a contract may reach its end; see: Terminating contracts—how and when a contract ends—overview for a brief and accessible summary, with links to the related further practical guidance, including Practice Note: Termination and expiry of contracts. For a table
What is a res judicata? A res judicata is a determination by a court or tribunal with jurisdiction over the cause of action and the parties, which finally disposes of the issues decided so they cannot be litigated again by those bound, save on appeal. Final judgments entered by default or by consent fall within this concept, whereas rulings on purely procedural points and any decision lacking finality do not. The doctrine’s aim is to bring litigation to an end and shield parties from being harassed by the same dispute twice. in personam—binds the parties and their privies in rem—binds all persons, privy or otherwise (ie a judgment binding the whole world) A party may rely on res judicata: as an estoppel to defeat an opponent’s claim or defence; and/or as the basis of their own claim or
The offence of causing grievous bodily harm with intent Wounding or causing grievous bodily harm (GBH) with intent can be tried solely in the Crown Court on indictment. Elements of the offence Under the Offences against the Person Act 1861 (OATPA 1861), the prosecution must establish that the defendant unlawfully and maliciously: wounded with the intention of causing GBH, or caused GBH with that intention, or wounded intending to resist or prevent the lawful arrest or detention of any person, or caused GBH intending to resist or prevent the lawful arrest or detention of any person ‘Unlawfully’ and ‘maliciously’ Unlawfully The wounding or causing of GBH must be unlawful. Such conduct may be lawful if used: in self-defence in defence of another in defence of property for the prevention of crime where the victim gave express or implied consent For further information on these defences, see below:
Most recent Practice notes
This Practice Note examines matters and recommended approaches for sharing personal data between controllers (including joint controllers and independent controllers) in general business-to-business commercial situations, under Regulation ( EU) 2016/679, the EU’s General Data Protection Regulation ( EU GDPR). It proceeds on the basis that readers already understand the main data protection notions and terminology, and the function of key supervisory organisations. For a broad overview of the EU GDPR and connected topics, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). In brief—summary of steps controllers should often take before data sharing The EU GDPR is designed to ensure information about living individuals (within the meaning of ‘personal data’) is handled fairly and responsibly. A central safeguard is the set of duties imposed on ‘controllers’—generally those determining why and how processing occurs. ‘ Processing’ is widely construed to cover almost any...
This Practice Note This Practice Note explains how to incorporate precedent controller-to-processor ( C2P) or processor-to-processor ( P2P) terms into a commercial contract to meet the requirements of the EU General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). It takes a supranational approach; where appropriate, consult the laws of the relevant EEA Member States or other jurisdictions in light of the contract’s governing law and the place where obligations are performed. This ‘how to’ overview assumes a basic understanding of data protection, including key notions such as ‘personal data’ and ‘processing’. For introductory material, see Practice Notes: Key definitions under EU data protection law and The EU’s General Data Protection Regulation ( EU GDPR). This guide does not address: the drafting or negotiation of the mandatory C2P/ P2P provisions themselves data sharing arrangements between controllers ( C2C). For further...
Practice Note This Practice Note sets out guidance for parties engaged in business-to-business deals to assess whether they act as an independent controller, a joint controller, or a processor under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). For an overview of the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). In short, data protection law across the EEA (the EU together with Iceland, Norway and Liechtenstein) aims to ensure information about living people (as defined as ‘personal data’) is handled fairly and with care. To achieve that aim, EEA data protection rules place extensive duties on those ‘processing’ personal data (and on those directing such processing) and confer rights on the individuals whose personal data is handled (the ‘data subjects’). In essence, ‘processing’ covers almost any operation performed on personal data, such as...
FORTHCOMING CHANGE This Practice Note reflects the current legal position. Certain aspects will be affected by the Digital Omnibus proposals published on 19 November 2025 under the EU Commission’s ‘simplification’ agenda. For further detail, see Practice Note: EU Digital Omnibus—tracker. It introduces the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679—commonly called the GDPR and described here as the ‘ EU GDPR’ to distinguish it from the UK GDPR. It summarises core concepts, regulatory supervision and organisational obligations under the EU GDPR, and ends with guidance on planning EU GDPR compliance activities. Introduction Regulation ( EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protecting natural persons in relation to personal data processing and the free movement of such data, which repealed Directive 95/46/ EC (the General Data Protection Regulation) (the EU GDPR), was published in the Official Journal of the EU on 4...
In summary, any organisation with an establishment in the EEA that handles personal data and cannot rely on an exception under Regulation ( EU) 2016/679 ( EU GDPR) will fall within the EU GDPR’s scope. Organisations lacking a physical presence in the EEA but processing personal data, whether on a regular or occasional basis, should evaluate whether they are likely to be caught by the EU GDPR and/or need to appoint a representative in the EEA. This Practice Note covers: principal guidance territorial reach of earlier EU data protection laws territorial reach of the EU GDPR extra-territorial enforceability of the EU GDPR consequences of being within the EU GDPR’s territorial reach appointing a representative in the EEA exceptions to the EU GDPR’s extra-territorial scope and duties to appoint an EEA...
In brief EEA data protection regimes (covering the EU together with Iceland, Norway and Liechtenstein) aim to ensure that information relating to living persons — defined as ‘personal data’ — is treated fairly and responsibly. These rules support that. To deliver this outcome, these laws impose extensive duties on those ‘processing’ personal data and on the controllers overseeing that processing within the EEA. ‘ Processing’ is construed broadly to encompass most operations on data, including storing, erasing, gathering, disclosing or using it, or handling it. A principal safeguard within EEA data protection law is the suite of responsibilities placed upon ‘controllers’ (usually those who determine the purposes and means of processing) and ‘processors’ (entities that handle personal data for a controller in line with its instructions). Among other requirements, controllers and processors are typically obliged to conclude contracts containing certain minimum clauses as a...
Background Data subjects may file complaints and pursue judicial remedies and compensation where their rights under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), have been violated. Under Article 82 EU GDPR, any person who has suffered material or non‑material harm due to an infringement is entitled to compensation from the controller or the processor. Equivalent rules apply under Regulation ( EU) 2018/1725 for EU institutions. Compensation can therefore cover both pecuniary and non‑pecuniary losses. Recital 146 confirms that the notion of damage should be interpreted broadly and in a way that fully reflects the Regulation’s objectives. Under the EU GDPR, controllers bear significantly wider liability than processors: any controller engaged in unlawful processing is responsible for the damage caused. In contrast, a processor is liable only for damage resulting from processing where it has failed to comply with...
FORTHCOMING CHANGE: This Practice Note sets out the law as it currently stands, but be aware that aspects of it are expected to change in light of the Digital Omnibus proposals dated 19 November 2025, brought forward under the EU Commission’s ‘simplification’ agenda. For supplementary details and context, please consult Practice Note: EU Digital Omnibus—tracker. This Practice Note outlines the lawful grounds for handling personal data under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). It presumes a degree of familiarity with EU data protection rules. For an overview of the EU GDPR, including explanations of core data protection notions and vocabulary, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR) and the EU data protection law collection. Note that: This Practice Note addresses provisions of the EU GDPR that operate across EEA states at the...
FORTHCOMING CHANGE This Practice Note sets out the present legal landscape; bear in mind that aspects of it are expected to shift under the Digital Omnibus proposals released on 19 November 2025, aligned with the European Commission’s ‘simplification’ programme and related initiatives. For further details and updates, see Practice Note: EU Digital Omnibus—tracker. The Note also supplies additional guidance on principal definitions within the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 (the EU GDPR). Scope of this Practice Note This Practice Note examines EU GDPR rules applicable across EEA states at the supranational tier only—please consult guidance from the competent national data protection authorities and domestic statutes, as appropriate, for the approach likely to be followed in any EEA jurisdiction. Owing to the substantial movement of data between the EEA and other regions, practitioners may need to evaluate not only the...
The General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) The General Data Protection Regulation ( Regulation ( EU) 2016/679, the EU GDPR) has applied across the EEA since 25 May 2018. Organisations in the life sciences gather and/or handle volumes of personal information, including health data, relating to individuals (the ‘data subjects’), notably patients and participants in clinical trials. As such, the relevance of the EU GDPR to life sciences businesses is considerable. This Practice Note outlines elements within the EU GDPR framework that have a direct bearing on life sciences companies and their operations. It is not an exhaustive treatment of the EU GDPR and should be read alongside the following Practice Notes: Data protection principles; Processing personal data—standard of consent; and Processing personal data—obtaining, recording and managing consent. For further detail on how clinical trials interface with data...
This Practice Note outlines how financial services firms may rely on legal obligation or legitimate interest as a lawful basis for handling personal data under the General Data Protection Regulation ( EU) 2016/679 ( EU GDPR). For general information on the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Lawful grounds for data processing under the GDPR—summary for financial services firms Definitions Personal data: any information about an identified or identifiable natural person (data subject)—that is, someone who can be recognised, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors unique to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Processing: any operation or set of operations carried out on personal data or on sets of...
EU GDPR enforcement decisions A central aim of Regulation ( EU) 2016/679, the EU’s General Data Protection Regulation ( EU GDPR), was to secure greater consistency in the application and enforcement of data protection rules across the EU and EEA. At present, there is no unified database of enforcement actions from the more than thirty supervisory authorities operating across Europe. See Practice Note: EU and EEA data protection supervisory authorities for a list of the main supervisory authorities in the EU and EEA. Owing to this absence, this Practice Note is not exhaustive, but monitors EU GDPR enforcement outcomes: those issued as a ‘national news’ press release by the European Data Protection Board ( EDPB) (typically only where fines are €250,000 or higher, although some smaller penalties are included below) and those the Lexis+® UK Information Law team otherwise identify from varied sources where total fines exceed...
FORTHCOMING CHANGE: This Practice Note reflects the current legislative landscape; however, aspects will be influenced by the Digital Omnibus proposals released on 19 November 2025 under the EU Commission’s ‘simplification’ agenda. For more, see Practice Note: EU Digital Omnibus—tracker. It reviews the rights afforded to individuals whose personal data is processed within the EU’s General Data Protection Regulation ( EU GDPR) framework. A baseline understanding of EU data protection law is assumed. For an introductory guide to those laws, including key concepts and terminology, refer to Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Note that: the EU GDPR enables a range of national derogations that may affect data subjects’ rights this Practice Note considers EU GDPR provisions applicable in EEA states at the supranational level only—consult guidance from the relevant national data protection authorities and domestic laws for the approach in any EEA...
Right to data portability EU data protection legislation recognises a right to data portability. This entitlement enables individuals to receive from a controller a copy of their personal information in a structured, machine-readable form. Further, in certain situations, people may require the controller to transmit that data directly to a different controller. This Practice Note focuses on the right to data portability. It assumes readers possess some familiarity with EU data protection law. For a broad overview of those laws, consult Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Be aware that this Practice Note addresses provisions under the EU GDPR that apply in EEA states at the supranational level only—seek guidance from the competent national data protection authorities, and from national legislation, regarding the approach taken in any EEA jurisdiction. The data portability right is intended both to support and to...
This Practice Note monitors significant developments regarding the European Commission’s overhaul of procedures for enforcing the EU General Data Protection Regulation ( EU) 2016/679 ( EU GDPR) in cross-border matters. The overhaul is implemented by Regulation ( EU) 2025/2518 (the Procedural Regulation). This tracker collates legislative and regulatory steps alongside letters, opinions, responses, recommendations and advice from EU institutions, bodies, associations, offices and agencies. Note that the Procedural Regulation (procedural reform for cross-border cases) is distinct from proposals to streamline record-keeping rules and other ‘ Digital Omnibus’ package changes to the EU GDPR—for more on those, see instead Practice Notes: EU 2024–2029 simplification agenda—tracker and EU Digital Omnibus—tracker. Background to the proposal for EU GDPR procedural rules Under the EU GDPR, independent national data protection authorities—also called supervisory authorities ( SAs)—are responsible for enforcement and are expected to co-operate and reach shared decisions through the...
This Practice Note sets out the requirements of the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) where a processor handles personal data for a controller in a commercial setting. It assumes readers have some familiarity with key data protection concepts, terminology and the remit of principal regulators. For a general overview of the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). The requirements under the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR) fall outside the scope of this Practice Note. For guidance on the UK GDPR, see Practice Note: Supply chains under data protection law—arrangements between controllers and processors. In brief Data protection regimes in the EEA (the EU plus Iceland, Norway and Liechtenstein) aim to ensure information about living...
This Practice Note outlines the fundamental rules for handling personal data at the heart of the EU General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), which applies within the EEA (as set out below). For a general overview of EU data protection law, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). This Practice Note addresses only those EU GDPR provisions operating at the supranational level in EEA states—consult guidance from the relevant national data protection authorities and domestic legislation for the approach in any EEA jurisdiction. The EU GDPR establishes core data protection principles that controllers must follow, set out in Article 5, including: the lawfulness, fairness and transparency principle the purpose limitation principle the data minimisation principle the accuracy principle the storage limitation principle the integrity and...
The impact of the EU GDPR on M& A transactions Overview of legislation and key M& A considerations The EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), took direct effect and became fully enforceable across all EU Member States on 25 May 2018. It delivered significant changes to EU data protection law and superseded Directive 95/46/ EC (the Data Protection Directive). The EU GDPR regulates the processing of personal data, confers rights on data subjects whose information is handled, and imposes obligations on controllers and processors alike. It is a complex, principle‑driven regime. Seven core data protection principles underpin the EU GDPR, set out in Article 5, and controllers dealing with personal data must adhere to them. See Practice Note: EU GDPR—data protection principles. Personal data and technology are now central to most organisations, as the majority handle information relating to...
In brief Data protection laws across the EEA (the EU plus Iceland, Norway, and Liechtenstein) aim to ensure information about living individuals—within the scope of ‘personal data’—is handled fairly and responsibly. To achieve this, EEA data protection laws place numerous duties on those ‘processing’ personal data and on those controlling such activity. ‘ Processing’ is interpreted broadly and covers most actions involving data, including collecting, storing, deleting, disclosing, or using it. A key safeguard under these laws is the suite of obligations placed on ‘controllers’—generally those deciding the purposes and means of processing—and ‘processors’, who act on a controller’s instructions to process personal data on its behalf. Among other things, EEA data protection laws usually require controllers and processors to enter into contracts with certain minimum terms and to ensure any processor they engage is suitable. In a cloud computing set-up, the end...
FORTHCOMING CHANGE: This Practice Note sets out the law as it currently stands; nonetheless, be aware that parts will be affected by the Digital Omnibus proposals issued on 19 November 2025, aligned with the European Commission’s ‘simplification’ programme, in due course and beyond. For further details, see Practice Note: EU Digital Omnibus—tracker. This Practice Note outlines EU data protection rules as they relate to the use of artificial intelligence ( AI). It concentrates on guidance produced within the EU and does not cover the various strategies and policies in the UK. For more on UK policies, see Practice Note: Artificial intelligence—data protection. This Practice Note does not address Regulation ( EU) 2024/1689, the EU Artificial Intelligence Act ( EU AI Act) in detail. For more on that act, see Practice Notes: The EU AI Act, EU artificial...
Popular documents
When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...
This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...
Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...
I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...
Discover more from LexisNexis
