About Risk & Compliance
Lexis+ Risk & Compliance is an online practical guidance product for in-house legal and compliance teams dealing with the ever-increasing and ever-shifting burden of risk and compliance.
Risk management guides
Each guide identifies five key priorities for the area of risk, and gives a heads-up on why each is a priority area. The priority is explained in further detail, with a series of mini-checklists and action points.
Competition & antitrust law compliance
Having a clear understanding of the nature of competition law compliance and the associated risks/challenges for businesses is the first step to setting effective compliance arrangements. We help organisations with this.
GDPR compliance
Practical guidance tools, registers, training aids and other templates to help you comply with data protection law and manage privacy risks
Regulation
Helping in-house counsel, privacy and compliance professionals manage the regulatory burden. GDPR, BA, MLR and plenty more, we've got it covered.
Topics We Cover
Latest Risk & Compliance News
This week's edition of Risk & Compliance weekly highlights includes: the European Parliament’s work on tensions between the EU AI Act and the EU GDPR...
The European Parliament has highlighted the challenges posed by Regulation (EU) 2024/168 (EU AI Act), which entered into force in August 2024, in...
The Department for Business and Trade (DBT) has revised its guidance on applying for a licence to provide sanctioned trade services. The revision...
The Financial Action Task Force (FATF) has launched two public consultations. The first consultation seeks feedback on updated guidance for anti-money...
General Licence INT/2025/5635701, relating to the wind-down of activities with Russian oil majors, has expired as of 05:01 on 27 February 2025. The...
Latest Risk & Compliance Practice Notes
How to complete a transfer risk assessment—international data transfer—ICO methodologyThis Practice Note is intended for in-house lawyers and privacy...
Responding to a data subject access request—information identifying other individualsThis Practice Note is intended for general commercial...
New and updated content 2025—Risk & ComplianceThis Practice Note tells you, on a month-by-month basis, whether we have made substantive amendments to...
Direct marketing—UK GDPR and PECR 2003 interplayThis Practice Note provides a high-level summary of the data protection regime applicable to direct...
OFSI General Licence trackerThis Practice Note tracks General Licences issued by the Office of Financial Sanctions Implementation (OFSI) under the UK...
Latest Risk & Compliance Precedents
Response to data subject request—all rights—requesting identity information or confirming authority[Name of individual making request][Address of...
Fire warden role profileName of organisation[insert name of organisation]Name of role holder[insert name]Reports to[insert name]Role type(Full...
Privacy impact assessmentPlease ensure that this Privacy impact assessment is sufficient for your needs—you may need to carry out a full Data...
Data protection by design and default—policy1Data protection by design and default—the concept1.1Data protection by design and default (DPbDD) is a...
Response to data subject request—right of portability—clarifying data and format[Name of individual making request][Address of individual making...
Latest Risk & Compliance Q&As
Featured Risk & Compliance content
How to manage legal risk
How to manage legal riskIt is often said that running a business means taking risks and that the biggest risk an entrepreneur can take is not to think...
Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?
Can I charge a fee for dealing with a data subject access request?
Tipping-off and prejudicing an investigation
Tipping-off and prejudicing an investigationThere are several offences of tipping-off and prejudicing an investigation that apply to the regulated...
Dawn raid—who can raid my organisation and why?
Dawn raid—who can raid my organisation and why?The UK Government has legislated to permit a number of UK authorities to obtain search warrants to...
Contract management risk management guide
Contract management risk management guideWhy you need to manage this riskContract management is often seen by the business as an activity which is...
Confidentiality risk management guide
Confidentiality risk management guideWhy you need to manage this riskConfidential information is one of the most valuable assets of any business....
Money Laundering Regulations 2017—simplified due diligence
Money Laundering Regulations 2017—simplified due diligenceYou may apply simplified customer due diligence (SDD) measures in relation to particular...
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyers
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyersThis Practice Note provides guidance for in-house solicitors on the SRA Code of...
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businesses
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businessesThe Money...
Dealing with the National Crime Agency
Dealing with the National Crime AgencyThis Practice Note provides high-level guidance on dealing with the National Crime Agency. It sets out the role,...
Public statement on data breach
Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber attack OR data protection breach] on [insert...
Money Laundering Regulations 2017—nominated officer
Money Laundering Regulations 2017—nominated officerThis Practice Note sets out when organisations must appoint a nominated officer (sometimes referred...
Dealing with the Serious Fraud Office
Dealing with the Serious Fraud OfficeSFO—role and powersRoleThe Serious Fraud Office (SFO) is the authority in England, Wales and Northern Ireland...
How to conduct a legitimate interest assessment (LIA)
How to conduct a legitimate interest assessment (LIA)The UK General Data Protection Regulation (UK GDPR) permits processing of personal data where...
Refusing a data subject request—what is ‘manifestly unfounded or excessive’?
If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?
Dealing with dawn raids by the Information Commissioner’s Office
Dealing with dawn raids by the Information Commissioner’s OfficeThis document reflects the UK GDPR regime. References and links to the GDPR refer to...
Associated legal terms
BBC
The ‘BBC’ is a public service broadcaster established by Royal Charter. It’s funded by the licence fee paid by UK households. It provides national TV channels, regional TV programmes, an internet TV service (BBC Three), national radio stations, local radio stations and a website.
Layered architecture
The concept of layered network architecture divides a network at any specific point into layers, each of which adds value to the physical medium of communication.
Relator
A person who is aggrieved in a matter of public interest and who satisfies the Attorney General that the matter is such as to justify proceedings being brought in the Attorney General's name.
CONTACT US
