About Risk & Compliance
Lexis+ Risk & Compliance is an online practical guidance product for in-house legal and compliance teams dealing with the ever-increasing and ever-shifting burden of risk and compliance.
Risk management guides
Each guide identifies five key priorities for the area of risk, and gives a heads-up on why each is a priority area. The priority is explained in further detail, with a series of mini-checklists and action points.
Competition & antitrust law compliance
Having a clear understanding of the nature of competition law compliance and the associated risks/challenges for businesses is the first step to setting effective compliance arrangements. We help organisations with this.
GDPR compliance
Practical guidance tools, registers, training aids and other templates to help you comply with data protection law and manage privacy risks
Regulation
Helping in-house counsel, privacy and compliance professionals manage the regulatory burden. GDPR, BA, MLR and plenty more, we've got it covered.
Topics We Cover
Latest Risk & Compliance News
This week's edition of Risk and Compliance weekly highlights includes: our new Risk & Compliance forecast, the timeline for the introduction of the UK...
The Serious Fraud Office (SFO), Parquet National Financier (PNF) and Office of the Attorney General of Switzerland (OAG) announced the formation of an...
The Office of Financial Sanctions Implementation (OFSI) has issued a £465,000 penalty to Herbert Smith Freehills CIS LLP Moscow (HSF Moscow) for...
The Export Control Joint Unit (ECJU) has issued a Notice to Exporters 2025/07, announcing updates to the Open General Licence for AUKUS Nations. The...
Our new Risk & Compliance forecast (as at 18 March 2025) is now live. This month we report on items including: (1) plans to publish updated guidance...
Latest Risk & Compliance Practice Notes
How to process personal data lawfullyAn organisation cannot simply process personal data because it wishes to do so. It can only process personal data...
Diversity monitoring and data protectionThis Practice Note it is intended for commercial organisations in the UK and is not sector-specific. It...
Data protection and internal investigationsIncreasingly, organisations are required to conduct investigations to meet their legal obligations. Common...
How to complete a transfer impact assessment—international data transfer—EU methodologyThis Practice Note is intended for in-house lawyers and privacy...
How to complete a transfer risk assessment—international data transfer—ICO methodologyThis Practice Note is intended for in-house lawyers and privacy...
Latest Risk & Compliance Precedents
UK GDPR—2022 standard contractual clauses (SCCs) for the transfer of personal data outside the UK—Addendum to 2021 EU SCCsIn briefChapter V (Transfers...
Standard contractual clauses for international transfers—2004 (set II)—controller to controller—ICO templates [Archived]ARCHIVED: This Precedent has...
UK GDPR—2022 standard contractual clauses (SCCs) for the transfer of personal data outside the UK—International Data Transfer Agreement (IDTA) In...
Standard contractual clauses for international transfers—2010—controller to processor—ICO templates [Archived]ARCHIVED: This Precedent has been...
Legitimate interests assessment—data processing1BackgroundName and position of person(s) conducting assessment [Insert name]Date of assessment[Insert...
Latest Risk & Compliance Q&As
Featured Risk & Compliance content
How to manage legal risk
How to manage legal riskIt is often said that running a business means taking risks and that the biggest risk an entrepreneur can take is not to think...
Can a limited company make a subject access request? Can a director of a limited company ask for recordings of calls with us? If yes, what personal data must we provide?
Can I charge a fee for dealing with a data subject access request?
Tipping-off and prejudicing an investigation
Tipping-off and prejudicing an investigationThere are several offences of tipping-off and prejudicing an investigation that apply to the regulated...
Dawn raid—who can raid my organisation and why?
Dawn raid—who can raid my organisation and why?The UK Government has legislated to permit a number of UK authorities to obtain search warrants to...
Contract management risk management guide
Contract management risk management guideWhy you need to manage this riskContract management is often seen by the business as an activity which is...
Confidentiality risk management guide
Confidentiality risk management guideWhy you need to manage this riskConfidential information is one of the most valuable assets of any business....
Money Laundering Regulations 2017—simplified due diligence
Money Laundering Regulations 2017—simplified due diligenceYou may apply simplified customer due diligence (SDD) measures in relation to particular...
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyers
SRA Code of Conduct for Solicitors, RELs and RFLs—for in-house lawyersThis Practice Note provides guidance for in-house solicitors on the SRA Code of...
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businesses
Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017—key information for businessesThe Money...
Dealing with the National Crime Agency
Dealing with the National Crime AgencyThis Practice Note provides high-level guidance on dealing with the National Crime Agency. It sets out the role,...
Public statement on data breach
Public statement on data breachStatement by [insert name of organisation] concerning a significant [cyber attack OR data protection breach] on [insert...
Money Laundering Regulations 2017—nominated officer
Money Laundering Regulations 2017—nominated officerThis Practice Note sets out when organisations must appoint a nominated officer (sometimes referred...
Dealing with the Serious Fraud Office
Dealing with the Serious Fraud OfficeSFO—role and powersRoleThe Serious Fraud Office (SFO) is the authority in England, Wales and Northern Ireland...
How to conduct a legitimate interest assessment (LIA)
How to conduct a legitimate interest assessment (LIA)The UK General Data Protection Regulation (UK GDPR) permits processing of personal data where...
Refusing a data subject request—what is ‘manifestly unfounded or excessive’?
If a multinational company with entities in a number of EU states has registered a data protection officer (DPO) with the Information Commissioner’s Office (ICO), does it need to register a DPO in the other EU states where it has entities or is registration in one country sufficient?
Dealing with dawn raids by the Information Commissioner’s Office
Dealing with dawn raids by the Information Commissioner’s OfficeThis document reflects the UK GDPR regime. References and links to the GDPR refer to...
Associated legal terms
D&B
Dun and Bradstreet.
Master development agreement
An agreement entered into by an operator and a franchisor where the operator must operate franchise outlets itself within a designated area and may not sub-franchise to third parties.
Ordinary shares
Securities which represent an ownership interest in a company.
CONTACT US
