We’ve had a data breach – what do we do and who’s going to do it?

Having in place a policy and procedures will make it absolutely clear who is responsible for sorting things out when they go wrong.

We’ve recently provided advice to an organisation that’s had a data breach. They hadn’t done anything wrong but they were the target of a web hack.

A number of people – including us – were involved in rapidly sorting out the response but as the dust began to settle it was clear that there was (and is) a gap at the top of the organisation where the responsibility for data protection and information security should have been.

Policies aren’t necessary in every organisation or in every case but if there are more than a handful of people in your company then the chances are that it will benefit from documentation that makes it clear to everybody (no matter the topic):

  • What is to be done (the required outcome)
  • How the required outcome will be achieved
  • Who is responsible for achieving the required outcome (hint – responsibility should be very closely matched to the authority to make things happen)
  • The roles that others in the organisation must play to help it achieve its required outcomes

Policies bring structure to an organisation and can be very brief and high level documents. They should however mostly be supplemented by procedures which set out the specific actions to be taken in any given circumstance. In the case of the data breach, there was no policy in place setting the required outcomes for the handling of personal data, nor was there a procedure for the action to be taken in the event of a data breach. Had they been in place then it would have been clearly understood who was to be doing what and to what end. The breach might even have been avoided in the first place.

It’s not quite the Story of Everybody, Somebody, Nobody and Everybody but a policy framework can help bring calm when things go wrong.

If you need to find out more about how we can help develop policies for your organisation, not only for keeping data secure, book a free 15-minute initial consultation.

Book a free consultation

How can I maintain my business reputation when outsourcing services?

The reputation of your business matters. It matters most to your growth and development; if you have a poor reputation in the eyes of clients and prospective customers, you’ll struggle to progress from where you’re currently at.  

But while juggling the busy life of running a business, along with all the other things which may be on your plate, you may look at using the services of an expert to support you with some key business functions.

We’re talking about outsourcing the likes of HR, marketing, accountancy, sales and more.

So, when you find yourself outsourcing key functions of your business, how can you maintain your reputation when it’s somebody else doing the work on your behalf?

In a nutshell, it’s down to ensuring that you carry out ‘due diligence’ – the process of getting hold of all the material information you need in order to make an informed decision.

We’ve listed five questions to ask yourself to help ensure that your outsourcing partner service is not going to damage YOUR business’s reputation.

Do the people behind the company you’re outsourcing to understand you?

Before agreeing to outsource a key service, it’s important that your provider knows about your business’s short, medium, and long-term goals.

With this knowledge, they can ensure that every action they complete is aligned to your business strategy and, if it isn’t, they shouldn’t be doing it.

Sometimes, involving your team (that’s if you have one) in this process can be hugely valuable as their opinion may help your decision making.

Do you understand them?

We’re not talking about knowing everything about them, such as the names of their family or what their favourite food may be, but about whether you understand why they do the job that they do.

Outsourcing is, ultimately, trusting someone to do something for your business that you would be unable to do for yourself and / or do it in a better way. Be sure to understand why the person you’re outsourcing to does what they do, and always check they know what they’re talking about.

Are they experienced in doing what they’re going to do for you?

While we’re touching on ensuring someone knows what they’re talking about, ask for a portfolio of evidence that demonstrates the person you’re outsourcing to has already done what you are asking of them.

It’s no good outsourcing your marketing to someone who has zero experience in this area. Their success stories, and the testimonials off the back of this, will help inform your decision on whether they’re a good match for you.

Beware – people are very good about talking about themselves when they are selling their services to you. Don’t be taken in by them telling you what you want to hear, and ensure you get your questions answered in a comprehensive way.

A demonstratable knowledge of a particular subject, which comes with experience, should be evident in a company selling a quality outsourced service.

How do they compare to their competitors?

Many companies fail to conduct competitor analysis. When looking to outsource a key function of your business, it’s important to compare the market. You need to find the partner that works best for you.

For example, if you’re looking to outsource your company’s HR with an HR expert, take time to look at what their competitors may say too. This will not only help you to identify key elements of their services, but also provide you with the confidence that you’ve chosen the right partner.

Are they trusted by others?

Testimonials and case studies are everything. Without these, you’re leading into an outsourcing partnership blind.

Before agreeing to outsource, ensure that your provider is trusted by others and, even better, trusted by others in the same sector as you.

For more information and support about outsourcing – and to ensure you’re continually protecting your reputation – get in touch with our team today.

Crab Insight September 21

Red Tape Busters Volume 8, Issue 12, `Outsourcing’


Welcome to the September edition of Crab Insight

Now we are into September and the kids are back at school the weather has finally improved and we are all sweltering behind the desk again and it’s time to get back to business.
The Online F2 Business Huddle is back this coming Friday 10 September and we’re looking forward to catching up.
Crimson Crab celebrated ten years in business last month.  Over the last ten years, we’ve helped loads of businesses with their compliance conundrums and data protection difficulties. and look forward to helping more in the future.

Claudia Crab’s September Focus

Claudia the Crimson Crab icon


“If you deprive yourself of outsourcing and your competitors do not, you’re putting yourself out of business.” Ryan Khan – Founder of The Hired Group, author of Hired! The Guide for the Recent Grad, and star of Hired on MTV Networks.

Outsourcing is the business practice of hiring a party outside a company to perform services and create goods that traditionally were performed in-house by the company’s own employees and staff. Outsourcing is a practice usually undertaken by companies as a cost-cutting measure. As such, it can affect a wide range of jobs, ranging from customer support to manufacturing to the back office. Key Points

  • Outsourcing can be used to reduce labour costs, together with the cost of overheads, equipment, and technology.
  • Skill and knowledge gaps can be filled using third party experts.
  • Outsourcing is also used by companies to focus on the core aspects of the business, trusting the less critical operations to outside organisations.
  • On the downside, communication between the company and outside providers can be hard, and security threats can escalate when multiple parties access sensitive and personal data.

To make sure you do everything possible not to get let down by someone else, do your diligence before selecting an outsourcing partner. Our focus is to provide easy ways of carrying out diligence. If you need practical help please do take a look at our solutions:



The big question this month is:

How can I maintain my business reputation when outsourcing services? 

Look out for our social media posts and our blog later in the month as we help you explore this in more detail.
Top tip – Understanding your compliance obligations and responsibilities when outsourcing is crucial, our Business MOT can help


F2 Business Huddle Online

Friday 10 September 2021

12 noon to 2 pm

Future F2 Business Huddle dates for your diary

Friday 8 October 2021

Friday 12 November 2021

Friday 10 December 2021

Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk  

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Data Protection – Data Minimisation

If you need to collect information about people to deliver your services it’s important to think about data protection before you do it, as this article from the BBC shows.

Collecting information that’s neither relevant nor necessary, or if you’re not making it clear what you’re using the information for, will mean that you’re not applying the data protection principles.

Whether you’re introducing a new app, implementing a CRM system or just using personal data for invoicing, you need to be sure that you can give your potential customers the confidence that you know what you’re doing with their information.

Our top tips are:

  • Understand your responsibilities
  • Identify how the data protection principles relate to the specific activities of your business
  • Don’t make the protection of your customers’ data an afterthought

If you need to find out more about how data protection affects your business, book a free 15-minute initial consultation.

Book a free consultation

How do I know if my company’s website is legally compliant? 

Websites are the online shop window for your business so, whether you sell goods and services directly via the internet or not, first impressions matter most. 

The method to showcase companies like yours on the internet may come in all different forms.

From a contemporary style website to something more traditional-looking, or maybe a platform that is incredibly visual or which perhaps hasn’t any imagery at all, websites need to work for you and – most importantly – your audience. 

Your business website plays an imperative part in building rapport within the minds of prospective clients. 

It also allows people to understand more about who you are, what you do, and how you can help the people engaging with the content which is published. 

But while your website may be aesthetically pleasing and functional for users, it may not actually be legally compliant. 

So, how do you know if your company’s website is legally compliant? We can help with that. 

For your website to be legally compliant you might need: 

  • Data Protection Information

This should be visible to every user on your website. On your forms, for example, you should have a statement that indicates what someone’s data will be used for. People inputting personal data onto your company’s website must know exactly how their data will be processed. 

  • Cookies Policy

Cookies are small blocks of data created by a server on a website while browsing from one site to the next. They play a part in tracking a browsers engagement so that an experience of browsing the web can become more personalised. The policy about the use of Cookies on your website should detail cookies that are being used and their purpose too. They’re usually displayed as pop-ups or other means to obtain consent. 

  • To ensure that people with a disability can use your website

People who access your goods, facilities, or services are protected from discrimination on the basis of disability, says the Equalities Act. 

The law requires that websites are accessible to disabled people, including those who are blind. 

Your business has an obligation to make reasonable adjustments to your website to help disabled individuals access their goods, facilities, and services. 

Website owners can comply with the WCAG 2.0 standard. This is the UK Government recommended best practice for website accessibility. 

  • To make sure that you are not breaching Copyright Law

You must be aware of the copyright of any images or words you use on your website. Get permission, on every occasion, and always credit where credit is due.

Furthermore, it’s imperative to have a Copyright notice on your website – to make it easier to stop others from using your content without permission.

  • To disclose the important information about your business

All the important bits of information about your business, such as the legal entity (the entity that pays tax) using a business name, or with registered companies and partnerships (Ltd, LLP, PLC), the registered office, place of registration and registration number must be disclosed somewhere on your website. 

Many businesses tend to display this information within the footer or the contact section of their website. 

  • How you talk about the service you provide

If your business is providing services you have to disclose certain specified information. Your website is an ideal place to publish these details. Remember to review them periodically to ensure they remain relevant. 

If you are a business that sells goods, services or digital online, otherwise known as retail sales or sales to end-users, you must consider the following points to ensure your website is legally compliant: 

  • Do you comply with general trading law? For example, do you make sure that you don’t engage in unfair commercial practices? If you sell age-sensitive products – such as alcohol, knives, solvents, videos and games do you comply with the rules about who you sell them to? Do you sell products to which safety legislation applies? What about the rules around food businesses and more?
  • Do you know the requirements of the Consumer Contracts Regulations? These rules specify the way that cooling-off periods work during online sales. They also have detailed requirements for the provision of information to the buyer.
  • Do you place additional charges on payments made by card? Well, if you do, you shouldn’t because it’s prohibited.

For further information about how to ensure your company’s website is compliant, get in touch with our expert team today. 

Crab Insight July 2021

Red Tape Busters Volume 8, Issue 10, `Website Compliance’




Welcome to the July edition of Crab Insight

“There’s an old African proverb that says “If you want to go quickly, go alone. If you want to go far, go together.” “ Al Gore

The first of August is the tenth anniversary of Crimson Crab’s formation as a limited company. We are delighted to be celebrating a decade in business. We’ve had some ups and downs over the years and we most certainly would not be celebrating if it were not for the support we have enjoyed from our customers and clients, the Reputation Advocates, our suppliers, and our friends. We have made some great friendships through Crimson Crab and as we say about the F2 Business Huddle “there are no strangers here; only friends you haven’t met yet”. So as Crimson Crab moves into its second-decade lookout for some exciting announcements about the future. In the meantime look after your reputation.   If as a business owner you need assistance getting back on top this month especially with Covid Secure Workplaces please take a look at:

Grounded Safety

Our focus in July is website compliance. Data Protection forms a pivotal part of website compliance and if you need help please do take a look at our solutions:


For fuss-free HR Management you can’t go wrong with:




Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“Website Compliance”

“Your website is the shop window to your business and the world can look in. So too can the regulators.” Robert Briggs DTS compliance specialist.

There are certain things that all websites need to take into account to be legally compliant:

  • Data protection – dealing with all personal data collected, think contact forms, registrations etc.
  • Cookies – telling users about cookies used and their purpose and obtaining informed consent
  • Disclosure – letting people know who they are dealing with without hiding behind a business or trading name and for registered businesses full disclosure
  • Disability discrimination – disabled people including Blind people must not be discriminated against. Businesses must make reasonable adjustments to help disabled individuals access their goods, facilities and services which will mean making their website accessible.

There are additional requirements for online sales to consumers or end-users – (retail):

  • General trading legislation – for example, no unfair commercial practices, rules about the sales of age-sensitive products (e.g. alcohol, knives, solvents, videos & games), sales of products to which safety legislation applies, rules around food businesses, etc 
  • Consumer Contracts Regulations – the regulations specify the way that cooling-off periods for online sales are given and detail requirements about the provision of information. 
  • Card payments – there is a prohibition of additional charges for using such payment methods. 
  • Complaints – there are rules set out by the Consumer Rights Act around the way that complaints are dealt with and the provision of Alternative Dispute Resolution (ADR) and access to the European Commission’s Online Dispute Resolution Platform. 

Although not a legal requirement there are some things that we would strongly recommend are included on a website:

  • Terms of website use – Protect your website and its users with clear and fair website terms and conditions, governing the use of the website and setting out the legal rights and obligations between the owner and users. Key issues such as acceptable use, privacy, registration and passwords, intellectual property, links to other sites, termination and disclaimers of responsibility should be included.
  • Copyright – make sure there is a notice (using the name of the legal entity, not the business/trading name) to protect your intellectual property. It won’t stop unscrupulous people from stealing your IP but it will make it easier to do something about it.  Don’t forget to respect others’ intellectual property or serious consequences may result.
  • Provision of Services – The regulations say that if you are providing services (on or offline) the disclosure of certain specified information is required. A website is an ideal place for this information. 

So our big question this month is:

How do I know if my company’s website is legally compliant? 

Look out for our social media posts and our blog later in the month as we endeavour to answer this. Also our Website MOT may help


Top tip – To understand your compliance obligations and responsibilities you need to know what you need to comply with our Business MOT can help with this


F2 Business Huddle Online

We’re taking a break in August but the F2 Business Huddle Online will be back on Friday 10 September 2021

12 noon to 2 pm

Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo

This months featured Reputation Advocate


Data Wizard Admin logo


Good admin is vital…and that’s what Datawizardadmin delivers!





We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Why should I bother with Terms and Conditions for my business?

It’s fair to say that most consumers would be wrong to claim that they always read the Terms and Conditions before agreeing to use a product or service.

Millions of people across the UK are guilty of failing to read the Terms and Conditions, otherwise known as the boring bits or the small print, and that’s a pretty big deal. But why?

Terms and Conditions act as a legally binding contract between a company and its clients.

The agreement doesn’t only set out the rules and guidelines that must be followed, but it clearly sets out expectations from all sides of the party too.

There can be serious ramifications for companies who trade without Terms and Conditions. This can lead to unwelcomed headaches for customers too.

Within this blog, our spotlight is on some of the top issues Crimson Crab have encountered as a result of companies not having clear Terms and Conditions.


  1. Lack of ability to limit liability. As a business, if you don’t bother having Terms and Conditions, there are all sorts of liability that you may have to accept when you don’t need to.


  1. Difficulties if your client fails to make payment. Without Terms and Conditions, you may find yourself in a costly situation if court action needs to be made due to a client failing to make a payment on the work you have completed. By ensuring they agree to your payment terms within your Terms and Conditions, you’re protecting yourself from unwanted surprises and difficulties in Court.


  1. Unrealistic expectations. Without Terms and Conditions, clients may claim the work you are doing isn’t sufficient and fails to meet their expectations. By drawing up clear and easy-to-understand Terms and Conditions, you’re making it clear what work you will complete for the price agreed.


  1. Misunderstanding about compliance with legislation. Many businesses struggle to understand that Terms and Conditions play an important role in ensuring you are complying with the law including for example Trading Standards legislation. Having a set of Terms and Conditions allows companies to publish essential details, such as its name and address or consumer cancellation rights as required.


  1. Limited ability to protect intellectual property. This is all about protecting the creations of the mind, like inventions, literacy, and artistic work. Without highlighting in your Terms and Conditions the use to which your client may put your intellectual property, people may steal your ideas which could have otherwise been making you money. Setting out your stance on Intellectual Property will reduce the likelihood of this happening and will make it easier to deal with if it does.


There is so much to think about when you are trying to manage your own business, so it’s easy to prioritise another matter over Terms and Conditions.

But by having these you will establish an essential legal binding contract, on your terms as long as they are fair, which can protect you and your clients for years to come.

It’s good practice to regularly review your Terms and Conditions as circumstances can change as can the law, but also how your business operates may change over time.

Whether you are a start-up or an established business, Terms and Conditions are crucially important today more than ever.

At Crimson Crab, we can help with anything related to the Terms and Conditions belonging to your business. From reviewing to drafting your Terms and Conditions, a great starting point is our Business MOT get in touch to take it today.

Crab Insight April 2021

Red Tape Busters Volume 8, Issue 07, `Deal with risk’


Welcome to the April edition of Crab Insight

As lockdown eases we need to move forward with our businesses and identify opportunities for growth or at least to get back to where we were before lockdown.

Beware though every opportunity carries with it some degree of risk.

So, Claudia Crabs focus this month is dealing with risk. It’s important not to lose perspective, don’t sweat the small stuff and ignore the real show stoppers.

HR management,  health and safety management and data protection can all be problematical in their own ways. If you need some practical help please do take a look at some of our solutions:


Claudia Crab’s April Focus

Claudia the Crimson Crab icon

“Deal with risk”

““Opportunities pass by frequently, but people don’t always see them. Taking risks grants you an invisible set of glasses that reveal the many opportunities which surround you.” ― Anas Hamshari, Businessma n With An Affliction

A good starting point is a SWAT. Strengths, weaknesses, Opportunities & Threats analysis In this way, both internal and external factors are identified, remember weaknesses are best thought of as areas for improvement. If you find your self struggling with external factors try using the acronym PESTEL.  This will help you think about the opportunities and threats likely to develop. PESTEL, polictical, economic, social, technological, environmental and legalThe use of a SWAT Matrix helps you identify where:

strengths play to opportunities or reduce threats

weaknesses hold you back or exacerbate threats

SWOT Matrix Once the major areas are identified you can carry out a risk assessment in a systematic way. risk assessment The key is to unpick how you can reduce the likelihood of a high-risk occurrence happening and, or reduce the damage done to the business if it does happen. That way you will be taking responsibility for your businesses strategy by proactively managing risks. You will also be in a better position to deal with issues that crop up as they should not come as a surprise.  This follows Crimson Crabs strapline:

Ethical  |  legal  |  Responsible

So this month we are asking the question:

Does your strategy take account of business risks? 

Look out for our social media posts and our blog later in the month as we will hopefully be able to flesh out your thinking.
Top tip – A great starting point is to understand some of the risks that your business faces and our Business MOT can help with this

F2 Business Huddle Online

Friday 14 May 2021

12 noon to 2 pm



Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

How are you following the rules and regulations that affect your business?

The rules and regulations your business is required to follow may differ from one industry to the next.We're open

It’s your responsibility to ensure you are following what’s right for your type of business and that your team are copying your good example too.

Certain organisations are regulated differently. For example, financial services providers, investment firms and consumer credit firms alike are regulated by the Financial Conduct Authority, while care homes and hospitals are monitored by the Care Quality Commission. Food businesses are regulated by the Food Standards Agency and have to be registered with the local authority.

Even though they are three different sectors, they are accountable to a regulatory body that will ensure everything the business does is ethical, responsible and aligned with the law.

So, who are you regulated by and why is this important? Well, it depends. Ultimately, most businesses are regulated by an industry-specific regulator – but other sectors have less regulation.

The industries which aren’t heavily regulated in the UK include cleaning services, plumbing and recruitment.

That doesn’t mean to say that there is a free for all, everyone must follow the various and continually-changing UK rules and regulations set by Parliament, regardless of whether they have an industry-specific regulator or not.

Rules and regulations can be complicated and maybe a challenge to follow, especially if you’re not an expert on this matter.

But there’s a simple way to build on your understanding of how it works – and we call it the Onion Analogy.

There are several layers to rules and regulations and, aligning our explanation to the Onion Analogy, we’re going to uncover three layers.

Layer one of the onion – The regulatory bodies you must follow

These include, but aren’t limited to the Information Commissioner’s Office (ICO), the Advertising Standards Authority (ASA), the Competition and Markets Authority (CMA), the Health and Safety Executive (HSE) and more.

Generally, these bodies give guidance on the area they cover but they also have enforcement powers when it comes to breaches of the law.

Every company – including yours – must follow various authorities if it is to adhere to UK law.

Layer two of the onion – The industry-specific regulatory bodies you are accountable to

Similar to the earlier examples for the financial, health-sector and food sectors, industry-specific regulatory bodies are the organisations that specialise within the area your business works.

Other examples include the Environment Agency (EA), the Solicitors Regulation Authority (SRA), Ofcom, the Gambling Commission and more.

Layer three of the onion – The industry norms. What are others doing which is right? 

The final layer within the Onion Analogy is your industry norms – what are others within your sector doing which is right for your consumers.

It’s impossible for us to give you a definitive answer on whether you are following the rules and regulations for your sector. However, if you’re looking for some expert insight and guidance into whether what you are doing is right or requires improvement, our Business MOT is a great place to start.

Business MOT

Crab Insight March 2021

Red Tape Busters Volume 8, Issue 06, `Regulatory Regimes’


Welcome to the March edition of Crab Insight

So the evenings are drawing out and the clocks spring forward soon. Spring is definitely in the air with crocuses and daffodils in bloom.

Despite this, our focus at Crimson Crab HQ is on regulatory regimes, as they affect all businesses to varying degrees.

HR management, data protection and health and safety management can be problematical so please do take a look at some of our solutions:


Claudia Crab’s March Focus

Claudia the Crimson Crab icon

Regulatory Regimes

“Many people who try to do big bold things in the world find out it’s not about the money or the technology: It’s about the regulatory hurdles that will try and stop you.“ – Peter Diamandis, US Businessman founder and chairman of the X Prize Foundation

There are a vast array of regulators in the UK many of whom have varying impacts on business depending on the industry, from the Care Quality Commission and the Law Society to the Charity Commission and Ofqual.

However, there is a significant number such as the Information Commissioners Office (ICO), the Advertising Standards Authority (ASA) and the Competition and Markets Authority (CMA) which are universal. 

The regulators’ purpose is to ensure there is a level playing field and protect the weaker party in any transaction (which is usually the client or customer).

If a regulator has cause to investigate a business, they will try to demonstrate insufficient control over business processes and procedures.

It makes sense to be in a position to show that you have done everything possible to comply and that you carry out checks to make sure that your procedures work.

That way the regulator will be more likely to help resolve compliance failures, rather than take enforcement action which can prove costly for a business and damaging to its reputation.

This follows Crimson Crabs strapline:

Ethical  |  legal  |  Responsible

How are you following all the rules and regulations that affect your business? 

Look out for our social media posts and our blog later in the month as we will hopefully be able to flesh out your thinking.

Top tip – A great starting point is to understand the regulatory regimes that apply to your business and our Business MOT can help

F2 Business Huddle Online

Friday 12 March 2021

12 noon to 2 pm




Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.