GDPR Checklist for Small Businesses

GDPR Checklist for Small Businesses

Is getting ready to comply with the GDPR at the top of your to-do list? With the implementation date just around the corner, it is time to consider how your business will be impacted and what you need to do to be ready. We’ve compiled a checklist that small businesses can use to plan their course of action.

Understand Personal Data Within your Business

Before anything else, you must be able to understand types of personal data your business is handling (i.e. name, email, address, bank details, etc) and what can be considered as sensitive data (i.e. health information, religious views, etc). You also should know where the data comes from, where it is stored and how it is used.

Develop a Consent Policy

Do you require consent to process personal data? Under the GDPR, consent needs to be explicit, clear and specific, which can make some activities (such as marketing) more difficult. Understand where you need to acquire consent.

Make your Security Policies GDPR-compliant

Spend some time reviewing and updating your security measures and policies – if you don’t have any, get some in place. Using encryption is generally recommended and can avoid your business hefty fines in the event of a data breach.

Prepare for Access Requests

Under the GDPR, all citizens will have the right to access their personal data, rectify inaccurate data, object to their data being processed or even completely erase any of their personal data you hold. You will need to be able to process such requests within the required timeframe.

Create Fair Processing Notices

Under the GDPR, you will be required to use fair processing notices to clearly describe to individuals what you are doing with their personal data. You should include why you are holding the data, who you may be sending the data to (i.e. employee, customer, supplier, etc) and how long you’ll be holding the data for.

Train Your Employees

Everybody in the business should understand what constitutes a personal data breach and how to pick up the signals. All employees should be made aware of the need to report any mistakes or breach to the person responsible for data protection (i.e. the DPO) within 72 hours.

Conduct Due-Diligence on your Supply Chain

To avoid being impacted by any data breaches (and consequent penalties), make sure that all suppliers and contractors are GDPR-compliant. You’ll also need to make sure that you have the right supplier and contractor contract terms in place.

Do you Need to Employ a Data Protection Officer (DPO)?

Unless your business is processing large volumes of personal data, your small business may not need to employ a full-time DPO. However, it is recommended to appoint someone responsible for data protection within the business. Or use a virtual or outsourced option.

Even if you do not hire a full-time DPO, getting all processes and documents in place to be GDPR-compliant can be a lot to take in for small business owners. We can help you assess areas of risks and get prepared to comply with the GDPR. Don’t hesitate to get in touch if this is something you’d like to discuss!

3 things with regards to Document Management and GDPR

3 things with regards to Document Management and GDPR

A Document Management (DM) is about creating, storing and controlling documents, which has become increasingly important in light of the upcoming General Data Protection Regulations (GDPR). To comply with GDPR, you need to look at how documents and data are currently managed within your company. Here are 3 key areas of Document Management that reflect best practice in line with GDPR compliance.

Encryption

In the case of a ransomware attack, how easily could the virus access your company’s data – including staff records or customer bank details? Using a Document Management (DM) means that all files are encrypted on entry and documents are held as images. Your data and documents are then in a much less vulnerable position and minimise risks in case of an attack. Encryption of data is an important aspect of being compliant with GDPR and reflects best practice.

Role Based Access Control

One of the key criteria of the GDPR is to ensure that information and data is locked down, not only protected from the outside world but also within the company itself. Do you really need your Marketing Manager to have access to a customer’s direct debit, or a temp to be able to email or print documents? Staff should only have access to the information they need to do their job. With DM, rules can be put in place so that information access can be restricted.

Retention Control

It is a business’ responsibility to not only ensure that paperwork is stored safely and securely, but also to make sure that it is stored for the appropriate period, in line with the current legislation. For example, financial documents must be stored for up to 7 years, but CV’s should be destroyed as soon a position has been filled – no need to store someone’s personal information at this point. Effective DM can help maintain best practice across the business by storing personal data correctly and flag any documents that have reached the correct time frame for deletion.

Darren Cairney, IT Manager of Document Data Group commented, “When you compare a windows file structure and associated permissions with a document management DM, you can see how a DM is the next step in securing your business-critical data. Windows is by default open until closed with most users unaware that their newly created ‘Shared Docs’ folder could allow all users with read/write access. DM can be set up to allow, ‘no user’ any rights until granted, you can restrict, what is searchable and even what can be seen on the document itself.

According to David Reilly, Data Protection Officer at Create Ts and Cs, “Personal Data and how it is managed has become an even more important business issue because of GDPR.  Treating personal data with respect and in-line with legislation is a decision a company takes in order to manage the business risk.  Deploying the right systems and the correct expertise will go a long way to helping your organisation manage personal data and comply with GDPR”.

Managing Business Risks with Contractor Contracts

Managing Business Risks with Contractor Contracts

The latest statistics from the Office for National Statistics reveal that self-employed people have increased to 15% of the workforce in the UK. Certain sectors such as construction, IT and technology are particularly affected by this trend, as working with contractors, freelancers and subcontractors are commonplace.

Benefits of Hiring Contractors or Subcontractors

Hiring a contractor or subcontractor to do a job can be very cost-effective as the company does not have to provide sick pay, holiday pay, maternity/paternity pay, pensions or other benefits.

Contractors and subcontractors also have a wealth of experience and knowledge that are often specific to a certain market or sector, so it’s often an ideal solution for expanding businesses to strengthen their position.

What are the Risks of Hiring Contractors or Subcontractors?

While contractors not being employees have certain financial advantages, companies must be aware that they also have to balance the risks that hiring freelancers can incur. One issue is that freelancers could be mistaken for employees by HMRC. Not being able to prove the opposite could lead to hefty fines and penalties.

Other main risks for businesses include:

  • Client ownership: Who owns the client: the contractor or subcontractor?
  • Notice periods: Having no notice period in the contract or agreement could help when determining your IR35 status, as employees usually get notice periods but not contractors.
  • Payment terms: Contractor contracts must clearly indicate any terms for payment that must be observed.
  • Responsibilities and liabilities: Contracts should outline what the contractor can and cannot be liable for.
  • Intellectual property ownership: For some sectors, it is key to consider ownership of intellectual property in contractor agreements in order to avoid further issues.

 

How Can I Manage the Risks of Hiring Contractors or Subcontractors?

By adopting a diligent approach to contractor management and making sure your contractor contracts are thoroughly reviewed, companies can easily manage the risks of hiring a freelancer/contractor, meaning that both parties can benefit from the agreement.

From an HMRC perspective, it’s important to make sure you can differentiate yourself from appearing as an employee by stating the contractor status clearly and have the correct documentation in order to keep HMRC off your back. To do so, it’s essential to cater for the IR35 issue within the contract itself.

Do you have all the correct documentation and contract terms in place? Take the first step towards better protection for your business by getting in touch today.

Jurisdiction – a snapshot

When piecing together a contract, an often neglected but incredibly important area (quite literally) is jurisdiction and it seems wild to want to travel the world to fall out – or challenge the contract in court.

Let’s strip this back, what is jurisdiction? Quite simply, it’s the location in which your contract is legally defined and establishes what country’s law the court will hear a claim brought under the contract in question, i.e. an English court will not see a Scottish contract and vice versa.

So how do you choose jurisdiction? Well, if something were to go wrong, where do you want to sort it out any potential dispute and what law do you want to apply?

If the majority of your business takes place within your own country, it’s a no brainer! So why do so many people skim this clause and want to head elsewhere to go to court? It very quickly becomes expensive if you have to source a lawyer in a different country, never mind travel costs associated with choosing the different jurisdiction. However, in some cases the Jurisdiction is imposed upon the business as part of the negotiation, so this issue is not clear cut.
If a court does not have jurisdiction to hear your case, you will be sent packing and in the unlikely event that a court starts to hear a case outside the jurisdiction, it would have to be stopped and transferred to the correct jurisdiction which then may result in potential delays to a case and more expense all round.
In an English court, an English magistrate or judge will not be able to pass judgement on a Scottish contract and vice versa, this can become even more complicated when you start moving out with the UK and particularly with more complex cases that need to be taken somewhere with a more experienced judge.
Choosing your jurisdiction strategically may benefit you, should a claim arise. For example, a contract bound under Scottish Law dealing with an American client. Should a claim be made under the contract, the U.S party would need to source a Scottish lawyer and incur massive costs travelling to and staying in another country which in turn might be too much effort for a claim (depending on the severity of it).

In a nutshell, where possible the law should be practical, so choose your jurisdiction to minimise cost, travel and keep your energy for what matters to you.

Small businesses, donations and working with charities.

In our experience, a lot of small business owners are very aware of social responsibilities and many have started businesses based upon a principle or an ethos.

It would seem that small businesses are the perfect target for a charity or ethical organisation that requires donations. It appears logical, that a principled small business owner would be very keen to have a transparent and open link with a charity, especially a charity that reflects their values and is compatible with their approach to business. As a small business making smaller more frequent donations works for us as opposed to large one off donations.

So with that in mind; here are two suggestions or challenges, that if overcome, would help us integrate a charity into my business.

The first issue is highlighting the destination of the donation and the positive impact it may have?
There is a certain cynicism with regards to how much of the donation goes to the cause itself, perhaps the charity can tackle that issue by providing a statement or a certificate with every donation, outlining where the money is going and what percentage will impact the grassroots, or make a difference?

The second issue is access to a branded dedicated link (continuously live) to make it easy for our clients and us to make a donation. For example, some of our services like ‘updating a contract’, may require minor tweaks and we may avoid charging our clients for the work, however attaching a value to the work is useful and may be an opportunity to integrate a charitable donation option into our service. Its means we complete minor work for a fixed value which results in a donation instead of a direct payment or not charging any fee.

The charities we’ve spoken with are not structured to provide a simple payment mechanism for us to use. You would think with all the technology out there that making a charitable donation that’s transparent, open and ethically acceptable would be a simple task.

Hope you find our thoughts on this subject of interest.

No Warranty No Clarity

This blog is part 2 of a series of 5 that is preoccupied with small business using contracts to avoid contractual disputes. Court is an expensive pursuit and building self-remedy or clauses into your contract, that are enforceable and offer solutions to problems that may arise is practically useful to small businesses. A considered contract can help you save money, time and effort.

Warranty in simple terms means performance. So outlining how the product or service will perform seems obvious but in many cases, the details provided are scant at best. In many cases, the contract generally fails to outline the key aspects of performance and in turn creates ambiguity. It’s this grey area that can lead to further issues, as during times of dispute, areas of uncertainty become points of discussion or argument.

This gets even more troublesome when there’s a returns policy or a maintenance/service agreement to support post installation or delivery. Stating what is covered by the contract with regards to the basic product’s functionality is one thing but when something breaks or fails to work, what then? Remember these products or service are manufactured and delivered by humans, so things happen, the important thing is outlining what happens next?

Going to the trouble of employing the right contract drafter to ask the right questions and create a contract that is designed to help both parties work together long-term, is worthwhile. Contracts are avoided by those who see no need for outlining the negatives…..but knowing what might happen in the event of….is arguably good customer service and is considerate to both you and your customers time and energy.

The next blog will focus on intellectual property…..

Think ahead – plan to avoid contract problems

Small businesses should try and resolve their own contractual disputes where possible. It’s very expensive to use the courts as a way of resolving disputes. It costs too much time and money.

This means building remedy into the contract. This is certainly one way of resolving disputes as they arise.

The onus is on the contract drafter to project ahead and scenario plan, or capture moments of concern as you work with clients. You can’t avoid every dispute, but you can minimise the number and the impact on your business.

The result will be the inclusion of clauses that are created to protect the business, manage the client’s expectations and in many cases demonstrate to potential clients a way to engage that allows you to deliver services effectively and in line with what’s been agreed.

Over the following weeks, i’ll be publishing a variety of examples starting with the issue of warranty…..

End

A change in the law leads to new liability for Design and Planners.

Changes to the Construction (Design and Management) regulations 2015, means that those companies (including sole traders), that offer design and planning services to both consumer (householders) and businesses could be liable for health and safety breaches on site even though the builder is the one doing the work.

Not unlike the smoking ban the liability is on those with a lot to lose, the law in that instance targets the smoker through the publican for having a person smoking on the premises, this act pushes the owner to act.  Laws are anthropological, they drive behaviour, whether you agree or disagree with them, it still means the law needs to be adhered to and in the example of the design and planner navigated so their risk is managed and the business protected.

When laws are structured like so, I can’t help but feel more than a little sympathy for the – in this instance – the design and planner who now starts the process of introducing a standard to the chain for events that will lead to a building being built.

We can see why the changes are in place, trying to raise the standard is the goal, the final property will be eligible for warranty and will be re-saleable, a marketable property as opposed to that of a property built based on poor standards which could lead to a disastrous set of circumstances.

This sector is already full of regulation but this new health and Safety legislation will introduce more complexity and challenges for all involved.

So, in a situation where there are multiple contractors, there will be a pressure on design and planning companies to establish the process before a shovel is in the ground.

Create Ts and Cs draft contracts that are relevant to both your business and your industry or sector.  Call us for a quote today 0141 5856384.

Credibility through good contracts – bespoke V DIY

Would you buy from a business that has clearly cut and pasted their contracts? Something that doesn’t have the buyers’ rights included and bias towards the business?

With buyers becoming more aware of their rights, they now understand a contract and what it means in relation to them. If they don’t see a contract that shows commitment to them, or their rights being reflected then they are less likely to do business. A set of bullet points or a basic contract that has no real protection or does not manage risk for the customer won’t attract custom.

A contract that is well drafted and legally enforceable will help to attract custom and differentiate a business from its competitors. Any business that has ambitions to build up a client base should consider having a bespoke contract rather than a self-drafted or DIY set of terms and conditions.

Yes, you’re contract should reflect the business operation and sales processes, be in line with the law and manage your liability. But a contract also serves as a communication to your clients. And because of this it is important to consider what a client thinks and feels about your business. If a client feels that they are being looked after then they will return.

A good contract will help to attract the right kind of client base – one that shows loyalty to a business. If a business shows through their contract that they are adhering to the law and go out of their way to protect their clients rights, this will encourage quality clients – who will pay their bills on time, and show loyalty.

If you’re contract is written in legalese and doesn’t make sense to your clients then it may be difficult for them to adhere to your terms and conditions. A bespoke contract, that is drafted specifically for your business should be written in accessible style.

Whether your business is traditional, online, or app based it is important to have a contract that reflects the quality of your business. A DIY or self-drafted contract can on many occasions could be a barrier to sale. A clear well drafted contract will encourage clients with its accessibility, care towards the client and efforts to protect both parties, is more likely to encourage the type of clients you want to have. As a business, can you afford to get this wrong and risk losing sales?

 

Bespoke vs DIY

 

Customer service and the contract – getting the balance right

Customer service and the contract – getting the balance right

A contract is primarily there to protect your business and your clients. It sets out how each party is expected to act and manages the business liability and risks. But as a business owner do you know exactly what is in your terms and conditions?

Regards dealing with consumers, we know that on average 73% of consumers admit to not reading the small print, but it would be interesting to discover the figure in relation to businesses – our view based on our clients feedback is that small businesses are more likely to read one another’s’ Ts and Cs because of the equality in bargaining power.

Yes it may be a mundane, time consuming task to read through the contract but it is there to protect you and therefore it’s important to know the content.

Every business wants to have happy clients. However, people pleasing can be confusing to customers. Whilst it is important to keep your clients happy, you also need to manage their expectations. Telling a customer what they want to hear every time might seem like a good idea, but in reality all it will do is cause problems.  A contract helps to manage the clients expectations afterall you simply want to deliver the best service to your client.

In the event of a dispute, it might be easier to blame the contract because you don’t know what is in it, but ignorance is no defence. A contract is there to help and support your business, and usually if there is a problem then it will help you to resolve that dispute.

By taking the time to understand what is in your contracts you can help to grow your business and reduce the number of customer disputes. Contracts are there for a practical reason, they add to your professionalism, help manage risk and can promote business sustainability.

Create Ts and Cs provide a bespoke set of Terms and Conditions for your business at a fixed price, this unique approach to individualising commercial Terms and Conditions allow Start up and SME sized businesses the opportunity to protect themselves, manage risk and guard against future unnecessary disputes at an affordable price. Download: terms & conditions | privacy policy