Our minds can be a powerful tool when it comes to addressing matters which could have a detrimental impact on business.
What’re we talking about? Risk.
The attitude towards the urgency of addressing risks for business often comes too late.
Managing business risks may seem a daunting task – especially when there are countless types of risk out there.
But it’s important to understand not all risks should be approached and managed in the same way. Every case is unique and may require varying actions.
The type of risk you as a business owner may face can alter from one extreme to the next.
These may be:
- Economic risks
- Compliance risks
- Reputation risks
- Competition, or comfort, risks
- Security and fraud risks
- Financial risks
- Operational risks
Failing to manage risks can affect your reputation and, in some worse cases, sink the company you are invested in. Now that’s something nobody would like to happen.
But tackling risks doesn’t just stop at the initial hurdle of acknowledging them; new risks are frequently appearing within any business so it’s necessary to evaluate and execute risks on a continuous basis.
A policy, process or procedure should be implemented within your business on how you deal with risk when it arises.
It’s no good having an attitude of “this is something we need to sort now as it has been brought to our attention recently” as it’ll be too late to address.
It’s good practice for business people to be proactive towards doing something about the risks a company is faced with before it’s too late.
Don’t be ignorant about the risks you face.
Compliance model – driving the culture of the organisation to be compliant.
“Desperate Times Call for Desperate Measures” is the phrase that comes to mind when someone bribes another for their gain in a business context.
Crimson Crab explores bribery and the means to protect your company from this illegal action which can have serious consequences.
So, what is bribery?
The dictionary definition “to bribe a person is to “dishonestly persuade someone to act in one’s favour by a gift of money or other inducement: they attempted to bribe opponents into losing.”
Bribery is unethical. It’s bad for business, can lead to a hefty jail sentence and other unpleasant sanctions.
It is illegal to offer, promise, give, request, agree, receive or accept bribes – an anti-bribery policy can help protect your business.
We hear you, business is important. Whether it’s your own company or one you work for, having a stable model offers an element of security for everyone. Therefore, it’s pretty important you invest in protecting it.
Regards the concern of being affected by bribery, you can safeguard your business with an anti-bribery policy.
Your anti-bribery policy needs to be written with the level of risk your company faces in mind and gives reassurance to your people about what to do in potentially difficult situations.
It should include:
- Your approach to reducing and controlling the risks of bribery
- Rules about accepting gifts, hospitality or donations
- Guidance on how to conduct your business, e.g. negotiating contracts
- Rules on avoiding or stopping conflicts of interest
Even though it is not a legal requirement to have an anti-bribery policy, you are obliged by law to manage the business risks effectively. That’s why we’d suggest having the policy.
For more information on how to manage business risks – and to discuss anti-bribery policies in detail – please get in touch!
If the UK leaves the EU without a deal and you are a small or medium-sized business or organisation based in the UK that needs to maintain the free flow of personal data into the UK from Europe, you will need to take some action.
Putting in place a contract between you and the sender on EU-approved terms, known as standard contractual clauses (SCCs) will be sufficient in most cases. The contract needs to be in place before the date that the UK leaves the EU without a deal.
If you receive personal data into the UK from the EEA (the EU plus Iceland, Liechtenstein and Norway), you need to:
- decide whether standard contractual clauses (SCCs) can help you maintain the flow of data
- select the right SCCs.
- understand the SCCs.
- complete the SCCs.
The ICO has produced an interactive tool to help with these steps.
If you are a larger organisation or multinational company, a data protection professional, or you already have well-established transfer mechanisms, the Information Commissioners Office (ICO) has specific guidance on leaving the EU and on international transfers on their website.
If you haven’t already thought about it there are some things that you will need to do to prepare your business for Brexit.
Especially if you:
- import or export goods or services to the EU,
- exchange personal data (including customers’ addresses, staff working hours or information you give to a delivery company) with an organisation in Europe (this includes using websites or services hosted in Europe & processing personal data from Europe), or
- you use or rely on intellectual property (IP) protection (this includes copyright, trademarks and patents).
There is a useful step by step guide at https://www.gov.uk/get-ready-brexit-check
The ICO has issued an enforcement notice to HMRC ordering it to delete personal data it collected unlawfully as part of a Voice ID system.
In an ICO blog post, they explained why they took this action and also what other organisations can do to comply with the law when processing biometric data.
See full ICO Blog Post
All organisations must designate someone to take responsibility for data protection compliance.
Some are required to appoint a Data Protection Officer.
Future thinking organisations are choosing to appoint a DPO, to help regulate their privacy and build a stronger foundation of trust with their customers.
The GDPR allows for organisations to appoint an external DPO based on a service contract.
If you do appoint a DPO you must notify the ICO.
Find out more
You now need to pay the data protection fee.
The old regime of registration has been replaced with the requirement to pay the ICO a data protection fee unless you are exempt.
On payment, your business is added to the public register.
There are three different levels of fee, based on the risks associated with the personal data processing and depends on a variety of factors including how many members of staff you have and your annual turnover.
The ICO has started prosecuting businesses that are not paying the data protection fee.
Find out more