How long does personal data have to be stored under the data protection law?

The short answer is no longer than necessary.

Personal data will need to be retained for longer in some cases than in others. How long you retain different categories of personal data should be based on individual business needs. A judgement must be made about:

  • the current and future value of the information;
  • the costs, risks and liabilities associated with retaining the information; and
  • the ease or difficulty of making sure it remains accurate and up to date.

There are various legal requirements and professional guidelines about keeping certain kinds of records – such as information needed for income tax and audit purposes, or information on aspects of health and safety. If an organisation keeps personal data to comply with a requirement like this, it will not be considered to have kept the information for longer than necessary.

The CIPD have a great resource regarding HR records which can be found here.

I have to retain accounts for HMRC purposes, especially income tax, for any business / sole trader that has ceased trading within previous years, would they have to comply with data protection in either current or future forms?

It is important to remember that we are only talking about third party personal data under the data protection rules.

If you are holding this as part of your responsibilities then you will need to comply with the Data Protection Act until May 2018 and the GDPR thereafter.

You need to think carefully about the storage and disposal of personal data. 

How can Crimson Crab help…

If I cease trading before the new data protection laws come into play, do I have to comply, or does it only apply to active businesses / sole traders?

The General Data Protection Regulations (GDPR) came into force in May 2016.

There is a two year lead in period to enable businesses to become familiar with the new regime and so the critical date is:

25th May 2018

The law applies to anyone who processes personal data (which includes storage and disposal) in whatever capacity.

How can Crimson Crab help…

Are my terms and conditions suitable?

There are two main issues here:

  1. using terms and conditions that are not bespoke to your business; and
  2. using terms and conditions that are out of date.

Your business’ terms and conditions should:

  • underpin the provision of good, consistent customer service;
  • give clarity of expectations & payment terms;
  • provide protection for all the parties involved;
  • ensure you meet all the legal requirements for your particular business; and
  • minimise legal disputes

If the worst comes to the worst and you end up in dispute with a client or customer, if they are in writing, they provide great evidence of what was agreed in the first place.

How can Crimson Crab help?

We can provide a free no obligation quote for a bespoke set of terms and conditions. Request a quote.

For a small fee we can review your current terms and conditions and give you a no obligation quote if they need amending. Order a review.

If you operate a consultancy we can supply a standard form agreement suitable for your business read more…

 

 

How is the law on Data Protection changing?

The General Data Protection Regulations (GDPR) will apply in the UK from 25th May 2018.

The government has confirmed that the UK’s decision to leave the EU will not affect their commencement.

They apply to ‘controllers’ and ‘processors’. The controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.

Read more…

The fit and proper persons test for charity managers

HMRC has updated its model declaration and help sheet on the fit and proper persons test for individuals who manage charities, etc entitled to UK charity tax reliefs. which is concerned with ensuring that charities are not managed or controlled by individuals who present a risk to the charity’s tax position. The guidance now includes a detailed description of the circumstances in which a charity manager who has used or been involved in the design or promotion of tax avoidance schemes may be deemed not to be fit and proper person.

Employment status

An employment tribunal held that an Excel cycle courier was a worker rather than being in business on their own account, therefore succeeding in their claim for a week’s holiday pay.

The case applies the recent Court of Appeal decision in Pimlico Plumbers Ltd v Smith [2017] EWCA Civ 51.

(Boxer v Excel Group Services Ltd ET/3200365/2016)

How can Crimson Crab help?

Dispute resolution and mediation

The Court of Appeal dismissed a defendants’ appeal against an order requiring them to pay 75% of the claimants’ costs of the claim, despite the overall outcome at trial being less advantageous to the claimants than the defendants’ settlement offer.

This shows the risks of prevarication in relation to mediation.

(Thakkar and another v Patel and another [2017] EWCA Civ 117)

How can Crimson Crab help?

The Fundraising Preference Service

The Fundraising Regulator (FR) is inviting charities, sector professionals and members of the public to give their opinion on different elements of the development of the Fundraising Preference Service (FPS).

Anyone who registers online to take part in the consultation will receive a brief weekly email from the FR asking for feedback on different aspects of the FPS, ranging from function to appearance.