Crab Insight September 21

Red Tape Busters Volume 8, Issue 12, `Outsourcing’

 

Welcome to the September edition of Crab Insight

Now we are into September and the kids are back at school the weather has finally improved and we are all sweltering behind the desk again and it’s time to get back to business.
 
The Online F2 Business Huddle is back this coming Friday 10 September and we’re looking forward to catching up.
 
Crimson Crab celebrated ten years in business last month.  Over the last ten years, we’ve helped loads of businesses with their compliance conundrums and data protection difficulties. and look forward to helping more in the future.
 

Claudia Crab’s September Focus

Claudia the Crimson Crab icon

“Outsourcing”

“If you deprive yourself of outsourcing and your competitors do not, you’re putting yourself out of business.” Ryan Khan – Founder of The Hired Group, author of Hired! The Guide for the Recent Grad, and star of Hired on MTV Networks.

Outsourcing is the business practice of hiring a party outside a company to perform services and create goods that traditionally were performed in-house by the company’s own employees and staff. Outsourcing is a practice usually undertaken by companies as a cost-cutting measure. As such, it can affect a wide range of jobs, ranging from customer support to manufacturing to the back office. Key Points

  • Outsourcing can be used to reduce labour costs, together with the cost of overheads, equipment, and technology.
  • Skill and knowledge gaps can be filled using third party experts.
  • Outsourcing is also used by companies to focus on the core aspects of the business, trusting the less critical operations to outside organisations.
  • On the downside, communication between the company and outside providers can be hard, and security threats can escalate when multiple parties access sensitive and personal data.

To make sure you do everything possible not to get let down by someone else, do your diligence before selecting an outsourcing partner. Our focus is to provide easy ways of carrying out diligence. If you need practical help please do take a look at our solutions:

 

 

The big question this month is:

How can I maintain my business reputation when outsourcing services? 

Look out for our social media posts and our blog later in the month as we help you explore this in more detail.
 
Top tip – Understanding your compliance obligations and responsibilities when outsourcing is crucial, our Business MOT can help

 


F2 Business Huddle Online

Friday 10 September 2021

12 noon to 2 pm

Future F2 Business Huddle dates for your diary

Friday 8 October 2021

Friday 12 November 2021

Friday 10 December 2021

Get your ticket on Eventbrite


Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


Feedback

We love to receive feedback and it really helps us to improve our services for everyone.

 

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk  

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Data Protection – Data Minimisation

If you need to collect information about people to deliver your services it’s important to think about data protection before you do it, as this article from the BBC shows.

Collecting information that’s neither relevant nor necessary, or if you’re not making it clear what you’re using the information for, will mean that you’re not applying the data protection principles.

Whether you’re introducing a new app, implementing a CRM system or just using personal data for invoicing, you need to be sure that you can give your potential customers the confidence that you know what you’re doing with their information.

Our top tips are:

  • Understand your responsibilities
  • Identify how the data protection principles relate to the specific activities of your business
  • Don’t make the protection of your customers’ data an afterthought

If you need to find out more about how data protection affects your business, book a free 15-minute initial consultation.

Book a free consultation

How do I know if my company’s website is legally compliant? 

Websites are the online shop window for your business so, whether you sell goods and services directly via the internet or not, first impressions matter most. 

The method to showcase companies like yours on the internet may come in all different forms.

From a contemporary style website to something more traditional-looking, or maybe a platform that is incredibly visual or which perhaps hasn’t any imagery at all, websites need to work for you and – most importantly – your audience. 

Your business website plays an imperative part in building rapport within the minds of prospective clients. 

It also allows people to understand more about who you are, what you do, and how you can help the people engaging with the content which is published. 

But while your website may be aesthetically pleasing and functional for users, it may not actually be legally compliant. 

So, how do you know if your company’s website is legally compliant? We can help with that. 

For your website to be legally compliant you might need: 

  • Data Protection Information

This should be visible to every user on your website. On your forms, for example, you should have a statement that indicates what someone’s data will be used for. People inputting personal data onto your company’s website must know exactly how their data will be processed. 

  • Cookies Policy

Cookies are small blocks of data created by a server on a website while browsing from one site to the next. They play a part in tracking a browsers engagement so that an experience of browsing the web can become more personalised. The policy about the use of Cookies on your website should detail cookies that are being used and their purpose too. They’re usually displayed as pop-ups or other means to obtain consent. 

  • To ensure that people with a disability can use your website

People who access your goods, facilities, or services are protected from discrimination on the basis of disability, says the Equalities Act. 

The law requires that websites are accessible to disabled people, including those who are blind. 

Your business has an obligation to make reasonable adjustments to your website to help disabled individuals access their goods, facilities, and services. 

Website owners can comply with the WCAG 2.0 standard. This is the UK Government recommended best practice for website accessibility. 

  • To make sure that you are not breaching Copyright Law

You must be aware of the copyright of any images or words you use on your website. Get permission, on every occasion, and always credit where credit is due.

Furthermore, it’s imperative to have a Copyright notice on your website – to make it easier to stop others from using your content without permission.

  • To disclose the important information about your business

All the important bits of information about your business, such as the legal entity (the entity that pays tax) using a business name, or with registered companies and partnerships (Ltd, LLP, PLC), the registered office, place of registration and registration number must be disclosed somewhere on your website. 

Many businesses tend to display this information within the footer or the contact section of their website. 

  • How you talk about the service you provide

If your business is providing services you have to disclose certain specified information. Your website is an ideal place to publish these details. Remember to review them periodically to ensure they remain relevant. 

If you are a business that sells goods, services or digital online, otherwise known as retail sales or sales to end-users, you must consider the following points to ensure your website is legally compliant: 

  • Do you comply with general trading law? For example, do you make sure that you don’t engage in unfair commercial practices? If you sell age-sensitive products – such as alcohol, knives, solvents, videos and games do you comply with the rules about who you sell them to? Do you sell products to which safety legislation applies? What about the rules around food businesses and more?
  • Do you know the requirements of the Consumer Contracts Regulations? These rules specify the way that cooling-off periods work during online sales. They also have detailed requirements for the provision of information to the buyer.
  • Do you place additional charges on payments made by card? Well, if you do, you shouldn’t because it’s prohibited.

For further information about how to ensure your company’s website is compliant, get in touch with our expert team today. 

Crab Insight July 2021

Red Tape Busters Volume 8, Issue 10, `Website Compliance’

 

CRIMSON CRABS TENTH ANNIVERSARY EDITION

 

Welcome to the July edition of Crab Insight

“There’s an old African proverb that says “If you want to go quickly, go alone. If you want to go far, go together.” “ Al Gore

The first of August is the tenth anniversary of Crimson Crab’s formation as a limited company. We are delighted to be celebrating a decade in business. We’ve had some ups and downs over the years and we most certainly would not be celebrating if it were not for the support we have enjoyed from our customers and clients, the Reputation Advocates, our suppliers, and our friends. We have made some great friendships through Crimson Crab and as we say about the F2 Business Huddle “there are no strangers here; only friends you haven’t met yet”. So as Crimson Crab moves into its second-decade lookout for some exciting announcements about the future. In the meantime look after your reputation.   If as a business owner you need assistance getting back on top this month especially with Covid Secure Workplaces please take a look at:

Grounded Safety

Our focus in July is website compliance. Data Protection forms a pivotal part of website compliance and if you need help please do take a look at our solutions:

 

For fuss-free HR Management you can’t go wrong with:

 

 

 

Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“Website Compliance”

“Your website is the shop window to your business and the world can look in. So too can the regulators.” Robert Briggs DTS compliance specialist.

There are certain things that all websites need to take into account to be legally compliant:

  • Data protection – dealing with all personal data collected, think contact forms, registrations etc.
  • Cookies – telling users about cookies used and their purpose and obtaining informed consent
  • Disclosure – letting people know who they are dealing with without hiding behind a business or trading name and for registered businesses full disclosure
  • Disability discrimination – disabled people including Blind people must not be discriminated against. Businesses must make reasonable adjustments to help disabled individuals access their goods, facilities and services which will mean making their website accessible.

There are additional requirements for online sales to consumers or end-users – (retail):

  • General trading legislation – for example, no unfair commercial practices, rules about the sales of age-sensitive products (e.g. alcohol, knives, solvents, videos & games), sales of products to which safety legislation applies, rules around food businesses, etc 
  • Consumer Contracts Regulations – the regulations specify the way that cooling-off periods for online sales are given and detail requirements about the provision of information. 
  • Card payments – there is a prohibition of additional charges for using such payment methods. 
  • Complaints – there are rules set out by the Consumer Rights Act around the way that complaints are dealt with and the provision of Alternative Dispute Resolution (ADR) and access to the European Commission’s Online Dispute Resolution Platform. 

Although not a legal requirement there are some things that we would strongly recommend are included on a website:

  • Terms of website use – Protect your website and its users with clear and fair website terms and conditions, governing the use of the website and setting out the legal rights and obligations between the owner and users. Key issues such as acceptable use, privacy, registration and passwords, intellectual property, links to other sites, termination and disclaimers of responsibility should be included.
  • Copyright – make sure there is a notice (using the name of the legal entity, not the business/trading name) to protect your intellectual property. It won’t stop unscrupulous people from stealing your IP but it will make it easier to do something about it.  Don’t forget to respect others’ intellectual property or serious consequences may result.
  • Provision of Services – The regulations say that if you are providing services (on or offline) the disclosure of certain specified information is required. A website is an ideal place for this information. 

So our big question this month is:

How do I know if my company’s website is legally compliant? 

Look out for our social media posts and our blog later in the month as we endeavour to answer this. Also our Website MOT may help
 

 

Top tip – To understand your compliance obligations and responsibilities you need to know what you need to comply with our Business MOT can help with this

 


F2 Business Huddle Online

We’re taking a break in August but the F2 Business Huddle Online will be back on Friday 10 September 2021

12 noon to 2 pm

Get your ticket on Eventbrite


Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


This months featured Reputation Advocate

 

Data Wizard Admin logo

 

Good admin is vital…and that’s what Datawizardadmin delivers!

 

 

 


 
Feedback

We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Essential GDPR Training Package for Front Line Staff

SLCM Business Support Ltd logo

 

 

Crimson Crab Limited and SLCM Business Support Limited are pleased to announce the release of their Data Protection / GDPR e-learning package, which gives employees working within businesses the essential knowledge they need to keep their employer on the right side of the law.

The course aims to reduce the risk to businesses of one of their employees causing a breach or other personal data incident which might lead to reputational damage. It’s written in plain English, uses easy to understand terms and requires no prior or deep legal or technical understanding. It will help businesses demonstrate that they are complying with the ‘integrity and confidentiality’ principle[1] of the GDPR,

The package provides for an understanding of:

  1. Some basic definitions used in privacy law
  2. The Data Protection principles
  3. The rights of people whose information is being ‘processed’
  4. The practical things that employees can do day to day to keep data safe.

Successful completion of the course, which takes around 30 minutes, requires that a short, multiple-choice test is passed.

Based on best practice, all the information contained within the training course has been taken from the information provided by either the Information Commissioner’s Office (the ICO) or the National Cyber Security Centre (NCSC).

For more information about this service please email enquiries@crimsoncrab.net

[1] Article 6(1)(f) of the General Data Protection Regulation requires that personal data shall be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).’

How to protect the reputation of your business when outsourcing

There are many benefits to outsourcing work, from increased efficiency to cost advantages, it seems a no-brainer to take advantage of another’s skillset when the time is right for your business.

But, if you fail to do the due diligence when outsourcing and something goes wrong, it may cripple your business.

As a responsible businessperson, if you fail to conduct the reasonable steps to avoid a tort or offence within your company and they do arise, you’re at fault.

That’s why we’ve listed some considerations to support you with ensuring you carry out the due diligence and protect the reputation of your business when outsourcing.

  1. Do both sides of the agreement hold the same expectations?

Mismatched expectations can create countless obstacles in business. One way to avoid this from happening is to ensure everything is written down on paper, then agreed and understood by everyone involved with the outsourced work.

  1. Have a contract agreed.

Similar to the expectations have a contract which states what work will be carried out, completed by when and by who, as well as a clear price too. A contract has the power to be a simple reference for a solution to any conflict.

  1. What’s the reputation of the business you are outsourcing work to?

Seems obvious, right? But companies do fail to do their research regarding the reputation of someone who is completing work for them.

If the service someone provides isn’t recommended, why would you use them to support your company? You wouldn’t.

  1. Do they know their health and safety?

If an outsourced service poses a health and safety risk to your workforce and you don’t mitigate it, then if an accident takes place the responsibility falls on your shoulders.

  1. Is the company you’re outsourcing to savvy with data protection?

GDPR – you’ve heard it before and will continue to hear all about it into the future. Why? Because peoples’ personal data matters.

If you’re outsourcing work to someone required to deal with data within your business (making them the processor), for example, the personal details of your clients, then you as the controller are responsible for how the outsourced work is handled. You also need a written contract covering data processing.

  1. Are those claiming to be an expert actually an expert?

If you’re looking to outsource an element of your business, such as HR, then is the person claiming to have the ability to complete the work actually competent in it?

For further details on how to avoid having a negative impact on your business for when you outsource work, get in touch with Crimson Crab.

Crab Insight September 2020

Red Tape Busters Volume 7, Issue 12, Reassurance

Welcome to the September edition of Crab Insight

Our focus this month is on outsourcing. The business practice of engaging an external party to perform services or create goods that traditionally were done in-house by the company’s own employees. 

For example, a business may take the decision to outsource bookkeeping duties or the functions of human resource departments, such as payroll or recruitment, or health and safety activities as doing so may be more cost-effective than retaining an in-house specialist for each area or for a business owner trying to become an expert in each.

When used properly, outsourcing is an effective strategy to reduce expenses, and can even provide a business with a competitive advantage over rivals.

Whatever your outsourcing strategy you need to make sure that the company carrying out the work you require will not present additional risks to your business.

Claudia Crab’s September Focus

Claudia the Crimson Crab icon

To make sure you do everything possible not to get let down by someone else, do your diligence before selecting an outsourcing partner.

Robert Briggs – Compliance Director Crimson Crab

Outsourcing can be used to reduce labour costs, together with the cost of overheads, equipment, and technology.

Skill and knowledge gaps can be filled using third party experts.

Outsourcing may also be used to focus on the core aspects of the business, trusting the less critical operations to outside organisations.

On the downside, communication with the outside provider can be hard, and security threats can escalate when multiple parties access sensitive and personal data.

 

Top tip – A great starting point to find out where you are, is our Business MOT

 

F2 Business Huddle Online

The next FREE

F2 Business Huddle online

is on

Friday 9 October 2020

12 noon to 2 pm

It’s going to be the biggest ever

F2 Business Huddle

so far

All the favourite features that you have come to know and love at the F2 Business Huddle – online


Reputation Advocates

When you need a reliable and dependable expert click on the crab

Accredited Crimson Crab Reputation Advocate Logo
Feedback

We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2020 Crimson Crab Ltd, all rights reserved.

Is my company’s website legal?

Building a website is easy, right? With the click of a few buttons and some vibrant graphics, you’re ready to go. Yes, perhaps, but is it compliant?

Even though your website is your organisation’s shop window, it’s important for it to look good and entice your target audience, it’s also crucial for it to be legally compliant.

But – what does that mean and how can you ensure it is compliant? 

All websites must conform to the Data Protection Act (and GDPR Regulations).

“If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation.”

“Three-quarters of us don’t trust businesses to do the right thing with our emails, phone numbers, preferences and bank details. I find that shocking.”

Elizabeth Denham UK Information Commissioner

Your website is a powerful tool to grow your business – but can also be detrimental to the business if it isn’t compliant.

That’s why our tips are some of the top things to consider when it comes to your company’s website.

Always have a valid reason: Personal information from individuals and organisations can be useful for many reasons – but do you have a valid reason to use it for your intentions? Be clear about WHY you’re collating peoples’ details – and what it’ll be used for. Always give them the opportunity to give you permission in the correct way if you need to.

Security is key: If your website isn’t secure, you’re leaving yourself and your visitors susceptible to hackers and cyber-attacks. Don’t be responsible for this!

Is your privacy information in check? One of the most important documents on your website – above any information about what you sell – should be your privacy notice. Many businesses use a privacy policy, whatever you call it, it must contain specific information about your use and processing of personal data and if it’s not there you are not covered. Feel free to get in touch for more details.

Crab Insight July 2020

Red Tape Busters Volume 7, Issue 10, Profile

Welcome to the July edition of Crab Insight

What has been your biggest learning in recent weeks, and how will this change the way you present yourself to people?

Our word of the month for July is PROFILE, it’s all about how you will present yourself so as to stand out from the crowd in a digital-focused world?

Crimson Crab is on your side and ready to help you meet the challenges ahead.

Stay safe.

Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“A website is a shop window to the world – it is also a great way to showcase breaches of the law”

If you have a website you need to make sure that you comply with the law in the following areas:

Disclosure

You should identify yourself correctly and give an address at which you can be contacted, there are specific requirements for a registered business, (e.g. Ltd, PLC, LLP).

Copyright

It’s imperative that you protect your copyright effectively and make sure that you do not breach other peoples copyright. It makes sense to also have a document setting out the terms of use of the website.

Disability Discrimination

Businesses have an obligation to make reasonable adjustments to help disabled individuals access their goods, facilities and services. The Equalities Act 2010 requires that websites are accessible to disabled people including Blind people. One way of meeting this responsibility is for website owners to comply with the WCAG 2.0 standard at Level AA the UK Governments recommended best practice for accessibility. 

Data Protection

You need to make sure that you comply with the Data Protection laws (including the GDPR) for all contact forms and any personal data collection. You also need to make sure that you have an appropriate Cookies policy detailing the cookies used and their purpose (and for example use a pop-up or other means to obtain ‘consent’).

Provision of Services

If you provide any services on or offline you have to make sure you comply with the Provision of Service Regulations. They require service providers to make available contact details where information requests and complaints can be sent, together with other specified information.  One way of complying is to include the required information on a web page and proactively provide the link to clients when discussing your services.

E-commerce

When using a website for e-commerce purposes then you still need to comply with the law that relates to a bricks and mortar outlet along with some special rules for an online business.

So there must be for example no unfair commercial practices and suitable control of sales of age-sensitive products (e.g. alcohol, tobacco, fireworks, knives, solvents, videos & games). If any products are sold to which safety legislation applies, for example, toys, bicycles, electrical goods the rules have to be followed, as they do when food of any type is sold. 

The Consumer Contracts Regulations require that you provide certain information when selling online, and also require you to tell the customer about their right to cancel the purchase within 14 days (not 7 any more). Failure in this respect can mean that the customer can enjoy a much longer cancellation period (up to 12 months)!

You also have to be careful to comply with the requirements of Card Providers and you cannot make additional charges for using such payment methods.

There are also rules around the way that complaints are dealt with and the provision of access to Alternative Dispute Resolution and the European Commissions Online Dispute Resolution Platform.

Top tip – We can check out your website


F2 Business Huddle Online

The next online F2 Business Huddle is FREE

It’s on Friday 10 July 2020

12 noon to 2 pm

It is going to be the biggest F2 Business Huddle ever – so far

All the favourite features that you have come to know and love at the F2 Business Huddle – online


Reputation Advocates

When you need a reliable and dependable expert click on the crab

Accredited Crimson Crab Reputation Advocate Logo

Feedback

We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2020 Crimson Crab Ltd, all rights reserved.

Data Protection Essential Questions

Data protection essentials, 23 questions do you know all the answers?

  1. Do you understand what data flows through your business and have recorded:
    • what personal data you hold;
    • where it came from;
    • who you share it with; and
    • what you do with it?

  1. Have you recorded at least one of the six legal reasons for processing the data?
    • If you use consent
      • it is good consent;
      • you record how it has been given; and
      • you record and manage ongoing consent.
    • If you are relying on legitimate interests
      • you have done the three-part test; and
      • you can demonstrate that you have fully considered and protected individual’s rights and interests.

  1. Are you are currently registered with the Information Commissioner’s Office?

  1. Do you provide privacy information to individuals, e.g. clients, customers, employees and suppliers?

  1. Can you deal with a Subject Access Request i.e. requests from people to access their personal data within one month?

  1. Do you make sure that the personal data you hold remains accurate and up to date?

  1. Do you securely dispose of personal data that is no longer required or where an individual has asked you to erase it?

  1. Do you know what to do when someone asks you to restrict the processing of their personal data?

  1. Can someone move, copy or transfer their personal data from your system to another safely?

  1. Can you deal with an individual’s objection to the processing of their personal data?

  1. Do you know if you carry out automated decision making and if so, do you have procedures in place to deal with the requirements?

  1. Do you have a data protection policy, and demonstrate your compliance with it?

  1. Do you regularly review the effectiveness of your data handling and security controls?

  1. Do you provide data protection awareness training for all staff?

  1. If you engage third parties to process your businesses personal data on your behalf (e.g. email marketing companies, database providers, cloud-based service providers), do you have a written contract with them which meets the legal requirements and carry out suitable and sufficient diligence?

  1. Do you know the information risks you have and their business impact so that you can manage them in a structured way?

  1. Have you have implemented technical measures and policy to integrate data protection into your data processing?

  1. Do you understand when you must conduct a Data Protection Impact Assessment?

  1. Have you nominated a data protection lead, or a Data Protection Officer (DPO) if required or preferred (note this role can be outsourced)?
    • If you have a DPO have you notified the ICO?

  1. Do you champion a positive culture of data protection compliance in your business?

  1. Do you have an information security policy supported by suitable security measures?

  1. Do you record all personal data breaches no matter how trivial?
    • Can you manage and resolve them?
    • Do you know which must be reported to the ICO?
    • Do you know which must be reported to the data subject?

  1. Do you know what must be done if any personal data processed by others on your behalf is transferred outside the European Economic Area?

If you don’t know an answer you had better find out fast!