Risk & Compliance

As a business how well do you understand your regulatory responsibilities and manage the risk?

Every business should have a risk register to monitor its key risks, including compliance, to lessen their impact on the day-to-day operations.

We have designed a unique product, the Haddletons Commercial Risk Assessment, to help you assess and monitor your risks, plan for action and improve your business’s ability to seize opportunities and protect itself.

What we do:

We can support you with:

Sector-specific regulation, including for the following:

  • Chemical
  • Construction
  • Distribution
  • Engineering
  • Energy
  • Food
  • IT
  • Leisure & Entertainment
  • Life Sciences
  • Manufacturing
  • Pharmaceutical
  • Retail
  • Technology (including MedTech)

Why use Haddletons:

Our experienced legal team has worked in-house, within the industries and sectors we serve. This means that we bring specialist insights and knowledge to the table to benefit your business, beyond just legal advice (though we do that expertly too)!

Why not see for yourself!

The Haddletons Way


We earn your trust through our authenticity. We listen, we communicate honestly, we genuinely care.


We are people just like you. Get to know us and you will find that we can do more than just resolve your problems and lighten your load.

Personal Service

We look at the world through your eyes to offer a truly bespoke service. The more we understand you and your world, the more we can do for you.

Premium Quality

We offer a premium service with price certainty. Our insight and expertise applied to your needs.

A great sale is judged not by price alone but on the balance between risk and reward. Haddletons are excellent at helping me see the whole commercial picture. An integral part of my business team!

Jason Tallamy

Sales & Marketing Director, Craftex

Frequently Asked Questions

Has the EU “General Food Law” been retained after Brexit?

This law which is designed to protect human health and the consumer’s interest in relation to food has been retained.

How have SAAS agreements been impacted by Brexit and Data Protection laws?

A key issue in SaaS agreements is who owns the data hosted on the platform, but also who has access to it. If personal data can or is accessed and processed by the provider and customer, there needs to be a (written) agreement in place about who is the data controller and data processor and their respective responsibilities.

The UK’s data protection laws remain as they were prior to Brexit, so it will depend on where the data is being processed (inside or outside the EU) as to how this should be dealt with in the SaaS agreement.

What is a risk register?

A risk register is a document used as a risk management tool by a company to fulfil regulatory compliance. It is the record for all risks identified, including additional information about each risk, such as the likelihood of the risk occurring, its consequences, mitigation measures and the risk owner.

What is COSHH?

This is the Control of Substances Hazardous to Health Regulation 2002 and requires employers to control substances that are hazardous to health.

What is GxP?

GxP is a series of quality guidelines and regulations designed to ensure that biological and pharmaceutical products and processes are safe, meet their intended use, and adhere to quality standards during manufacturing, control, storage, and distribution. GxP is a general abbreviation, the “x” is usually replaced by the relevant letter as required. For example, Good Distribution Practice becomes GDP.

What is Pharmacovigilance?

This is the science and activities relating to the detection, assessment, understanding and prevention of adverse effects or any other medicine-related problem.

What is the difference between Compliance and Risk Management?

Compliance with laws and regulations is generally mandatory; it creates a level playing field of protection for business, employees, the supply chain, and society as a whole. Risk management is wider and not necessarily mandated. Risk management covers risks which a sensible business should manage beyond strict just compliance with the law (like geo-political, insurance or supply chain risks).

What is the Sunshine Act?

The Physician Payments Sunshine Act 2010 is a piece of US legislation which requires manufacturers of drugs, medical devices, biological and medical supplies to monitor financial relationships between doctors and teaching hospitals. It has become a beacon for good governance outside of the USA to ensure transparency and cast a light on conflicts of interest between those that prescribe and those that manufacture drugs and devices.

What is UK REACH?

UK REACH is part of the UK’s chemicals regulatory regime. Reach stands for “Registration, Evaluation, Authorisation and Restriction of Chemicals.” If you sell or distribute chemicals in the UK and the EU, you’ll need to follow both UK REACH and EU REACH rules.

Who has responsibility for deciding on renewable and low carbon energy development in England?

Local planning authorities are responsible for renewable and low carbon developments of 50 megawatts or less installed capacity. Above that it is the Secretary for State for Energy.

Get Started Today

Haddletons are about more than just great legal advice – let us help you strike that balance between risk and reward.