Legal Precedents

Please confirm this privacy impact assessment ( PIA) is adequate for your requirements. You might need to undertake a full data protection impact assessment ( DPIA)—see [ insert link to your organisation’s DPIA screening questions ] 1 Background information Project title [ insert a name for the project ] PIA date [ insert the date the PIA is being completed ] Name and email address of the person accountable for the project and completing this PIA [ insert the name and email address of the person completing the PIA, eg the project manager ] 2 Describe the project Outline the data-sharing project/activity and its intended purpose [ insert a general description of the project, eg what you hope to achieve by sharing personal data and why. You may wish to refer to or link other documents, such as a project proposal ] Could you meet your...

1 MLCO details Name of organisation [ insert name ] Name of MLCO [ insert name ] Status of MLCO [ insert description showing board-level or equivalent status, eg director and senior leadership team member ] Details of any other roles held within the organisation [ insert details of any additional roles held, eg COO ] Date appointed [ insert date ] 2 Role summary Serve as the board-level (or equivalent) officer accountable for the organisation’s compliance with the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017 ( MLR 2017), SI 2017/692, and to: 2.1 [ act as the primary liaison with the [ insert name of relevant anti-money laundering ( AML) supervisor ] on matters concerning anti-money laundering ( AML), counter-terrorist financing ( CTF) and...

STOP PRESS: This document is being revised to reflect implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For further guidance on the compliance implications of DUAA 2025, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. For use by the organisation making the decision to share data......

STOP PRESS: This document is currently being revised to align with implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which amends the UK GDPR and the Data Protection Act 2018. For more guidance on DUAA 2025 compliance implications, see Practice Note: Data ( Use and Access) Act 2025—compliance implications. For use by the organisation making the data sharing request......

Precedent Independent audit register Use this Precedent Independent audit register to keep a log of independent audits carried out within an organisation, supporting oversight of adherence to the Money Laundering, Terrorist Financing and Transfer of Funds ( Information on the Payer) Regulations 2017 ( MLR 2017), SI 2017/692, as amended. It includes placeholder entries for illustration, which must be removed before practical use. The Precedent aligns with the expectations contained in the Legal Sector Affinity Group ( LSAG) AML Guidance for the Legal Sector, yet remains broadly applicable in practice for general commercial organisations......

1 Introduction and instructions Internal use only—do not send to clients. Money launderers may try to hide where funds originate by arranging payments via associates or other third parties. A payment to or from a third party is especially suspicious if it is unanticipated, made at short notice, or said to be an error with a request for the money to be returned. There can be genuine reasons for third-party funding, for example parents providing a house deposit to their child. Ensure you carry out appropriate due diligence, including verifying the source of funds, before accepting any such funds. You should be satisfied that third-party monies are from a legitimate source and for legitimate reasons. This investigation record must be completed before any funds from a third party are accepted. Refer to our AML, CTF and...

STOP PRESS: On 19 June 2025, the Data ( Use and Access) Bill obtained Royal Assent and became the Data ( Use and Access) Act 2025 ( DUAA 2025), with parts commencing that day. Measures that started immediately on 19 June 2025 included those on handling data subject access requests and the grant of powers to make further regulations. Other elements, relating to notices issued by the Information Commissioner and particular aspects of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 will only take effect once additional regulations—issued as statutory instruments—are made to commence them. Parts 5 and 6 of DUAA 2025 introduce amendments to the UK’s data protection and e Privacy regime, including: the United Kingdom General Data Protection Regulation; the assimilated Regulation ( EU) 2016/679 ( UK GDPR); the Data Protection Act 2018; and the Privacy and...

This document explains when and why we may levy a fee when answering a data subject request—and how any fee will be worked out in practice. When will we charge a fee? As a general principle, we will handle data subject requests without charge. Nevertheless, a fee will apply in the following situations: we deem the request to be manifestly unfounded or excessive (or both), particularly where it repeats earlier requests; or someone who has submitted a data subject access request later seeks extra copies of their personal data. In deciding whether a request is manifestly unfounded or excessive, we will carefully consider the factors outlined below......

1 What must you do if you are invited to a trade association meeting? Require a formal agenda before agreeing to attend any trade association meeting, and make sure you carefully read it well in advance. Reassure yourself that every proposed item is acceptable under competition law by refreshing your memory on what topics are allowed and which are not for trade association meetings (see What are the permitted areas for trade association meetings? and What are the non-permitted areas for trade association meetings? below). If you are unsure at all about the legality of any subject, obtain legal advice without delay. If legal advice cannot be obtained in time, do not go to the meeting. You must promptly notify [insert, eg the legal department] if you are joining a trade association......

Data protection by design and default—the concept Data protection by design and default ( DPb DD) is mandated by the UK General Data Protection Regulation ( UK GDPR). In short, DPb DD requires us to consider privacy and data protection from the outset in all we do. We therefore embed data protection within our processing and business practices, from initial design through the whole lifecycle. Taking a DPb DD approach when designing or reviewing projects, policies, products or systems: will support compliance with many other provisions of the UK GDPR; can lower long‑term costs by avoiding major future redesigns when data protection issues emerge; can bolster user trust and confidence; can improve our chances of meeting...

STOP PRESS: This document is currently being revised to take account of the implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which updates the UK GDPR and the Data Protection Act 2018. For additional guidance on the compliance implications of DUAA 2025, please see Practice Note: Data ( Use and Access) Act 2025—compliance implications. [ Name of individual making request ] [ Address of individual making request ] [ Date of this response ] Dear [ insert name of individual making request ] I write in reply to your request dated [ insert date of request ]......

STOP PRESS: This document is being revised to account for implementation of the Data ( Use and Access) Act 2025 ( DUAA 2025), which alters the UK GDPR and Data Protection Act 2018. For additional guidance on the DUAA 2025 compliance implications, see Practice Note: Data ( Use and Access) Act 2025—compliance implications......

1 The issue We must preserve the confidentiality of current and former clients’ affairs unless one of the following applies: disclosure is required or permitted by law; or the client gives consent. The duty of confidentiality is a fundamental obligation of a solicitor. It is an unqualified responsibility to keep information confidential, not merely to take reasonable steps towards that end. Working away from the office, including from home, inevitably means handling and discussing sensitive matters outside a controlled environment. Security is a major concern and, inseparable from it, confidentiality. Although we operate on secure networks, once information leaves the office or discussions occur elsewhere, security cannot be assured. Confidentiality is far easier to maintain in a protected workspace such as our offices; therefore, when working in other locations, we must remain alert to confidentiality risks in our personal and work settings and...

Question Summary What is competition law? Competition serves both consumers and companies. It highlights areas for improvement and pushes organisations to pursue higher efficiency, greater innovation, stronger productivity and, in the end, to operate as better businesses. Competition law exists to shield businesses and consumers from anti‑competitive conduct and to preserve effective rivalry. Every business must observe competition rules, and breaches can carry severe outcomes for firms and individuals, including directors. Non‑compliance can be costly and damaging at both organisational and personal levels too. Possible penalties include: Substantial fines Prison sentences Director disqualification Damage to reputation When is it an issue? Competition law can arise in three principal settings: cartels — typically horizontal arrangements in which two or more businesses, whether by written agreement or otherwise, decide not to compete with one another. Cartels are the gravest form of anti‑competitive agreement. They cover accords to fix prices, rig bids, cap output, and...

This Precedent Serves to log the assets held by an organisation, for example land, buildings, office machinery, manufacturing machinery, software, data, people, intellectual property items. Please click to access an Excel edition of this register. Please note the register is produced in Excel and therefore currently cannot be downloaded directly into Word......

Introduction This schedule is a component of the Company’s Coronavirus ( COVID-19) safety policy and is appended to it for reference. It outlines the measures the Company has determined, having undertaken a coronavirus risk assessment and considered relevant government guidance, to help control the risk of coronavirus for workers and others in the [ office ], as detailed below, as follows: 1 Shift patterns 1.1 employees are allocated to fixed teams or shift groupings, which will remain strictly unchanged during the pandemic; 1.2 direct face-to-face contact is reduced, eg by using clearly designated drop-off locations for delivery of office supplies and post; 2 If someone has COVID-19 2.1 if you develop coronavirus symptoms you must remain at home and request and arrange a PCR test. You must not attend the workplace whilst you are waiting for your test result; 2.2 if your LFD or PCR...

Precedent Designed for in-house legal teams and risk professionals, this Precedent helps you document supply chain risks, grade the severity of each, and record steps you have taken or intend to take to mitigate them. A tab containing worked examples is provided for information and illustration, and can also be removed. The register is supplied in Excel format and cannot be downloaded into Word. Please click to access the Precedent risk assessment and register. Whatever the nature of your organisation’s business, you will almost certainly have multiple categories of suppliers, eg spanning catering suppliers through to suppliers of critical manufacturing components......

Precedent Please click to view Precedent. The register is created in Microsoft Excel and is not downloadable into Microsoft Word directly. It is intended primarily for in-house lawyers working in commercial organisations. It helps you ensure all contractual documents are systematically and accurately recorded. Documentation may include, for example, agreements, deeds, leases, confidentiality agreements, NDAs......

From: [ [ insert job title ], ] [ Name ] [ Insert, eg The Senior Leadership Team ] has established a [ insert period ] objective in order to raise our Governance and Compliance benchmarks even further. This entails ensuring every colleague fully comprehends and reliably adheres to our policies, procedures and relevant laws at the highest possible level. Focus areas include data protection, access to our products and services, and appropriate dealings with customers, suppliers and competitors......

1 Introduction This policy provides a summary of the Company’s measures to help workers remain healthy and safe when carrying out their duties on the Company’s premises throughout the ongoing coronavirus ( COVID-19) pandemic. Government advice indicates that COVID-19 will remain part of daily life for the foreseeable future, so we must adapt, live alongside it, and control the risks to ourselves and those around us as far as possible. It adds, but does not supersede, the Company’s health and safety policy. This policy is not incorporated into any employment contract, and Company reserves the right to change it at any time. This policy covers all Company employees, workers and contractors. Coronavirus spreads primarily through droplets and aerosols that reach the eyes, nose or mouth, that are breathed in by another person, or that are...