With the new financial year upon us it can be easy to lose track of the important commercial legal issues facing your business. To help you cut through the noise of the Chancellor’s budget and uncertainty surrounding the EU referendum outcome, we have summarised the top 10 legal issues that you should be keeping an eye on this year.


A UK exit from the EU in June’s referendum would carry with it significant legal consequences for businesses. There is, however, uncertainty about how the UK’s post-exit relationship with the EU might look, which makes it difficult to accurately predict what these consequences will be. Nevertheless, there would be a period of at least two years between a decision to leave the EU and an effective date for Brexit, giving businesses sufficient time to adapt to changes in UK policy before they come into effect.

Some of the key UK policy areas that would be affected by Brexit are more easily identifiable:

Freedom of Movement

Free movement of capital, people and goods are fundamental freedoms underpinning the EU’s single market. Brexit could trigger increased barriers to trade, but may be balanced to some extent by a reduced EU regulatory burden.

Consumer Policy

A huge amount of UK consumer protection regulation is derived from the EU. Directives implemented in the UK protect consumers when they have been sold faulty products and an EU exit would end further harmonisation efforts.

Data Protection

The data protection framework in the UK is largely governed by EU-derived legislation. Leaving the EU would raise questions about the rules in place to protect personal data. 

Competition Regulation

Unfair competition rules and anti-discriminatory principles lie at the heart of the Treaty on the Functioning of the European Union. It is unclear how these might change if the UK were to leave the EU.

For more information on the mechanics of leaving the European Union, please click here.


Section 54 of the Modern Slavery Act entered into force on 31 October 2015. It is, however, this year that we can expect to see a glut of “slavery and human trafficking statements” published from regulated entities (i.e. those with a global turnover exceeding £36 million and a “business presence” in the UK). The first entities required to publish will be those with a financial year ending on 31 March 2016; the Government has said that it expects statements to be published within six months of financial year end.   

Statements must either set out the steps that have been taken to ensure that there is no slavery or human trafficking in their supply chains or state that no such steps have been taken. 

While non-compliance could lead to enforcement action from HM Government, businesses should also carefully consider the reputational damage that is likely to occur if statements raise questions about a firm’s practices.  We recommend that businesses review operations, carry out a supply chain audit and produce a clear policy reflecting the values of the organisation in relation to modern slavery. Given the number of potential stumbling blocks on the path to fulfilling the requirements of the reporting obligation, preparation is key.


In 2015 UK consumer law was significantly overhauled when the Consumer Rights Act 2015 (“CRA”) came into force on 1 October. The CRA consolidated and clarified existing consumer law as well as creating a number of additional protections for consumers buying goods and services online.

The EU’s legislative agenda for 2016 includes further harmonisation of the rules governing online consumer sales across the EU. If passed in their current form, the proposals would require amendments to certain key aspects of the CRA with the result of boosting consumer protection in the UK in some areas and watering it down in others.

In light of the further changes ahead if you are involved in selling goods online or supplying digital content be prepared that you may well need to look again at your consumer facing documents, procedures and policies to ensure they are compliant with the amended CRA. In addition, you will need to keep your terms and conditions of sale and policies on returns, refunds and other remedies under review.

From 15 February 2016, if something does go wrong with goods or services sold online, consumers can seek redress using the EU’s Online Dispute Resolution (“ODR”) platform. Every online trader will be required to include a link to the ODR platform on its website and in some cases provide information about the possibility of using the platform for resolving disputes arising from its online sales or services contracts. 


Efforts to improve the effectiveness of the digital single market will continue apace in 2016 as the European Commission seeks to improve access to digital goods and services.

This year the Commission is expected to analyse the legal framework for the enforcement of intellectual property rights, including copyright, and has already published a roadmap to address what it perceives as unjustified geo-blocking, which prevents consumers from being able to access online services available in other EU countries based on place of residence or nationality.

The EU is also consulting on legislation that is intended to ensure that European consumers will be able to access digital subscriptions when travelling in other EU countries. The intention is that “portable” digital services will allow consumers to continue to use their online subscriptions available at home, while temporarily in another EU member state.

Subscription service providers will need to consider amending their standard contracts to comply with changes in the law and rights-holders will seek to ensure that agreements with providers contain effective verification measures so that only genuine subscribers are granted access to these “portable” digital services.


New EU rules are coming into force for water, energy, transport and postal contracts and concessions, through new Regulations implementing EU Directives passed in 2014. Concessionaires will face new tendering requirements and utilities procurements are being brought in line with ‘classic’ procurements (governed since 26 February 2015 by the Public Contracts Regulations 2015).

Recently-published implementation consultation responses have generally mandated enactment by 18 April 2016, albeit certain issues were raised, notably:


  • Contract-awarding bodies will have to determine whether they are caught rather than relying on a list.
  • Previous European Commission exemption decisions are explicitly referenced, whilst bodies can also apply directly for Commission exemption - carefully assessing eligibility for exemption could save considerable time and expense.
  • The same rules on mandatory and discretionary exclusion of tenderers will apply as for ‘classic’ procurement - advice from expert practitioners could avoid debarment from valuable opportunities.


  • A relatively large proportion of concessions are likely to trip the thresholds, placing new requirements on numerous operators.
  • Regulated contracts will generally be restricted to five years, subject to extensions allowing reasonable recovery of investment; how discretion to sanction longer terms will be exercised remains to be seen (e.g. what represents an appropriate return on capital?).
  • The Regulations will also govern modifications to the original award, raising potentially serious issues, as with ‘classic’ procurements.


In February 2016, it was announced that a political agreement had been reached on the first draft of a new framework to govern the transfer of data between the EU and the US. Known as the ‘EU-US Privacy Shield’ (‘Privacy Shield’), the mechanism seeks to remedy the deficiencies of the old Safe Harbour framework, which was declared invalid by the Court of Justice of the European Union in October 2015 amidst revelations of NSA spying.

In the recently published draft “adequacy decision”, the EU Commission signalled that, if the decision is approved, the Commission will rely on the reassurances given by the US President and the NSA to support its finding that the US ensures an adequate level of protection for personal data transferred under the Privacy Shield. Given some unresolved criticism we are yet to see if Privacy Shield will be approved by June, as has been suggested.

In the meantime, it is recommended that businesses adopt an appropriate alternative mechanism until regulators provide further clarification on the Privacy Shield’s status. The non-enforcement period ended in February and some EU regulators have started reviewing businesses that still purport to rely on the invalid Safe Harbour mechanism.

If adopted, the framework will impose obligations on companies to self-certify annually that they are abiding by the rules. Companies would be obliged to respond to complainants from the EU within 45 days and, if they fail to comply, could be removed from the Privacy Shield list and forced to return or delete any personal data received under the mechanism. Generally, Privacy Shield is a great step forward for the US privacy landscape, but we are yet to see how its benefits will translate into EU-US business relations.


The General Data Protection Regulation (‘GDPR’) is the most significant development in data protection law in 20 years and applies to all businesses handling any personal data, as well as any third parties responsible for processing such data.

The GDPR strengthens the consent requirement for the processing of personal data, bolsters enforcement powers, imposes a breach notification requirement and expands the reach of data protection rules territorially. Businesses should also note the requirement for parental consent to process the personal data of children under the age of 16, which could have significant implications for social media platforms.

Although not likely to come into force until early 2018, businesses should be preparing for its impact now, not least by ensuring that decision makers are aware of the impact of GDPR. Privacy policies will need to be updated, new mandatory Data Protection Officers appointed and, where the risk of a data breach is particularly high, future impact assessments conducted. Failure to comply could lead to a maximum fine of EUR 20 million or 4% of total worldwide annual turnover, whichever is the higher.

In addition, the Cyber Security Directive is also expected to be formally approved in the first half of 2016, which focuses on ensuring that businesses take sufficient precautions to prevent third parties accessing data.


This year the EU is set to produce a new Directive to protect trade secrets, as protection in many states is deficient in some respect. The law aims to achieve partial harmonisation, setting minimum standards and providing safeguards against laws that are too stringent. The new law will protect “Trade Secrets”, which must be secret, have commercial value because they are secret, and reasonable steps must have been taken in the circumstances to keep them secret. The requirement to take reasonable steps will be a new general requirement under English law.

There will be protection against the unlawful acquisition, use or disclosure of a trade secret, as well as acquisition, use or disclosure where a person knew or should have known that the trade secret had been obtained unlawfully by somebody else. The legislation could also be used to prevent goods that benefit from the unlawful use of trade secrets from being knowingly produced or placed on the market.


Blockchain technology is primarily used to underpin Bitcoin, the digital currency. Blockchain uses a decentralised network of computers to create a ledger of all transactions that have been executed for a particular asset, which ultimately keeps track of who owns the asset. Blockchain allows participants to view transactions in real time. This provides opportunities for businesses (and regulators) to collect valuable data and cut processing times.

The implications of Blockchain for the financial services industry are potentially enormous. In 2016 we anticipate that the key developments will concern the application of Blockchain to existing business practices. Some of the world’s leading financial institutions have already joined a private Blockchain consortium, R3, which aims to apply distributed ledger technologies to global financial markets. The success of Blockchain depends on the ability to adapt existing infrastructure to the new technology and the establishment of a regulatory framework.

It is likely that businesses will initially use Blockchain internally. In the longer term, Blockchain may well impact on areas beyond the financial sector. In relation to transactions, “smart contracts” underpinned by Blockchain could be designed to hold and release assets automatically subject to the fulfilment of conditions in the contract. Blockchain provides exciting opportunities for businesses, both for developers looking to sell products using Blockchain technology and for organisations looking to use technology to streamline their processes. 


As ever, the appeal courts will make some potentially game-changing decisions. Those listed in the Supreme Court and worth watching include:

PST Energy 7 Shipping LLC and another v O.W. Bunker Malta Limited and another [UKSC 2015/0236]

  • Is the contract, which contains a retention of title clause, a contract for the sale of goods within the meaning of s.2(1) of the Sale of Goods Act 1979?
  • If not, was it an implied condition of the contract that O.W. Bunker Malta Limited would perform its obligations to its supplier, in particular by paying for the goods timeously?