We’ve had a data breach – what do we do and who’s going to do it?

Having in place a policy and procedures will make it absolutely clear who is responsible for sorting things out when they go wrong.

We’ve recently provided advice to an organisation that’s had a data breach. They hadn’t done anything wrong but they were the target of a web hack.

A number of people – including us – were involved in rapidly sorting out the response but as the dust began to settle it was clear that there was (and is) a gap at the top of the organisation where the responsibility for data protection and information security should have been.

Policies aren’t necessary in every organisation or in every case but if there are more than a handful of people in your company then the chances are that it will benefit from documentation that makes it clear to everybody (no matter the topic):

  • What is to be done (the required outcome)
  • How the required outcome will be achieved
  • Who is responsible for achieving the required outcome (hint – responsibility should be very closely matched to the authority to make things happen)
  • The roles that others in the organisation must play to help it achieve its required outcomes

Policies bring structure to an organisation and can be very brief and high level documents. They should however mostly be supplemented by procedures which set out the specific actions to be taken in any given circumstance. In the case of the data breach, there was no policy in place setting the required outcomes for the handling of personal data, nor was there a procedure for the action to be taken in the event of a data breach. Had they been in place then it would have been clearly understood who was to be doing what and to what end. The breach might even have been avoided in the first place.

It’s not quite the Story of Everybody, Somebody, Nobody and Everybody but a policy framework can help bring calm when things go wrong.

If you need to find out more about how we can help develop policies for your organisation, not only for keeping data secure, book a free 15-minute initial consultation.

Book a free consultation

Crab Insight September 21

Red Tape Busters Volume 8, Issue 12, `Outsourcing’


Welcome to the September edition of Crab Insight

Now we are into September and the kids are back at school the weather has finally improved and we are all sweltering behind the desk again and it’s time to get back to business.
The Online F2 Business Huddle is back this coming Friday 10 September and we’re looking forward to catching up.
Crimson Crab celebrated ten years in business last month.  Over the last ten years, we’ve helped loads of businesses with their compliance conundrums and data protection difficulties. and look forward to helping more in the future.

Claudia Crab’s September Focus

Claudia the Crimson Crab icon


“If you deprive yourself of outsourcing and your competitors do not, you’re putting yourself out of business.” Ryan Khan – Founder of The Hired Group, author of Hired! The Guide for the Recent Grad, and star of Hired on MTV Networks.

Outsourcing is the business practice of hiring a party outside a company to perform services and create goods that traditionally were performed in-house by the company’s own employees and staff. Outsourcing is a practice usually undertaken by companies as a cost-cutting measure. As such, it can affect a wide range of jobs, ranging from customer support to manufacturing to the back office. Key Points

  • Outsourcing can be used to reduce labour costs, together with the cost of overheads, equipment, and technology.
  • Skill and knowledge gaps can be filled using third party experts.
  • Outsourcing is also used by companies to focus on the core aspects of the business, trusting the less critical operations to outside organisations.
  • On the downside, communication between the company and outside providers can be hard, and security threats can escalate when multiple parties access sensitive and personal data.

To make sure you do everything possible not to get let down by someone else, do your diligence before selecting an outsourcing partner. Our focus is to provide easy ways of carrying out diligence. If you need practical help please do take a look at our solutions:



The big question this month is:

How can I maintain my business reputation when outsourcing services? 

Look out for our social media posts and our blog later in the month as we help you explore this in more detail.
Top tip – Understanding your compliance obligations and responsibilities when outsourcing is crucial, our Business MOT can help


F2 Business Huddle Online

Friday 10 September 2021

12 noon to 2 pm

Future F2 Business Huddle dates for your diary

Friday 8 October 2021

Friday 12 November 2021

Friday 10 December 2021

Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


We love to receive feedback and it really helps us to improve our services for everyone.


Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk  

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Data Protection – Data Minimisation

If you need to collect information about people to deliver your services it’s important to think about data protection before you do it, as this article from the BBC shows.

Collecting information that’s neither relevant nor necessary, or if you’re not making it clear what you’re using the information for, will mean that you’re not applying the data protection principles.

Whether you’re introducing a new app, implementing a CRM system or just using personal data for invoicing, you need to be sure that you can give your potential customers the confidence that you know what you’re doing with their information.

Our top tips are:

  • Understand your responsibilities
  • Identify how the data protection principles relate to the specific activities of your business
  • Don’t make the protection of your customers’ data an afterthought

If you need to find out more about how data protection affects your business, book a free 15-minute initial consultation.

Book a free consultation

How do I know if my company’s website is legally compliant? 

Websites are the online shop window for your business so, whether you sell goods and services directly via the internet or not, first impressions matter most. 

The method to showcase companies like yours on the internet may come in all different forms.

From a contemporary style website to something more traditional-looking, or maybe a platform that is incredibly visual or which perhaps hasn’t any imagery at all, websites need to work for you and – most importantly – your audience. 

Your business website plays an imperative part in building rapport within the minds of prospective clients. 

It also allows people to understand more about who you are, what you do, and how you can help the people engaging with the content which is published. 

But while your website may be aesthetically pleasing and functional for users, it may not actually be legally compliant. 

So, how do you know if your company’s website is legally compliant? We can help with that. 

For your website to be legally compliant you might need: 

  • Data Protection Information

This should be visible to every user on your website. On your forms, for example, you should have a statement that indicates what someone’s data will be used for. People inputting personal data onto your company’s website must know exactly how their data will be processed. 

  • Cookies Policy

Cookies are small blocks of data created by a server on a website while browsing from one site to the next. They play a part in tracking a browsers engagement so that an experience of browsing the web can become more personalised. The policy about the use of Cookies on your website should detail cookies that are being used and their purpose too. They’re usually displayed as pop-ups or other means to obtain consent. 

  • To ensure that people with a disability can use your website

People who access your goods, facilities, or services are protected from discrimination on the basis of disability, says the Equalities Act. 

The law requires that websites are accessible to disabled people, including those who are blind. 

Your business has an obligation to make reasonable adjustments to your website to help disabled individuals access their goods, facilities, and services. 

Website owners can comply with the WCAG 2.0 standard. This is the UK Government recommended best practice for website accessibility. 

  • To make sure that you are not breaching Copyright Law

You must be aware of the copyright of any images or words you use on your website. Get permission, on every occasion, and always credit where credit is due.

Furthermore, it’s imperative to have a Copyright notice on your website – to make it easier to stop others from using your content without permission.

  • To disclose the important information about your business

All the important bits of information about your business, such as the legal entity (the entity that pays tax) using a business name, or with registered companies and partnerships (Ltd, LLP, PLC), the registered office, place of registration and registration number must be disclosed somewhere on your website. 

Many businesses tend to display this information within the footer or the contact section of their website. 

  • How you talk about the service you provide

If your business is providing services you have to disclose certain specified information. Your website is an ideal place to publish these details. Remember to review them periodically to ensure they remain relevant. 

If you are a business that sells goods, services or digital online, otherwise known as retail sales or sales to end-users, you must consider the following points to ensure your website is legally compliant: 

  • Do you comply with general trading law? For example, do you make sure that you don’t engage in unfair commercial practices? If you sell age-sensitive products – such as alcohol, knives, solvents, videos and games do you comply with the rules about who you sell them to? Do you sell products to which safety legislation applies? What about the rules around food businesses and more?
  • Do you know the requirements of the Consumer Contracts Regulations? These rules specify the way that cooling-off periods work during online sales. They also have detailed requirements for the provision of information to the buyer.
  • Do you place additional charges on payments made by card? Well, if you do, you shouldn’t because it’s prohibited.

For further information about how to ensure your company’s website is compliant, get in touch with our expert team today. 

Crab Insight July 2021

Red Tape Busters Volume 8, Issue 10, `Website Compliance’




Welcome to the July edition of Crab Insight

“There’s an old African proverb that says “If you want to go quickly, go alone. If you want to go far, go together.” “ Al Gore

The first of August is the tenth anniversary of Crimson Crab’s formation as a limited company. We are delighted to be celebrating a decade in business. We’ve had some ups and downs over the years and we most certainly would not be celebrating if it were not for the support we have enjoyed from our customers and clients, the Reputation Advocates, our suppliers, and our friends. We have made some great friendships through Crimson Crab and as we say about the F2 Business Huddle “there are no strangers here; only friends you haven’t met yet”. So as Crimson Crab moves into its second-decade lookout for some exciting announcements about the future. In the meantime look after your reputation.   If as a business owner you need assistance getting back on top this month especially with Covid Secure Workplaces please take a look at:

Grounded Safety

Our focus in July is website compliance. Data Protection forms a pivotal part of website compliance and if you need help please do take a look at our solutions:


For fuss-free HR Management you can’t go wrong with:




Claudia Crab’s July Focus

Claudia the Crimson Crab icon

“Website Compliance”

“Your website is the shop window to your business and the world can look in. So too can the regulators.” Robert Briggs DTS compliance specialist.

There are certain things that all websites need to take into account to be legally compliant:

  • Data protection – dealing with all personal data collected, think contact forms, registrations etc.
  • Cookies – telling users about cookies used and their purpose and obtaining informed consent
  • Disclosure – letting people know who they are dealing with without hiding behind a business or trading name and for registered businesses full disclosure
  • Disability discrimination – disabled people including Blind people must not be discriminated against. Businesses must make reasonable adjustments to help disabled individuals access their goods, facilities and services which will mean making their website accessible.

There are additional requirements for online sales to consumers or end-users – (retail):

  • General trading legislation – for example, no unfair commercial practices, rules about the sales of age-sensitive products (e.g. alcohol, knives, solvents, videos & games), sales of products to which safety legislation applies, rules around food businesses, etc 
  • Consumer Contracts Regulations – the regulations specify the way that cooling-off periods for online sales are given and detail requirements about the provision of information. 
  • Card payments – there is a prohibition of additional charges for using such payment methods. 
  • Complaints – there are rules set out by the Consumer Rights Act around the way that complaints are dealt with and the provision of Alternative Dispute Resolution (ADR) and access to the European Commission’s Online Dispute Resolution Platform. 

Although not a legal requirement there are some things that we would strongly recommend are included on a website:

  • Terms of website use – Protect your website and its users with clear and fair website terms and conditions, governing the use of the website and setting out the legal rights and obligations between the owner and users. Key issues such as acceptable use, privacy, registration and passwords, intellectual property, links to other sites, termination and disclaimers of responsibility should be included.
  • Copyright – make sure there is a notice (using the name of the legal entity, not the business/trading name) to protect your intellectual property. It won’t stop unscrupulous people from stealing your IP but it will make it easier to do something about it.  Don’t forget to respect others’ intellectual property or serious consequences may result.
  • Provision of Services – The regulations say that if you are providing services (on or offline) the disclosure of certain specified information is required. A website is an ideal place for this information. 

So our big question this month is:

How do I know if my company’s website is legally compliant? 

Look out for our social media posts and our blog later in the month as we endeavour to answer this. Also our Website MOT may help


Top tip – To understand your compliance obligations and responsibilities you need to know what you need to comply with our Business MOT can help with this


F2 Business Huddle Online

We’re taking a break in August but the F2 Business Huddle Online will be back on Friday 10 September 2021

12 noon to 2 pm

Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo

This months featured Reputation Advocate


Data Wizard Admin logo


Good admin is vital…and that’s what Datawizardadmin delivers!





We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Why should I bother with Terms and Conditions for my business?

It’s fair to say that most consumers would be wrong to claim that they always read the Terms and Conditions before agreeing to use a product or service.

Millions of people across the UK are guilty of failing to read the Terms and Conditions, otherwise known as the boring bits or the small print, and that’s a pretty big deal. But why?

Terms and Conditions act as a legally binding contract between a company and its clients.

The agreement doesn’t only set out the rules and guidelines that must be followed, but it clearly sets out expectations from all sides of the party too.

There can be serious ramifications for companies who trade without Terms and Conditions. This can lead to unwelcomed headaches for customers too.

Within this blog, our spotlight is on some of the top issues Crimson Crab have encountered as a result of companies not having clear Terms and Conditions.


  1. Lack of ability to limit liability. As a business, if you don’t bother having Terms and Conditions, there are all sorts of liability that you may have to accept when you don’t need to.


  1. Difficulties if your client fails to make payment. Without Terms and Conditions, you may find yourself in a costly situation if court action needs to be made due to a client failing to make a payment on the work you have completed. By ensuring they agree to your payment terms within your Terms and Conditions, you’re protecting yourself from unwanted surprises and difficulties in Court.


  1. Unrealistic expectations. Without Terms and Conditions, clients may claim the work you are doing isn’t sufficient and fails to meet their expectations. By drawing up clear and easy-to-understand Terms and Conditions, you’re making it clear what work you will complete for the price agreed.


  1. Misunderstanding about compliance with legislation. Many businesses struggle to understand that Terms and Conditions play an important role in ensuring you are complying with the law including for example Trading Standards legislation. Having a set of Terms and Conditions allows companies to publish essential details, such as its name and address or consumer cancellation rights as required.


  1. Limited ability to protect intellectual property. This is all about protecting the creations of the mind, like inventions, literacy, and artistic work. Without highlighting in your Terms and Conditions the use to which your client may put your intellectual property, people may steal your ideas which could have otherwise been making you money. Setting out your stance on Intellectual Property will reduce the likelihood of this happening and will make it easier to deal with if it does.


There is so much to think about when you are trying to manage your own business, so it’s easy to prioritise another matter over Terms and Conditions.

But by having these you will establish an essential legal binding contract, on your terms as long as they are fair, which can protect you and your clients for years to come.

It’s good practice to regularly review your Terms and Conditions as circumstances can change as can the law, but also how your business operates may change over time.

Whether you are a start-up or an established business, Terms and Conditions are crucially important today more than ever.

At Crimson Crab, we can help with anything related to the Terms and Conditions belonging to your business. From reviewing to drafting your Terms and Conditions, a great starting point is our Business MOT get in touch to take it today.

Crab Insight April 2021

Red Tape Busters Volume 8, Issue 07, `Deal with risk’


Welcome to the April edition of Crab Insight

As lockdown eases we need to move forward with our businesses and identify opportunities for growth or at least to get back to where we were before lockdown.

Beware though every opportunity carries with it some degree of risk.

So, Claudia Crabs focus this month is dealing with risk. It’s important not to lose perspective, don’t sweat the small stuff and ignore the real show stoppers.

HR management,  health and safety management and data protection can all be problematical in their own ways. If you need some practical help please do take a look at some of our solutions:


Claudia Crab’s April Focus

Claudia the Crimson Crab icon

“Deal with risk”

““Opportunities pass by frequently, but people don’t always see them. Taking risks grants you an invisible set of glasses that reveal the many opportunities which surround you.” ― Anas Hamshari, Businessma n With An Affliction

A good starting point is a SWAT. Strengths, weaknesses, Opportunities & Threats analysis In this way, both internal and external factors are identified, remember weaknesses are best thought of as areas for improvement. If you find your self struggling with external factors try using the acronym PESTEL.  This will help you think about the opportunities and threats likely to develop. PESTEL, polictical, economic, social, technological, environmental and legalThe use of a SWAT Matrix helps you identify where:

strengths play to opportunities or reduce threats

weaknesses hold you back or exacerbate threats

SWOT Matrix Once the major areas are identified you can carry out a risk assessment in a systematic way. risk assessment The key is to unpick how you can reduce the likelihood of a high-risk occurrence happening and, or reduce the damage done to the business if it does happen. That way you will be taking responsibility for your businesses strategy by proactively managing risks. You will also be in a better position to deal with issues that crop up as they should not come as a surprise.  This follows Crimson Crabs strapline:

Ethical  |  legal  |  Responsible

So this month we are asking the question:

Does your strategy take account of business risks? 

Look out for our social media posts and our blog later in the month as we will hopefully be able to flesh out your thinking.
Top tip – A great starting point is to understand some of the risks that your business faces and our Business MOT can help with this

F2 Business Huddle Online

Friday 14 May 2021

12 noon to 2 pm



Get your ticket on Eventbrite

Reputation Advocates

When you need a reliable and dependable expert click on the crabAccredited Crimson Crab Reputation Advocate Logo


We love to receive feedback and it really helps us to improve our services for everyone.

Until next month look after your reputation!!

Ethical, legal, responsible trading wave
T:023 9263 7190 | E: enquiries@crimsoncrab.net | W: www.crimsoncrab.co.uk

Copyright (c) 2021 Crimson Crab Ltd, all rights reserved.

Secure your cash flow: Disclose your legal trading entity

Your clients have the legal right to understand exactly who they are dealing with. If they don’t, you could find yourself with agreements being void and not getting paid for the work you do…

Imagine it – business is booming and you have just had one of the strongest quarters to date.

Then suddenly, your customers stop paying and you have no legal way to get your money as a result of not abiding by trading laws and disclosing your legal trading entity.

But what is the legal trading entity?

In a nutshell, it’s the name of the business used for tax purposes. It’s the ‘legal’ name of the person or entity that owns it.

If you’re a sole trader, a plasterer for example, then the legal trading entity of your business is your name with or without your initials or forenames.

So, if your name is Richard James Smith, the legal name for your business could be Richard James Smith, Richard J Smith, Richard Smith R. J. Smith, R Smith or simply Smith.

If you trade under a name which does not include your surname, for example, Phoenix Plastering Services you would have to give your surname to every current or potential client.

For example Smiths Phoenix Plastering Services or Richard Smith trading as Phoenix Plastering Services together with an address at which you can be contacted. In legal parlance an address at which you will accept the service of documents.

For unincorporated partnership in gets a little more complicated as the legal trading name is the last names (with or without initials or forenames) of all of the partners.

For limited liability companies, partnerships and corporations, the business’ legal name is the one that was registered with Companies House including Ltd, LLP, PLC etc. In addition, there are specific disclosure requirements for these types of business including full corporate name, registered office address, registered number and place of registration.

The trade or business name is the name a company uses for advertising and sales purposes. It’s imperative you understand that this is different from the legal trading names previously described.

It’s a legal requirement that your legal trading entity is included on all business documents and their electronic equivalents which include invoices, letters, emails and websites.

If you’re a business that may trade under a different name to your legal trading entity and may be unsure of the rules, get in touch with the Crimson Crab team today.

Essential GDPR Training Package for Front Line Staff

SLCM Business Support Ltd logo



Crimson Crab Limited and SLCM Business Support Limited are pleased to announce the release of their Data Protection / GDPR e-learning package, which gives employees working within businesses the essential knowledge they need to keep their employer on the right side of the law.

The course aims to reduce the risk to businesses of one of their employees causing a breach or other personal data incident which might lead to reputational damage. It’s written in plain English, uses easy to understand terms and requires no prior or deep legal or technical understanding. It will help businesses demonstrate that they are complying with the ‘integrity and confidentiality’ principle[1] of the GDPR,

The package provides for an understanding of:

  1. Some basic definitions used in privacy law
  2. The Data Protection principles
  3. The rights of people whose information is being ‘processed’
  4. The practical things that employees can do day to day to keep data safe.

Successful completion of the course, which takes around 30 minutes, requires that a short, multiple-choice test is passed.

Based on best practice, all the information contained within the training course has been taken from the information provided by either the Information Commissioner’s Office (the ICO) or the National Cyber Security Centre (NCSC).

For more information about this service please email enquiries@crimsoncrab.net

[1] Article 6(1)(f) of the General Data Protection Regulation requires that personal data shall be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).’

Know your customers cancellation rights – they’re a pretty big deal!

Failure to inform your retail customers of their rights to cancel the use of your product or service may have serious ramifications to your business.

Without clarity on cancellation rights, it can become more of a challenge to resolve any disputes which may arise, so it’s important for any business owner (and their team) to clearly set out their company’s approach to cancellations.

In this month’s blog, our focus is on two core areas regarding cancellation rights for consumers. Selling without face to face contact and selling away from your usual trade premises.

If you don’t understand what the law means to your business it may well jeopardise your reputation.

The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

Its name is quite a mouthful but it’s important for any business that deals with consumers to understand how the rules on cancellations work.

A consumer is someone who is buying something for their own use which, means that they are not buying it for their business, or profession.

The law states if a consumer goes to a shop to purchase goods or services, they have no right to cancel a purchase UNLESS they are given rights to do so by the sales contract or any agreement in place. This is often referred to as a Returns Policy. This does not apply where goods are faulty or misdescribed or a service is not provided to a reasonably competent standard.

Cancellation rights apply when a consumer buys something online or through a catalogue or away from the trader’s usual premises, so for example in their home or at a craft fair.

Whether you’re a tradesman providing a service, or an independent business selling telecoms contracts, it’s essential you inform your customers of their rights to cancel when they have one.

By doing this you are making it clear that they can cancel – within the set down 14-day time period – and move on to elsewhere, hassle-free.

It’s worth noting when someone buys something online (the purchaser) they get 14 days to cancel as long as you tell them about their cancellation rights.

If you as the trader fail to tell them and explain how they can be exercised, the purchaser has up to one year to cancel and you have to refund the purchase price, cost of delivery and pay for the return costs in full.

Cancellation must be distinguished from Termination of a contract. This has a very specific legal meaning.

Termination is where someone has breached the conditions of the agreed contract. It’s a get-out clause for either party who have failed to adhere to what was agreed.

It is a criminal offence not to tell a consumer they have cancellation rights if they are completing agreements off-trade premises.

Be sure to tell your clients about their cancellation rights – even more, so where failing to inform them could cost your company money!

To summarise, every business must understand the rights their customers have to cancel and should always clearly share these before any transaction takes place.

For further information about cancellation rights please get in touch.