Crab Insight July 2020

Red Tape Busters Volume 7, Issue 10, Profile

Welcome to the July edition of Crab Insight

What has been your biggest learning in recent weeks, and how will this change the way you present yourself to people?

Our word of the month for July is PROFILE, it’s all about how you will present yourself so as to stand out from the crowd in a digital-focused world?

Crimson Crab is on your side and ready to help you meet the challenges ahead.

Stay safe.

Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“A website is a shop window to the world – it is also a great way to showcase breaches of the law”

If you have a website you need to make sure that you comply with the law in the following areas:

Disclosure

You should identify yourself correctly and give an address at which you can be contacted, there are specific requirements for a registered business, (e.g. Ltd, PLC, LLP).

Copyright

It’s imperative that you protect your copyright effectively and make sure that you do not breach other peoples copyright. It makes sense to also have a document setting out the terms of use of the website.

Disability Discrimination

Businesses have an obligation to make reasonable adjustments to help disabled individuals access their goods, facilities and services. The Equalities Act 2010 requires that websites are accessible to disabled people including Blind people. One way of meeting this responsibility is for website owners to comply with the WCAG 2.0 standard at Level AA the UK Governments recommended best practice for accessibility. 

Data Protection

You need to make sure that you comply with the Data Protection laws (including the GDPR) for all contact forms and any personal data collection. You also need to make sure that you have an appropriate Cookies policy detailing the cookies used and their purpose (and for example use a pop-up or other means to obtain ‘consent’).

Provision of Services

If you provide any services on or offline you have to make sure you comply with the Provision of Service Regulations. They require service providers to make available contact details where information requests and complaints can be sent, together with other specified information.  One way of complying is to include the required information on a web page and proactively provide the link to clients when discussing your services.

E-commerce

When using a website for e-commerce purposes then you still need to comply with the law that relates to a bricks and mortar outlet along with some special rules for an online business.

So there must be for example no unfair commercial practices and suitable control of sales of age-sensitive products (e.g. alcohol, tobacco, fireworks, knives, solvents, videos & games). If any products are sold to which safety legislation applies, for example, toys, bicycles, electrical goods the rules have to be followed, as they do when food of any type is sold. 

The Consumer Contracts Regulations require that you provide certain information when selling online, and also require you to tell the customer about their right to cancel the purchase within 14 days (not 7 any more). Failure in this respect can mean that the customer can enjoy a much longer cancellation period (up to 12 months)!

You also have to be careful to comply with the requirements of Card Providers and you cannot make additional charges for using such payment methods.

There are also rules around the way that complaints are dealt with and the provision of access to Alternative Dispute Resolution and the European Commissions Online Dispute Resolution Platform.

Top tip – We can check out your website


F2 Business Huddle Online

The next online F2 Business Huddle is FREE

It’s on Friday 10 July 2020

12 noon to 2 pm

It is going to be the biggest F2 Business Huddle ever – so far

All the favourite features that you have come to know and love at the F2 Business Huddle – online


Reputation Advocates

When you need a reliable and dependable expert click on the crab

Accredited Crimson Crab Reputation Advocate Logo

Feedback

We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2020 Crimson Crab Ltd, all rights reserved.

Data Protection Essentials

Here are 23 questions that you really should know the answers to:

  1. Do you understand what data flows through your business and record:
    • what personal data you hold,
    • where it came from,
    • who you share it with and
    • what you do with it?
  1. Have you recorded at least one of the six legal reasons for processing the data?
    • If you use consent
      • it is good consent,
      • Do you record how it has been given; and
      • Do you record and manage ongoing consent?
    • If you are relying on legitimate interests
      • Have you done the three-part test, and
      • Can you demonstrate that you have fully considered and protected individual’s rights and interests?
  1. Are you are currently registered with the Information Commissioner’s Office?
  1. Do you provide privacy information to individuals, e.g. clients, customers, employees and suppliers?
  1. Can you deal with a Subject Access Request i.e. requests from people to access their personal data within one month?
  1. Do you make sure that the personal data you hold remains accurate and up to date?
  1. Do you securely dispose of personal data that is no longer required or where an individual has asked you to erase it?
  1. Do you know what to do when someone asks you to restrict the processing of their personal data?
  1. Can someone move, copy or transfer their personal data from your system to another safely?
  1. Can you deal with an individual’s objection to the processing of their personal data?
  1. Do you know if you carry out automated decision making and if so, do you have procedures in place to deal with the requirements?
  1. Do you have a data protection policy, and demonstrate your compliance with it?
  1. Do you regularly review the effectiveness of your data handling and security controls?
  1. Do you provide data protection awareness training for all staff?
  1. If you have third parties that process your personal data, do you have a written contract with them which meets the legal requirements?
  1. Do you know the information risks you have and their business impact so that you can manage them in a structured way?
  1. Have you have implemented technical measures and policy to integrate data protection into your data processing?
  1. Do you understand when you must conduct a Data Protection Impact Assessment?
  1. Have you nominated a data protection lead, or a Data Protection Officer if you are required or prefer to? Note this role can be outsourced)?
    • If you have a Data Protection Officer have you notified the Information Commissioner’s Office?
  1. Do you champion a positive culture of data protection compliance in your business?
  1. Do you have an information security policy supported by suitable security measures?
  1. Do you record all personal data breaches no matter how trivial?
    • Can you manage and resolve them?
    • Do you know which must be reported to the Information Commissioner’s Office
    • Do you know which must be reported to the data subject?
  1. Do you know what must be done if any personal data processed by others on your behalf is transferred outside the European Economic Area?

If you don’t know the answers you really had better find out – we can help – take a look at our data protection solutions.

Crab Insight June 2020

Red Tape Busters Volume 7, Issue 09, Restoration

Welcome to the June edition of Crab Insight

Love your business – we do! As companies across the UK prepare for the ‘new normal’ we’ve just made our word of the month ‘Restoration’.

How are you going to restore your services while also taking account of and adapting to what was for most very difficult times?

Remember we are here for you, to help you meet the challenges ahead.

Stay safe.

Claudia Crab’s June Focus

Claudia the Crimson Crab icon

Personal Data Processing

“When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real.”

Elizabeth Denham, Information Commissioner

The Information Commissioner is the UK regulator for data protection and can impose substantial penalties for infringements. Data subjects also have a right to claim compensation if a company has caused the damage by a breach of the rules.

When you collect data you need to be transparent about why you are collecting it and how you will use it. This should be set out in an easy to find (and read) privacy notice or policy.

Where you share data with anyone else you need to make it clear with whom you are sharing it and why.

There are specific requirements and guidance if you outsource your data handling to a third party data processor. You must carry out suitable diligence and have written agreements in place which cover defined points.

If you use CCTV, cloud computing, cookies or engage in direct marketing, to name but a few, there is also specific guidance which must be followed.

Our top tip is if you process personal data, make sure you pay the data protection fee and give the correct privacy information to people, don’t forget employees and suppliers as well as customers and clients.


F2 Business Huddle Online

Location: Your Workstation

The next online F2 Business Huddle is FREE

It’s on Friday 12 June 2020

12 noon to 2 pm

It is going to be the biggest F2 Business Huddle ever – so far

All the favourite features that you have come to know and love at the F2 Business Huddle – online


Reputation Advocates

When you need a reliable and dependable expert click on the crab

Accredited Crimson Crab Reputation Advocate Logo

Feedback

We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2020 Crimson Crab Ltd, all rights reserved.

Why are Terms and Conditions important for my business?

Terms and conditions (T&Cs) – the small print – is understandably not the most exciting of issues for you to focus on, but they are crucial to safeguard your company and its clients.

Trusting peoples word is good, but it’s not enough if things go wrong.

What is the point in having Terms & Conditions for my business? Are they required by law? When did I last read the small print before signing on the dotted line?

Questions like these may be floating around in your head – so let’s clear up some of the negative connotations you may have when it comes to terms & conditions, and work towards building your understanding of their value.

Protect yourself

Even when your terms are written and signed, it doesn’t necessarily make them legally secure. When you are dealing with a non-business customer, according to the Gov.UK website: “A contract term and notice has to be fair to be legally binding on your customer. If it isn’t, they can challenge it – including in court if necessary.” There is also legislation which limits the extent to which one party can avoid liability through the use of exclusion clauses such as disclaimers in any contract.

Terms & conditions which are fair to your client have the power to protect your business if or when someone that has agreed to purchase your services doesn’t stick to what was originally agreed. It would be unwise to provide a service without terms & conditions with thorough but fair terms you will have more of a leg to stand on to protect yourself.

For example, if you sell something online a non-business customer gets a right to cancel the purchase for any reason within fourteen days of delivery. If you don’t tell them about that right they can have a year to cancel. You have to give a full refund including all postage charges.

Protect your clients

Whether you are operating as a B2B or B2C enterprise, nothing you achieve now would be possible without your customers. Every business needs the money to prosper – it’s economics – so why would you not want to protect your clients and reassure them in the process?

When you invest time to write your terms, place yourself in your customers’ shoes and ask yourself about how they may read and access them.

Review your Terms & Conditions

It’s best practice to review terms on a regular basis – perhaps once a year or every time you change an element of your service – make it a part of your annual plan, to ensure they continue to be robust for your business, they are fit for purpose and continue to reassure clients who purchase your product or service.

It’s also worth noting and understanding what ‘force majeure’ means. It’s written into contracts to cover situations where unforeseeable circumstances prevent a person from fulfilling a contract. So – in a nutshell – when something goes pear-shaped your business and clients remain protected.

For more information or to discuss this topic further, get in touch with our team.

Is the fitting of a video doorbell in a home used for business purposes covered by GDPR?

The short answer is “it depends”.

Here is a link to the ICO’s guidance for people using CCTV in a domestic setting https://ico.org.uk/your-data-matters/domestic-cctv-systems-guidance-for-people-using-cctv/.

The second paragraph on this page is the most important one to consider.

Here is a link to the ICO Checklist on the business use of CCTV https://ico.org.uk/for-organisations/data-protectionself-assessment/cctv-checklist/, you will need to consider this particularly if you have clients coming to your home.

Things to think about before Brexit

If you haven’t already thought about it there are some things that you will need to do to prepare your business for Brexit.

Especially if you:

  • import or export goods or services to the EU,
  • exchange personal data (including customers’ addresses, staff working hours or information you give to a delivery company) with an organisation in Europe (this includes using websites or services hosted in Europe & processing personal data from Europe), or
  • you use or rely on intellectual property (IP) protection (this includes copyright, trademarks and patents).

There is a useful step by step guide at https://www.gov.uk/get-ready-brexit-check

Copyright

To put the record straight copyright is an automatic right. Therefore when you produce a creative work you own the copyright in it There are a few exceptions so for example if you have a contract of employment, the contract will generally state that when you are employed the employer owns the copyright of material you produce at work

Copying or adapting someone else’s work is a ‘restricted act’. An adaptation is a ‘derived work’. If someone adapts your work, you still own it. There is no acceptable percentage of changes.

You have every right to object if they publish such a work when you have not given them your permission to do so. You are also entitled to reclaim any money they make from selling your work. They could seek your permission to use the work as the rights owner, however, you will be able to charge a fee and/or royalties for this.

Read more about copyright. If you would like more detailed information about copyright please ask for our Copyright White Paper.

Do we have to have a Data Protection Policy?

There is no specific legal requirement to have a data protection policy under the Data Protection Act 2018 or the General Data Protection Regulations (GDPR).  However, there are some areas where such a document could prove useful.

Documentation

The GDPR contains explicit provisions about documenting your processing activities:

  • You must maintain records on several things such as processing purposes, data sharing and retention.
  • Documentation can help you comply with other aspects of the GDPR and improve your data governance.
  • For small and medium-sized organisations, documentation requirements are limited to certain types of processing activities.

Transparency

In addition, individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under GDPR. You must provide individuals with information including:

  • your purposes for processing their personal data,
  • your retention periods for that personal data, and
  • who it will be shared with

This is called ‘privacy information’. (Some businesses give this information in a “Privacy Policy” found on many websites.)

You must provide privacy information to individuals at the time you collect their personal data from them.

If you obtain personal data from other sources, you must provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.

Using Data Processors

As well as imposing a legal obligation on data controllers (the owner of the data), to formalise their working relationship with data processors in a written contract, they are also responsible for assessing that the processor is competent to process personal data in line with the GDPR’s requirements. Part of this process is to ask to see relevant documentation, such as their privacy policy, record management policy and information security policy.