Featured documents
Introduction to statutory interpretation The aim of statutory interpretation is to determine the legal meaning of a statute, that is, the sense that expresses the legislator’s intention. The clearest guide to that intention is the statutory wording itself, read in its context and with its overall purpose in mind, and its broader legislative setting. Courts should seek to fulfil the purpose of legislation by construing its language, so far as they can, in the manner that most effectively serves that purpose. Put differently, the courts’ default method is purposive, and every enactment is to be construed with that end in view. There is a starting presumption that the grammatical and ordinary sense of an enactment reflects the meaning intended by the legislator. Where an enactment reasonably bears only a single meaning, and no other interpretative tools or
This Practice Note addresses identifying a fiduciary, fiduciary duties and obligations, the no conflict rule, the no profit rule, a fiduciary's duty of confidence, and the remedies available for breach of fiduciary duty. Who is a fiduciary? There is no definitive catalogue of relationships that give rise to fiduciary obligations at common law in every situation universally. Certain relationships are inherently fiduciary, eg trustee and beneficiary, solicitor and client, principal and agent, business partner and co-partners, together with mortgagor and mortgagee. The obligations of some fiduciaries have been set out in statute; for instance, trustees owe a statutory duty of skill and care under section 1 of the Trustee Act 2000 (TrA 2000), and directors' relationships with their companies are addressed in the Companies Act 2006 too. For guidance on directors' fiduciary duties, see Practice Note: of directors for further detailed
Definition of ADR Alternative dispute resolution (ADR) is defined in the CPR Glossary as a collective label for methods of settling disputes other than through the usual trial process. Some courts adopt the term ‘negotiated dispute resolution’ (NDR) to describe resolution by alternative means; for ease, this Practice Note uses ADR. For guidance on how ADR is addressed in the various court guides, see Practice Note: ADR and NDR in the court guides. In essence, ADR is a means of resolving a dispute outside the court system. It typically involves a neutral third party who either helps the parties reach a negotiated outcome, or issues a determination of the dispute that is legally binding. A binding result can follow where the agreement to refer the dispute to ADR so provides. There are multiple forms of ADR processes. For an outline of the different types and their
In brief The British constitution is uncodified, meaning it does not spring from a single constitutional document or code. It draws on a wide range of written and unwritten sources. Alongside the principal written sources of law in England and Wales—legislation (which has also introduced international and human rights principles into our constitution) and the common law—the constitution also rests on two further unwritten bases within this system: the prerogative, and non-legal constitutional conventions. In addition, on one view the basic or prevailing principle of our constitution, Parliamentary sovereignty, is ultimately grounded in political fact rather than in law. Legislation Legislation is the foremost source of constitutional law. Acts of Parliament may set out detailed constitutional rules, or even pass authority to create them to ministers or to others. Under the doctrine of Parliamentary sovereignty, legislation is traditionally regarded as taking precedence over any other form or kind of
Most recent Practice notes
This Practice Note examines the overarching ban in Chapter V of the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), on sending personal data beyond the EEA or to an international organisation. It addresses how to recognise a restricted international transfer, onward disclosures, export limitations, adequacy decisions, standard contractual clauses ( Model Clauses or SCCs), Binding Corporate Rules ( BCRs), other appropriate safeguards (ie Article 46 tools) and derogations. It also offers direction on revising SCCs and provides links to further practical materials on deploying SCCs. In brief Across the EEA, data protection law aims to ensure information about living persons (ie within the meaning of ‘personal data’) is handled fairly and responsibly. To achieve this, the EU GDPR places extensive duties on those carrying out or determining the ‘processing’ of personal data. In short, ‘processing’ covers virtually any...
FORTHCOMING CHANGE: This Practice Note describes the present legal landscape as currently applicable; however, be aware that aspects of it will be affected by the Digital Omnibus proposals issued on 19 November 2025 under the European Commission’s ‘simplification’ programme. For further detail, consult Practice Note: EU Digital Omnibus—tracker. In short, data protection regimes across the EEA (the EU together with Iceland, Norway, and Liechtenstein) aim to ensure information about natural persons (within the meaning of ‘personal data’) is handled fairly and responsibly. To achieve that aim, EEA data protection laws place numerous duties on those who ‘process’ personal data (and on the controllers that determine such processing). Core safeguards within EEA data protection law include limits on automated individual decision-making (that is, decisions taken by automated means, with these laws providing notable extra protections for data subjects where such decisions are made without any...
This Practice Note examines matters and recommended approaches for sharing personal data between controllers (including joint controllers and independent controllers) in general business-to-business commercial situations, under Regulation ( EU) 2016/679, the EU’s General Data Protection Regulation ( EU GDPR). It proceeds on the basis that readers already understand the main data protection notions and terminology, and the function of key supervisory organisations. For a broad overview of the EU GDPR and connected topics, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). In brief—summary of steps controllers should often take before data sharing The EU GDPR is designed to ensure information about living individuals (within the meaning of ‘personal data’) is handled fairly and responsibly. A central safeguard is the set of duties imposed on ‘controllers’—generally those determining why and how processing occurs. ‘ Processing’ is widely construed to cover almost any...
This Practice Note This Practice Note explains how to incorporate precedent controller-to-processor ( C2P) or processor-to-processor ( P2P) terms into a commercial contract to meet the requirements of the EU General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). It takes a supranational approach; where appropriate, consult the laws of the relevant EEA Member States or other jurisdictions in light of the contract’s governing law and the place where obligations are performed. This ‘how to’ overview assumes a basic understanding of data protection, including key notions such as ‘personal data’ and ‘processing’. For introductory material, see Practice Notes: Key definitions under EU data protection law and The EU’s General Data Protection Regulation ( EU GDPR). This guide does not address: the drafting or negotiation of the mandatory C2P/ P2P provisions themselves data sharing arrangements between controllers ( C2C). For further...
Practice Note This Practice Note sets out guidance for parties engaged in business-to-business deals to assess whether they act as an independent controller, a joint controller, or a processor under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). For an overview of the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). In short, data protection law across the EEA (the EU together with Iceland, Norway and Liechtenstein) aims to ensure information about living people (as defined as ‘personal data’) is handled fairly and with care. To achieve that aim, EEA data protection rules place extensive duties on those ‘processing’ personal data (and on those directing such processing) and confer rights on the individuals whose personal data is handled (the ‘data subjects’). In essence, ‘processing’ covers almost any operation performed on personal data, such as...
FORTHCOMING CHANGE This Practice Note reflects the current legal position. Certain aspects will be affected by the Digital Omnibus proposals published on 19 November 2025 under the EU Commission’s ‘simplification’ agenda. For further detail, see Practice Note: EU Digital Omnibus—tracker. It introduces the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679—commonly called the GDPR and described here as the ‘ EU GDPR’ to distinguish it from the UK GDPR. It summarises core concepts, regulatory supervision and organisational obligations under the EU GDPR, and ends with guidance on planning EU GDPR compliance activities. Introduction Regulation ( EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on protecting natural persons in relation to personal data processing and the free movement of such data, which repealed Directive 95/46/ EC (the General Data Protection Regulation) (the EU GDPR), was published in the Official Journal of the EU on 4...
ARCHIVED: On 7 June 2021, the Official Journal of the EU published a decision that: (a) introduced new standard contractual clauses ( SCCs) for exporting personal data under the EU GDPR to countries outside the EEA, available for use from 27 June 2021; and (b) repealed, after a grace period, the earlier international transfer SCCs from 2001, 2004 and 2010. For further guidance, see Practice Note: EU GDPR—transfers of personal data internationally and to international organisations. This Practice Note concerns the 2004 and/or 2010 SCCs and stopped being maintained when the new (2021) international SCCs were first issued. Purpose of this Practice Note As set out in Practice Note: UK GDPR and EU GDPR—transfers of personal data internationally and to international organisations, Chapter V of the General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) imposes limits on sending personal data outside the EEA ( EEA...
ARCHIVED: On 7 June 2021, a notice appeared in the Official Journal of the EU that: (a) introduced new standard contractual clauses ( SCCs) for exporting personal data governed by the EU GDPR to non- EEA destinations, available for use from 27 June 2021; and (b) revoked, after a transitional period, the earlier 2001, 2004 and 2010 international transfer SCCs. For more detail, see Practice Note: EU GDPR—transfers of personal data internationally and to international organisations. This Practice Note concerns the 2004 and/or 2010 SCCs and stopped being updated when the new (2021) international SCCs were first released. Purpose of this Practice Note As outlined in Practice Note: UK GDPR and EU GDPR—transfers of personal data internationally and to international organisations, Chapter V of the General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) sets limits on sending personal data beyond the EEA ( EEA...
In summary, any organisation with an establishment in the EEA that handles personal data and cannot rely on an exception under Regulation ( EU) 2016/679 ( EU GDPR) will fall within the EU GDPR’s scope. Organisations lacking a physical presence in the EEA but processing personal data, whether on a regular or occasional basis, should evaluate whether they are likely to be caught by the EU GDPR and/or need to appoint a representative in the EEA. This Practice Note covers: principal guidance territorial reach of earlier EU data protection laws territorial reach of the EU GDPR extra-territorial enforceability of the EU GDPR consequences of being within the EU GDPR’s territorial reach appointing a representative in the EEA exceptions to the EU GDPR’s extra-territorial scope and duties to appoint an EEA...
In brief EEA data protection regimes (covering the EU together with Iceland, Norway and Liechtenstein) aim to ensure that information relating to living persons — defined as ‘personal data’ — is treated fairly and responsibly. These rules support that. To deliver this outcome, these laws impose extensive duties on those ‘processing’ personal data and on the controllers overseeing that processing within the EEA. ‘ Processing’ is construed broadly to encompass most operations on data, including storing, erasing, gathering, disclosing or using it, or handling it. A principal safeguard within EEA data protection law is the suite of responsibilities placed upon ‘controllers’ (usually those who determine the purposes and means of processing) and ‘processors’ (entities that handle personal data for a controller in line with its instructions). Among other requirements, controllers and processors are typically obliged to conclude contracts containing certain minimum clauses as a...
Background Data subjects may file complaints and pursue judicial remedies and compensation where their rights under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), have been violated. Under Article 82 EU GDPR, any person who has suffered material or non‑material harm due to an infringement is entitled to compensation from the controller or the processor. Equivalent rules apply under Regulation ( EU) 2018/1725 for EU institutions. Compensation can therefore cover both pecuniary and non‑pecuniary losses. Recital 146 confirms that the notion of damage should be interpreted broadly and in a way that fully reflects the Regulation’s objectives. Under the EU GDPR, controllers bear significantly wider liability than processors: any controller engaged in unlawful processing is responsible for the damage caused. In contrast, a processor is liable only for damage resulting from processing where it has failed to comply with...
FORTHCOMING CHANGE: This Practice Note sets out the law as it currently stands, but be aware that aspects of it are expected to change in light of the Digital Omnibus proposals dated 19 November 2025, brought forward under the EU Commission’s ‘simplification’ agenda. For supplementary details and context, please consult Practice Note: EU Digital Omnibus—tracker. This Practice Note outlines the lawful grounds for handling personal data under the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR). It presumes a degree of familiarity with EU data protection rules. For an overview of the EU GDPR, including explanations of core data protection notions and vocabulary, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR) and the EU data protection law collection. Note that: This Practice Note addresses provisions of the EU GDPR that operate across EEA states at the...
FORTHCOMING CHANGE This Practice Note sets out the present legal landscape; bear in mind that aspects of it are expected to shift under the Digital Omnibus proposals released on 19 November 2025, aligned with the European Commission’s ‘simplification’ programme and related initiatives. For further details and updates, see Practice Note: EU Digital Omnibus—tracker. The Note also supplies additional guidance on principal definitions within the EU’s General Data Protection Regulation, Regulation ( EU) 2016/679 (the EU GDPR). Scope of this Practice Note This Practice Note examines EU GDPR rules applicable across EEA states at the supranational tier only—please consult guidance from the competent national data protection authorities and domestic statutes, as appropriate, for the approach likely to be followed in any EEA jurisdiction. Owing to the substantial movement of data between the EEA and other regions, practitioners may need to evaluate not only the...
ARCHIVED: This retired Practice Note outlines details about the EU General Data Protection Regulation, Regulation ( EU) 2016/679 (the GDPR), as it operated in the UK before 11 pm on 31 December 2020. From that point, it is retained strictly for background purposes only and is no longer updated or maintained. For advice on the amendments to UK data protection law introduced by the replacement UK GDPR from that date, consult Practice Notes: The UK General Data Protection Regulation ( UK GDPR), The UK General Data Protection Regulation ( UK GDPR)— Navigator and Brexit—implications for data protection [ Archived]. Brexit On 31 January 2020, the UK left the EU and entered an implementation period up to 11 pm on 31 December 2020, during which it remained bound by EU law for the entire duration of that period. Throughout that time, the EU General Data...
The General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR) The General Data Protection Regulation ( Regulation ( EU) 2016/679, the EU GDPR) has applied across the EEA since 25 May 2018. Organisations in the life sciences gather and/or handle volumes of personal information, including health data, relating to individuals (the ‘data subjects’), notably patients and participants in clinical trials. As such, the relevance of the EU GDPR to life sciences businesses is considerable. This Practice Note outlines elements within the EU GDPR framework that have a direct bearing on life sciences companies and their operations. It is not an exhaustive treatment of the EU GDPR and should be read alongside the following Practice Notes: Data protection principles; Processing personal data—standard of consent; and Processing personal data—obtaining, recording and managing consent. For further detail on how clinical trials interface with data...
This Practice Note outlines how financial services firms may rely on legal obligation or legitimate interest as a lawful basis for handling personal data under the General Data Protection Regulation ( EU) 2016/679 ( EU GDPR). For general information on the EU GDPR, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Lawful grounds for data processing under the GDPR—summary for financial services firms Definitions Personal data: any information about an identified or identifiable natural person (data subject)—that is, someone who can be recognised, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors unique to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Processing: any operation or set of operations carried out on personal data or on sets of...
EU GDPR enforcement decisions A central aim of Regulation ( EU) 2016/679, the EU’s General Data Protection Regulation ( EU GDPR), was to secure greater consistency in the application and enforcement of data protection rules across the EU and EEA. At present, there is no unified database of enforcement actions from the more than thirty supervisory authorities operating across Europe. See Practice Note: EU and EEA data protection supervisory authorities for a list of the main supervisory authorities in the EU and EEA. Owing to this absence, this Practice Note is not exhaustive, but monitors EU GDPR enforcement outcomes: those issued as a ‘national news’ press release by the European Data Protection Board ( EDPB) (typically only where fines are €250,000 or higher, although some smaller penalties are included below) and those the Lexis+® UK Information Law team otherwise identify from varied sources where total fines exceed...
FORTHCOMING CHANGE: This Practice Note reflects the current legislative landscape; however, aspects will be influenced by the Digital Omnibus proposals released on 19 November 2025 under the EU Commission’s ‘simplification’ agenda. For more, see Practice Note: EU Digital Omnibus—tracker. It reviews the rights afforded to individuals whose personal data is processed within the EU’s General Data Protection Regulation ( EU GDPR) framework. A baseline understanding of EU data protection law is assumed. For an introductory guide to those laws, including key concepts and terminology, refer to Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Note that: the EU GDPR enables a range of national derogations that may affect data subjects’ rights this Practice Note considers EU GDPR provisions applicable in EEA states at the supranational level only—consult guidance from the relevant national data protection authorities and domestic laws for the approach in any EEA...
Right to data portability EU data protection legislation recognises a right to data portability. This entitlement enables individuals to receive from a controller a copy of their personal information in a structured, machine-readable form. Further, in certain situations, people may require the controller to transmit that data directly to a different controller. This Practice Note focuses on the right to data portability. It assumes readers possess some familiarity with EU data protection law. For a broad overview of those laws, consult Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). Be aware that this Practice Note addresses provisions under the EU GDPR that apply in EEA states at the supranational level only—seek guidance from the competent national data protection authorities, and from national legislation, regarding the approach taken in any EEA jurisdiction. The data portability right is intended both to support and to...
This Practice Note outlines the fundamental rules for handling personal data at the heart of the EU General Data Protection Regulation, Regulation ( EU) 2016/679 ( EU GDPR), which applies within the EEA (as set out below). For a general overview of EU data protection law, see Practice Note: The EU’s General Data Protection Regulation ( EU GDPR). This Practice Note addresses only those EU GDPR provisions operating at the supranational level in EEA states—consult guidance from the relevant national data protection authorities and domestic legislation for the approach in any EEA jurisdiction. The EU GDPR establishes core data protection principles that controllers must follow, set out in Article 5, including: the lawfulness, fairness and transparency principle the purpose limitation principle the data minimisation principle the accuracy principle the storage limitation principle the integrity and...
Popular documents
When evaluating a general damages claim, the practitioner ought initially to refer to the Judicial College Guidelines (JCG)...
This Practice Note This Practice Note reviews mechanisms used in settling litigation. A Tomlin order consists of a consent order paired with a schedule. It operates to stay proceedings on terms that have been agreed. The provisions contained in the schedule may remain confidential. This Practice Note describes the scope of confidentiality attaching to the schedule and sets out how it differs from a standard consent order. Sample wording for a Tomlin order is included, alongside links to precedents, as well as guidance on court approval. It also addresses varying, setting aside and enforcing a Tomlin order, including the considerations the court will take into account when handling applications for each. Further guidance is provided on interpreting and applying the relevant provisions of the CPR; however, some courts and divisions impose very specific requirements for both drafting and approval, and for approaching the schedule and confidentiality issues. Accordingly, you must consider the particular rules and court guide provisions in the forum where your claim is proceeding when drawing up the Tomlin order...
Date [ date ] Parties [ name of Landlord ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Landlord) [ name of Tenant ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Tenant) [ [ name of Guarantor ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Guarantor) ] [ [ name of Mortgagee ] [ of OR incorporated in England and Wales (company registration number [ number ]) with its registered office at ] [ address ] (Mortgagee) ] Definitions Within this Deed, the terms below shall be interpreted as follows: [ Annual Rent • the annual sum reserved under the Lease; ] [ Insurance Rent • the Tenant’s share of the Landlord’s costs of insuring the Property (as set out in the Lease); ] Lease • the lease of the Property dated [ date ], entered into between (1) [ the Landlord OR [ name ...
I, [ name ], of [ address ], solemnly and sincerely state that: [ Matters to be verified, set out in numbered paragraphs ] I make this solemn statement in good conscience, believing it to be true, and pursuant to the provisions of the Statutory Declarations Act 1835. DECLARED at [ details ] this [ day ] day of [ month and year ] Before me ................................................................................ [ signature of the person before whom the declaration is made ] A [ commissioner for oaths OR [ solicitor OR [ insert other qualification ] ] authorised to administer oaths ]...
Discover more from LexisNexis
