Acknowledge the risks facing your business and be ready to take action

Our minds can be a powerful tool when it comes to addressing matters which could have a detrimental impact on business.

What’re we talking about? Risk.

The attitude towards the urgency of addressing risks for business often comes too late.

Managing business risks may seem a daunting task – especially when there are countless types of risk out there.

But it’s important to understand not all risks should be approached and managed in the same way. Every case is unique and may require varying actions.

The type of risk you as a business owner may face can alter from one extreme to the next.

These may be:

  • Economic risks
  • Compliance risks
  • Reputation risks
  • Competition, or comfort, risks
  • Security and fraud risks
  • Financial risks
  • Operational risks

Failing to manage risks can affect your reputation and, in some worse cases, sink the company you are invested in. Now that’s something nobody would like to happen.

But tackling risks doesn’t just stop at the initial hurdle of acknowledging them; new risks are frequently appearing within any business so it’s necessary to evaluate and execute risks on a continuous basis.

A policy, process or procedure should be implemented within your business on how you deal with risk when it arises.

It’s no good having an attitude of “this is something we need to sort now as it has been brought to our attention recently” as it’ll be too late to address.

It’s good practice for business people to be proactive towards doing something about the risks a company is faced with before it’s too late.

Don’t be ignorant about the risks you face.

Compliance model – driving the culture of the organisation to be compliant.

Is the fitting of a video doorbell in a home used for business purposes covered by GDPR?

The short answer is “it depends”.

Here is a link to the ICO’s guidance for people using CCTV in a domestic setting https://ico.org.uk/your-data-matters/domestic-cctv-systems-guidance-for-people-using-cctv/.

The second paragraph on this page is the most important one to consider.

Here is a link to the ICO Checklist on the business use of CCTV https://ico.org.uk/for-organisations/data-protectionself-assessment/cctv-checklist/, you will need to consider this particularly if you have clients coming to your home.

Operating Ethically – Do you have an anti-bribery policy?

“Desperate Times Call for Desperate Measures” is the phrase that comes to mind when someone bribes another for their gain in a business context.

Crimson Crab explores bribery and the means to protect your company from this illegal action which can have serious consequences.

So, what is bribery?

The dictionary definition “to bribe a person is to “dishonestly persuade someone to act in one’s favour by a gift of money or other inducement: they attempted to bribe opponents into losing.”

Bribery is unethical. It’s bad for business, can lead to a hefty jail sentence and other unpleasant sanctions.

It is illegal to offer, promise, give, request, agree, receive or accept bribes – an anti-bribery policy can help protect your business.

We hear you, business is important. Whether it’s your own company or one you work for, having a stable model offers an element of security for everyone. Therefore, it’s pretty important you invest in protecting it.

Regards the concern of being affected by bribery, you can safeguard your business with an anti-bribery policy.

Your anti-bribery policy needs to be written with the level of risk your company faces in mind and gives reassurance to your people about what to do in potentially difficult situations.

It should include:

  • Your approach to reducing and controlling the risks of bribery
  • Rules about accepting gifts, hospitality or donations
  • Guidance on how to conduct your business, e.g. negotiating contracts
  • Rules on avoiding or stopping conflicts of interest

Even though it is not a legal requirement to have an anti-bribery policy, you are obliged by law to manage the business risks effectively. That’s why we’d suggest having the policy.

For more information on how to manage business risks – and to discuss anti-bribery policies in detail – please get in touch!

Data from Europe if the UK leaves the EU with no deal

If the UK leaves the EU without a deal and you are a small or medium-sized business or organisation based in the UK that needs to maintain the free flow of personal data into the UK from Europe, you will need to take some action.

Putting in place a contract between you and the sender on EU-approved terms, known as standard contractual clauses (SCCs) will be sufficient in most cases. The contract needs to be in place before the date that the UK leaves the EU without a deal.

If you receive personal data into the UK from the EEA (the EU plus Iceland, Liechtenstein and Norway), you need to:

  1. decide whether standard contractual clauses (SCCs) can help you maintain the flow of data
  2. select the right SCCs.
  3. understand the SCCs.
  4. complete the SCCs.

The ICO has produced an interactive tool to help with these steps.

If you are a larger organisation or multinational company, a data protection professional, or you already have well-established transfer mechanisms, the Information Commissioners Office (ICO) has specific guidance on leaving the EU and on international transfers on their website.

Things to think about before Brexit

If you haven’t already thought about it there are some things that you will need to do to prepare your business for Brexit.

Especially if you:

  • import or export goods or services to the EU,
  • exchange personal data (including customers’ addresses, staff working hours or information you give to a delivery company) with an organisation in Europe (this includes using websites or services hosted in Europe & processing personal data from Europe), or
  • you use or rely on intellectual property (IP) protection (this includes copyright, trademarks and patents).

There is a useful step by step guide at https://www.gov.uk/get-ready-brexit-check