Featured documents
This Practice Note outlines the law concerning criminal recklessness. The subjective test for recklessness Certain statutory and common law offences allow the prosecution to prove mens rea through ‘recklessness’. Put simply, recklessness is where the accused takes an unjustified risk that results in unlawful harm or damage. The House of Lords in R v G reaffirmed the subjective approach to recklessness. Before R v G, two distinct tests were used, depending on the offence charged: Subjective recklessness from R v Cunningham: the prosecution had to establish that the accused personally foresaw the risk. Objective recklessness from R v Caldwell: the prosecution only needed to show that the risk would have been obvious to a reasonable person, without proving the accused themselves foresaw it. In R v G, the House of Lords concluded that the objective test could operate unfairly where a defendant did not foresee the
This Practice Note examines the remedy of rescission, explaining when and in what manner a contract can be unwound (at common law, in equity and under statute) and thereby terminated and brought to an end. It covers the consequences and effects of rescission, the principal grounds for setting aside an agreement (misrepresentation, mistake, undue influence, duress, non‑disclosure, fiduciary misdealing and bribery) and the main obstacles to claiming rescission—affirmation, the intervention of third‑party rights and the impossibility of restitution. For further guidance on rescission in the context of misrepresentation, see Practice Note: Misrepresentation—rescission as a remedy. There are many ways in which a contract may reach its end; see: Terminating contracts—how and when a contract ends—overview for a brief and accessible summary, with links to the related further practical guidance, including Practice Note: Termination and expiry of contracts. For a table
What is a res judicata? A res judicata is a determination by a court or tribunal with jurisdiction over the cause of action and the parties, which finally disposes of the issues decided so they cannot be litigated again by those bound, save on appeal. Final judgments entered by default or by consent fall within this concept, whereas rulings on purely procedural points and any decision lacking finality do not. The doctrine’s aim is to bring litigation to an end and shield parties from being harassed by the same dispute twice. in personam—binds the parties and their privies in rem—binds all persons, privy or otherwise (ie a judgment binding the whole world) A party may rely on res judicata: as an estoppel to defeat an opponent’s claim or defence; and/or as the basis of their own claim or
The offence of causing grievous bodily harm with intent Wounding or causing grievous bodily harm (GBH) with intent can be tried solely in the Crown Court on indictment. Elements of the offence Under the Offences against the Person Act 1861 (OATPA 1861), the prosecution must establish that the defendant unlawfully and maliciously: wounded with the intention of causing GBH, or caused GBH with that intention, or wounded intending to resist or prevent the lawful arrest or detention of any person, or caused GBH intending to resist or prevent the lawful arrest or detention of any person ‘Unlawfully’ and ‘maliciously’ Unlawfully The wounding or causing of GBH must be unlawful. Such conduct may be lawful if used: in self-defence in defence of another in defence of property for the prevention of crime where the victim gave express or implied consent For further information on these defences, see below:
Most recent Practice notes
STOP PRESS: This document is currently being revised to incorporate the Data ( Use and Access) Act 2025 ( DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For further guidance on the compliance implications of DUAA 2025, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. This Practice Note sets out the circumstances in which legitimate interests can be used as a lawful basis for processing personal data under the UK General Data Protection Regulation ( UK GDPR). Its approach is grounded in the UK GDPR and informed by: Information Commissioner’s Office ( ICO) guidance— Legitimate interests under the UK GDPR; European Data Protection Board ( EDPB) Guidelines 1/2024 on processing personal data under Article 6(1)(f) GDPR—per the ICO, EDPB materials are no longer directly relevant or binding in the UK regime, though they may still offer...
STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill secured Royal Assent, transforming into the Data ( Use and Access) Act 2025 ( DUAA 2025) and taking partial effect on that same date. Provisions of DUAA 2025 dealing with issues such as handling data subject access requests, and granting the power to make further regulations, commenced immediately on 19 June 2025. Other elements, relating to notices issued by the Information Commissioner and certain facets of law enforcement processing, began to apply on 19 August 2025 (being two months from the date of Royal Assent). The bulk of DUAA 2025’s measures will only commence once additional regulations, by way of statutory instruments, are made and brought into force. Parts 5 and 6 of DUAA 2025 operate to revise and update areas of UK data protection and e Privacy law within the UK,...
This Practice Note offers additional guidance on the principal definitions found in the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 (the UK GDPR). For a high-level overview of UK data protection legislation, see Practice Notes: The UK General Data Protection Regulation ( UK GDPR) and Data protection law—new starter guide. The UK data protection law collection brings together further general guidance and is a recommended first point of reference for research. Scope of this Practice Note Given the significant volume of data moving between the UK and the EEA, corresponding EEA data protection rules remain particularly relevant to UK practitioners. There continues to be substantial similarity between: the EU GDPR (which was applicable under UK laws until the close of the Brexit implementation period at 11 pm UK time on 31 December 2020 and still applies within the EEA) the UK GDPR...
This Practice Note offers a detailed examination of cross-border transfers under the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). On this topic, there are marked parallels between the UK GDPR and the EU General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), and the emphasis here is on the UK GDPR position. For background on the UK GDPR and how it sits alongside the EU GDPR, consult Practice Note: The UK General Data Protection Regulation ( UK GDPR)— Summary of key legislation. For discussion of comparable questions under the EU GDPR, see Practice Note: EU GDPR—transfers of personal data internationally and to international organisations. Be aware that the framework for international transfers in Chapter V of the UK GDPR has most recently been modified by the Data ( Use and Access) Act 2025 (refer to...
This Practice Note This Practice Note outlines how the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR) operates differently for ‘public bodies’ (defined in the UK GDPR and also referred to as ‘public authorities’) and other public sector entities, when compared with private sector organisations. ‘ Assimilated law’ is the label applied to retained EU law ( REUL) that continues to have effect after the close of 2023. Re-labelling REUL (and related terminology) as assimilated law signifies a shift in its status and handling under UK law, namely that it is to be read by reference to ordinary domestic law and principles. From 1 January 2024, REUL becomes ‘assimilated’ into domestic law because, in general, it is divested of EU-derived interpretive effects (for example, the supremacy of EU law, directly effective rights, and the general...
STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill secured Royal Assent, becoming the Data ( Use and Access) Act 2025 ( DUAA 2025) and taking partial effect that day. Certain DUAA 2025 provisions—covering issues such as handling data subject access requests and granting powers to make additional regulations—took effect immediately on 19 June 2025. Other provisions, relating to notices from the Information Commissioner and elements of law enforcement processing, commenced on 19 August 2025 (two months after Royal Assent). The majority of DUAA 2025’s provisions require further regulations (in the form of statutory instruments) before they can be brought into force. Parts 5 and 6 of DUAA 2025 amend aspects of UK data protection and e Privacy law, including the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), the Data...
This Practice Note provides practical guidance on how to undertake data mapping Drawing on an article by Nicola Fulford of Hogan Lovells and Krysia Oastler of Kemp Little, first published in the Privacy and Data Protection Journal, this note explains how to approach data mapping. Data mapping—working out which personal data your organisation processes—is commonly identified as one of the first priorities in a data protection compliance programme. Data controllers must maintain a written record of processing activities, which must be produced to the supervisory authority on request. See Precedent: Data processing register... As set out in ICO Guidance: How do we document our processing activities?, a sensible first step is an information audit or data‑mapping exercise to confirm what personal data your organisation holds and where it resides. The guidance highlights the need to engage colleagues across the organisation so nothing is...
This Practice Note forms part of the Data Protection Negotiation Guide (the Guide) This section of the Guide deals with negotiating clauses on information provision, audits and inspections in controller–processor agreements governed by the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). For an overview of the Guide, see Practice Note: Data protection negotiation guide—controller: processor—introduction. This Practice Note employs several common abbreviations, which are defined in that introduction... As set out in Practice Note: Data protection negotiation guide—controller: processor—introduction, the parties have commercial latitude to divide the costs and expenses of carrying out these obligations between themselves... There are notable parallels between the UK GDPR and the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), and the Guide centres on the UK GDPR position. For background on the UK GDPR and its...
Practice Note This Practice Note sits within the Data Protection Negotiation Guide (the Guide). This section of the Guide considers the negotiation of terms relating to: the obligation in Article 28(3)(a) of the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR) that a processing agreement must ensure the processor handles personal data solely on documented directions from the controller, and a further connected obligation in the second paragraph of Article 28(3) UK GDPR for a processor to promptly notify the controller if, in the processor’s view, an instruction breaches specified data protection laws For an overview of the Guide and linked materials, see Practice Note: Data protection negotiation guide—controller: processor—introduction. This Practice Note uses several common abbreviations. Those abbreviations are defined separately in the above introduction. As outlined in Practice Note: Data protection...
This Practice Note sets out the requirements of the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), where a processor handles personal data for a controller in a commercial setting. It proceeds on the basis that readers are already familiar with core data protection concepts, terminology, and the functions of key regulators. For an initial overview of data protection law, consult the ‘key principles and concepts’ tab in the UK Data Protection toolkit, which is a recommended starting point for research. For a higher-level primer on this topic and connected matters, see: Data sharing and transactions—overview. This Practice Note also sits within the Data protection negotiation guide—controller: processor—collection, which practitioners drafting or negotiating data protection clauses between a controller and a processor may find helpful. In brief UK data protection legislation aims to ensure information about living people (within the scope of...
This Practice Note presents the comprehensive Data Protection Negotiation Guide (the Guide), which addresses the negotiation of clauses in contracts and agreements between controllers and processors that fall under the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). It should be noted that the UK GDPR is closely aligned and broadly comparable with the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), and this Practice Note concentrates on the UK GDPR position. For background on the UK GDPR and how it relates to the EU GDPR, see Practice Note: The UK General Data Protection Regulation ( UK GDPR)— Summary of key legislation. For additional detail on the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). The Guide is comprehensive and already presumes readers have some...
This Practice Note connects to a collection bringing together an in-depth Data Protection Negotiation Guide (the Guide) covering the negotiation of clauses in contracts between controllers and processors governed by the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR). It further provides a range of ancillary resources. Be aware there are notable similarities between the UK GDPR......
This Practice Note is aimed at private-sector commercial organisations in the UK. It explains the Information Commissioner’s Office ( ICO) expectations for securing, recording and managing consent to process personal data, and mirrors UK General Data Protection Regulation ( UK GDPR) requirements concerning consent... What is consent? Consent is a freely given, specific, informed and unambiguous sign of the data subject’s wishes whereby they, by a statement or a clear positive action, confirm agreement to the processing of personal data. Accordingly, consent must be: freely given specific informed unambiguous There are two levels of consent based on the type of data processed: standard consent, required when relying on consent to process non-sensitive personal data explicit consent, required when relying on consent to process special category (sensitive) personal data—there is no definition of explicit consent but see Practice Note: How to...
Data protection by design and default ( DPb DD) Organisations often pay insufficient attention to data protection by design and default ( DPb DD) when assessing their UK GDPR obligations. This is understandable, as DPb DD is an intangible, pervasive concept that can be hard to turn into specific measures, especially when compared with other discrete duties under the UK GDPR. Nonetheless, the UK GDPR contains a dedicated provision on DPb DD ( Article 25) and the Information Commissioner’s Office provides extensive guidance: ICO, UK GDPR guidance and resources, Data protection by design and default. In essence, DPb DD requires you to consider privacy and data protection from the outset in everything you do, embedding it into your processing and business practices from initial design through the entire lifecycle. Taking a DPb DD approach from the beginning, rather than retrofitting at the end: helps you...
The impact of the UK GDPR on M& A transactions EU GDPR and UK GDPR Regulation ( EU) 2016/679, the EU’s General Data Protection Regulation ( EU GDPR), has applied directly and been fully enforceable across every EU Member State since 25 May 2018. It overhauled EU data protection rules and, in the UK, superseded the Data Protection Act 1998 ( DPA 1998) together with Directive 95/46/ EC (the Data Protection Directive). On 31 January 2020 the UK left EU membership and moved into an implementation period, during which EU law continued to govern. The EU GDPR framework continued to operate under UK law up to the close of that period (11 pm UK time on 31 December 2020) and still applies within the EEA. From the end of the implementation period, the UK General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), has had...
Summary of the UK GDPR regime This Practice Note condenses the UK GDPR framework. For a higher-level primer on UK data protection, see Practice Note: Data protection law—new starter guide. The UK data protection law collection assembles key guidance on this regime and is a recommended first stop for research. For information on the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). This Practice Note covers: principal legislation substantive scope territorial reach core concepts data protection principles legal bases for processing special category personal data criminal conviction and offence data individual rights accountability and governance security personal data breaches international transfers of personal data exemptions the Information Commissioner data protection fees ...
The Data Protection Act 2018 ( DPA 2018) The DPA 2018 sets out a number of data protection frameworks within UK data protection law, covering the following: general processing of personal data subject to the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR) processing of personal data by competent authorities for law enforcement purposes processing of personal data by the intelligence services This Practice Note concentrates on those provisions of the DPA 2018 that relate to general processing in connection with the UK GDPR. It therefore addresses general processing in connection with the UK GDPR. It highlights matters most pertinent to commercial organisations and, for example, does not cover rules applying to manual, unstructured processing by certain public sector bodies, or processing connected with immigration, defence or national security. Accordingly, its scope excludes those special-case...
This Practice Note examines the law and practice in relation to anonymisation, pseudonymisation and privacy enhancing technologies (or PETs). It specifically outlines what constitutes robust anonymisation and pseudonymisation and sets out core methods that can be applied. It further introduces the suite of tools referred to as PETs. It assesses the framework under the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), alongside the UK Data Protection Act 2018 ( DPA 2018). Where pertinent to the UK GDPR, EU case law and guidance are taken into account. For information on the position under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), see Practice Note: in the EU. On this topic, key differences exist between the UK GDPR regime and the EU GDPR. That said, at a high level the UK GDPR and EU GDPR...
ARCHIVED: This Practice Note is not maintained and is for background information only. This archived Practice Note provides signposting for the UK GDPR and the Data Protection Act 2018, and outlines key differences with the EU GDPR. It focuses on the period from Brexit to the end of 2023, when (previously ‘retained’) EU law was assimilated. Provides navigational guidance on the UK GDPR and the accompanying Data Protection Act 2018 Briefly highlights some contrasts with the EU GDPR For up-to-date coverage, and a fuller UK– EU comparison, see Practice Note: UK GDPR and EU GDPR—comparison. It serves as a reference to the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 ( UK GDPR), and the Data Protection Act 2018 ( DPA 2018), as they relate to general processing of personal data (the UK GDPR regime). The UK GDPR regime stems from the EU data...
This Practice Note monitors the current position of adequacy regulations governing the export of personal data beyond the UK or to international organisations under the United Kingdom General Data Protection Regulation, Assimilated Regulation ( EU) 2016/679 (the UK GDPR). For an all-round primer on the UK GDPR bringing together core practical guidance, see Practice Note: The UK General Data Protection Regulation ( UK GDPR)— Summary of key legislation, and the UK data protection law collection. Background Article 44 of Chapter V of the UK GDPR bars sending personal data to a third country outside the UK, or to an ‘international organisation’ (a restricted international transfer). Nonetheless, such a transfer may proceed where it is: founded on an adequacy regulation under Article 45 of the UK GDPR and connected provisions in the Data Protection Act 2018 ( DPA 2018) covered by...
Popular documents
When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...
This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...
Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...
I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...
Discover more from LexisNexis
