Advice

GDPR Checklist for Small Businesses

GDPR Checklist for Small Businesses

Is getting ready to comply with the GDPR at the top of your to-do list? With the implementation date just around the corner, it is time to consider how your business will be impacted and what you need to do to be ready. We’ve compiled a checklist that small businesses can use to plan their course of action.

Understand Personal Data Within your Business

Before anything else, you must be able to understand types of personal data your business is handling (i.e. name, email, address, bank details, etc) and what can be considered as sensitive data (i.e. health information, religious views, etc). You also should know where the data comes from, where it is stored and how it is used.

Develop a Consent Policy

Do you require consent to process personal data? Under the GDPR, consent needs to be explicit, clear and specific, which can make some activities (such as marketing) more difficult. Understand where you need to acquire consent.

Make your Security Policies GDPR-compliant

Spend some time reviewing and updating your security measures and policies – if you don’t have any, get some in place. Using encryption is generally recommended and can avoid your business hefty fines in the event of a data breach.

Prepare for Access Requests

Under the GDPR, all citizens will have the right to access their personal data, rectify inaccurate data, object to their data being processed or even completely erase any of their personal data you hold. You will need to be able to process such requests within the required timeframe.

Create Fair Processing Notices

Under the GDPR, you will be required to use fair processing notices to clearly describe to individuals what you are doing with their personal data. You should include why you are holding the data, who you may be sending the data to (i.e. employee, customer, supplier, etc) and how long you’ll be holding the data for.

Train Your Employees

Everybody in the business should understand what constitutes a personal data breach and how to pick up the signals. All employees should be made aware of the need to report any mistakes or breach to the person responsible for data protection (i.e. the DPO) within 72 hours.

Conduct Due-Diligence on your Supply Chain

To avoid being impacted by any data breaches (and consequent penalties), make sure that all suppliers and contractors are GDPR-compliant. You’ll also need to make sure that you have the right supplier and contractor contract terms in place.

Do you Need to Employ a Data Protection Officer (DPO)?

Unless your business is processing large volumes of personal data, your small business may not need to employ a full-time DPO. However, it is recommended to appoint someone responsible for data protection within the business. Or use a virtual or outsourced option.

Even if you do not hire a full-time DPO, getting all processes and documents in place to be GDPR-compliant can be a lot to take in for small business owners. We can help you assess areas of risks and get prepared to comply with the GDPR. Don’t hesitate to get in touch if this is something you’d like to discuss!

3 things with regards to Document Management and GDPR

3 things with regards to Document Management and GDPR

A Document Management (DM) is about creating, storing and controlling documents, which has become increasingly important in light of the upcoming General Data Protection Regulations (GDPR). To comply with GDPR, you need to look at how documents and data are currently managed within your company. Here are 3 key areas of Document Management that reflect best practice in line with GDPR compliance.

Encryption

In the case of a ransomware attack, how easily could the virus access your company’s data – including staff records or customer bank details? Using a Document Management (DM) means that all files are encrypted on entry and documents are held as images. Your data and documents are then in a much less vulnerable position and minimise risks in case of an attack. Encryption of data is an important aspect of being compliant with GDPR and reflects best practice.

Role Based Access Control

One of the key criteria of the GDPR is to ensure that information and data is locked down, not only protected from the outside world but also within the company itself. Do you really need your Marketing Manager to have access to a customer’s direct debit, or a temp to be able to email or print documents? Staff should only have access to the information they need to do their job. With DM, rules can be put in place so that information access can be restricted.

Retention Control

It is a business’ responsibility to not only ensure that paperwork is stored safely and securely, but also to make sure that it is stored for the appropriate period, in line with the current legislation. For example, financial documents must be stored for up to 7 years, but CV’s should be destroyed as soon a position has been filled – no need to store someone’s personal information at this point. Effective DM can help maintain best practice across the business by storing personal data correctly and flag any documents that have reached the correct time frame for deletion.

Darren Cairney, IT Manager of Document Data Group commented, “When you compare a windows file structure and associated permissions with a document management DM, you can see how a DM is the next step in securing your business-critical data. Windows is by default open until closed with most users unaware that their newly created ‘Shared Docs’ folder could allow all users with read/write access. DM can be set up to allow, ‘no user’ any rights until granted, you can restrict, what is searchable and even what can be seen on the document itself.

According to David Reilly, Data Protection Officer at Create Ts and Cs, “Personal Data and how it is managed has become an even more important business issue because of GDPR.  Treating personal data with respect and in-line with legislation is a decision a company takes in order to manage the business risk.  Deploying the right systems and the correct expertise will go a long way to helping your organisation manage personal data and comply with GDPR”.

Managing Business Risks with Contractor Contracts

Managing Business Risks with Contractor Contracts

The latest statistics from the Office for National Statistics reveal that self-employed people have increased to 15% of the workforce in the UK. Certain sectors such as construction, IT and technology are particularly affected by this trend, as working with contractors, freelancers and subcontractors are commonplace.

Benefits of Hiring Contractors or Subcontractors

Hiring a contractor or subcontractor to do a job can be very cost-effective as the company does not have to provide sick pay, holiday pay, maternity/paternity pay, pensions or other benefits.

Contractors and subcontractors also have a wealth of experience and knowledge that are often specific to a certain market or sector, so it’s often an ideal solution for expanding businesses to strengthen their position.

What are the Risks of Hiring Contractors or Subcontractors?

While contractors not being employees have certain financial advantages, companies must be aware that they also have to balance the risks that hiring freelancers can incur. One issue is that freelancers could be mistaken for employees by HMRC. Not being able to prove the opposite could lead to hefty fines and penalties.

Other main risks for businesses include:

  • Client ownership: Who owns the client: the contractor or subcontractor?
  • Notice periods: Having no notice period in the contract or agreement could help when determining your IR35 status, as employees usually get notice periods but not contractors.
  • Payment terms: Contractor contracts must clearly indicate any terms for payment that must be observed.
  • Responsibilities and liabilities: Contracts should outline what the contractor can and cannot be liable for.
  • Intellectual property ownership: For some sectors, it is key to consider ownership of intellectual property in contractor agreements in order to avoid further issues.

 

How Can I Manage the Risks of Hiring Contractors or Subcontractors?

By adopting a diligent approach to contractor management and making sure your contractor contracts are thoroughly reviewed, companies can easily manage the risks of hiring a freelancer/contractor, meaning that both parties can benefit from the agreement.

From an HMRC perspective, it’s important to make sure you can differentiate yourself from appearing as an employee by stating the contractor status clearly and have the correct documentation in order to keep HMRC off your back. To do so, it’s essential to cater for the IR35 issue within the contract itself.

Do you have all the correct documentation and contract terms in place? Take the first step towards better protection for your business by getting in touch today.

If I can understand then I am more likely to adhere

If I can understand then I am more likely to adhere

Whilst ignorance is not a defence, ignorance can cause confusions which often leads to problems or disputes. Understandably when you are running a small business, avoiding these types of situations is beneficial.

Ignorance of the law as we know is no defence and can often lead to problems and costly legal battles. In short, ignorance is bad for business – which is why having a well-drafted contract written in an accessible style can be a small business best friend.  That awareness is a key skill to obtain when building a business.

A contract written in a style that is readable and understandable is good for your clients, as well as the business. Legalese speak can often confuse clients or customers, and this confusion can lead to a breakdown in communication, non-payment and disputes.  Especially for small businesses, this can lead to serious problems.

Small businesses need to have clarity and transparency, which can be shown through a well-drafted contract that protects both the business and the customer. By taking the time to have this drafted you are helping to sustain your business, by giving your clients trust in you. An understandable contract will go a long way for a client and often encourage them to use you again. They know the terms of the agreement they are entering into and know what is expected of both parties. If they can understand the contract then it encourages them to adhere.

Whilst ignorance from clients will, for the most part, be genuine, some may use it to their advantage. An ambiguous contract gives clients the excuse to act in a negative way, as they cannot understand it. They can use this misunderstanding to avoid their contractual responsibilities.

Understandably, small businesses can often believe that they don’t need a contract, or they are too busy to have one done. A contract won’t always stop disputes happening, but a well-drafted set of terms and conditions will help to prevent them. It allows the business owner to manage risks better if the clients understand the contract.

Making the legalities of a business accessible to clients is good business practice. Businesses should not be interested in clouding disputes with an ambiguous contract, as it wastes precious time and money.

General confusion caused by a misunderstanding can have devastating effects on a small business, and it’s important to try and avoid these situations. Giving your clients a contract they can be read and understood will help to reduce problems, and encourage loyalty. Just think, would you buy something if you weren’t quite sure what you were getting?

Protecting Your Business Against Bad Weather

Want to give your business a more professional appearance? Give your clients peace of mind? Protect your business?

Two words. Bespoke contracts.

It’s prudent to consider what type of contract will best serve your business – why acquire a contract that is unenforceable and doesn’t represent your business.

And with the business world constantly changing it’s vital to have a contract that will withstand change.

Tailored to your business, bespoke contracts can allow you to grow whilst protecting everything you have built.

Planned and considered contracts become relevant during times of dispute; why take the chance and use a contract where you are unaware of the legal and commercial impact on you and your business.

DIY templates are readily available on the internet with prices starting at just £17, which are easily to download and use.

However unlike DIY templates, your business is not mass produced. Every business is unique and therefore needs a set of terms and conditions to match.

A bespoke contract is way of communicating with clients and allows both parties to understand their duties, rights and responsibilities.

 

Ebola Clauses – where do you stand?

As Ebola continues to spread, over 13,000 people have now contracted the deadly disease.

Major airports are operating Ebola screenings for arrivals from Liberia, Sierra Leone and Guinea, but as of yet no shipping ports have followed suit.

The International Maritime Organisation has ordered that all ports are to remain open to allow trading to continue.

This however, is causing uncertainty within the shipping industry especially since deaths in West Africa have totalled 5,000.

Oil, cocoa and minerals are regularly exported from the region and the spread of Ebola is causing legal and financial stress for those companies who work there.

Shipping companies are now adapting their contracts to ensure that they are protected if their vessels are required to dock at affected areas – known as the Ebola Clause.

The Ebola Clause requires that companies chartering the shipping liners must provide protective clothing, pay all medical expenses, find alternative ports if there is a risk of coming into an affected area, and cover financial loss if deliveries are delayed.

By keeping contracts updated this will ensure the safety of workforces and profits – a task that should be adopted by every business.

Contracts should be reviewed and updated for a variety of different reasons such as:

 

  1. To manage finances and avoid falling into difficulty

The Ebola clause is covering any financial difficulties that the shipping industry could fall in to if Ebola affects them. By reviewing your contracts you will be able to adapt or add clauses to contracts that will protect your business as the world evolves.

  1. To ensure the business is in line with all legal requirements

Laws are constantly adapting and changing, especially UK consumer laws; at the moment major reforms are under way with the Consumer Rights Bill due to come into force next year. All businesses must adhere in order to be successful and it may be that your contracts do not reflect the most up to date regulations.

  1. To ensure business relationships are sustained in a way that both parties are aware of their role

By reviewing contracts a business can set out clearly how they expect the relationships to work and cut ties with a relationship that is not beneficial. By doing this a business can be more cost effective.

  1. To protect the business reputation

A review can also help your business reputation. By having a solid contract that is accessible a business can avoid costly disputes, which could damage the brand.

Whether it is Ebola or another uncertainty that may affect your business, you should ensure that you have made sufficient efforts to protect your business.

The time of the techie

The time of the techie

The techie is playing a large part in the UK economy growth.  In the past engineering and electronics were the innovators and they helped grow both the UK and Global economy.  Now the Internet and technology sectors both in the UK and globally are set for huge growth, with more and more small businesses getting to market providing high quality web based solutions or online retail including Apps and software for both businesses and consumers.  An article from the Guardian reported on a Boston Consulting Group report stating figures that showed the internet economy in the UK accounting for 8.3% of GDP. The UK’s closest rivals are South Korea on 7.3% and China on 5.5%, followed by Japan and the US on 4.7% each.  By 2016, the internet economy is forecasted to grow to 12.4% in the UK, contributing some £225bn to the overall UK economy.

With regards online software itself, an article on Forbes.com from last year states some staggering statistics on projected global sales of online software, Software as a Service (SaaS) and cloud-based business application services will grow from $13.4 billion in 2011 to $32.2 billion in 2016, also an IDC report comments that enterprise cloud application revenues reached $22.9B in 2011 and is projected global sales to reach $67.3B by 2016.  IDC also predicts that by 2106, $1 of every $5 will be spent online is spend on cloud-based software and infrastructure.

According to the BBC website the “internet economy” was worth more than the healthcare, construction or education sectors.  The UK also carries out far more retail online than any other major economy.  Some 13.5% of all purchases were done over the internet in 2010, according to BCG, and this is projected to rise to 23% by 2016.

David Reilly, Director at Create Ts and Cs commented, “the techie is a huge focus for us.  Our aim is to communicate with future developers; assisting them to put in place a web based or developer based contract so these important people in our economy are protected when trading. We want the buyers to have confidence and this will come from a sense of protection.  A solid sensible set of terms and conditions that adheres to the law and extends the buyer their rights is one way of increasing that confidence”.

He continues, “We are delivering numerous talks at the University of the West of Scotland, New Start Scotland and a variety of business and university events.  These future businesses require a practical approach to manage contractual risk, so they can contract with both consumers and businesses while adhering to the law and offering the correct protection/rights, (avoiding unfair terms) to both consumers and businesses”.

Evelyn Fitzpatrick a Teaching Fellow at University of The West of Scotland commented “Create Ts and Cs, David Reilly, has given a number of talks on contractual terms and conditions to our UWS Creative Technology students. His talks have been interesting and very well received by students.  David manages to present what is a highly technical subject in a relaxed and engaging style.  He combines content demonstrating legal principles with examples from case studies based on his own experience to give students real insight into the contemporary business world.”

With ICO and trading standards ever vigilant it’s important to protect your business by deploying the correct terms and conditions, offering consumers and business the correct legal rights when trading over the net.   Technologists tend to require a lot of contracts as they generally using freelancers and trade online, offering multiple services.  If techies take the time to deploy the right contracts, it builds the right rapport with the future client whether a consumer or a business and helps the net to expand while offering the correct rights to the purchaser.  The net, arguably will grow and mature (without further regulation) with the correct protection in mind for all concerned.

Create Ts and Cs provide a bespoke set of Terms and Conditions for your business at a fixed price, this unique approach to individualising commercial Terms and Conditions allow Start up and SME sized businesses the opportunity to protect themselves, manage risk and guard against future unnecessary disputes at an affordable price. Download: terms & conditions | privacy policy