Uncategorised

The General Data Protection Regulation – New Requirements for all businesses

 

European data protection laws are changing and come into force 25^th May 2018.  These new laws will affect all businesses in the UK and the current Data Protection Act (DPA) will be updated to reflect the GDPR obligations.

 

The GDPR is a framework with greater scope, much tougher punishments and judicial remedy for those who fail to comply with new rules around the storage and handling of personal data, be it in physical or electronic format.

 

Why are these new laws being introduced?

Since the DPA was introduced in 1998 technology and the internet have developed at such a rapid rate that these rules are now deemed to be ineffective.  Nowadays, the ease and sophistication of data collection means that thousands of SMEs not only collect personal details, but store, move and access them online.  Personal data is used in everything from sales to customer relationship management to marketing.  Cybercriminals are now much more common.  In 2016, companies in the UK lost more than £1 billion to cybercrime.  Major data breaches have given criminals access to names, birthdates and addresses and even social security and pension information.

 

A recent report from the Federation of Small Businesses (FSB) claims that SMEs are now more likely to be targeted by cybercriminals than their large corporate counterparts and cybercriminals consider SMEs softer targets!

 

The GDPR is considered a necessity for the protection of data in a modern internet, based society.

 

It is also a chance to take a fresh look at your data security as data breaches may impact on your business reputation.

 

What does the GDPR mean for SMEs?

Businesses must keep a detailed record of how and when an individual gives consent to store and use their personal data.  This means a positive agreement and cannot be inferred from a pre-ticked box.  Customers or individuals have the right to withdraw consent.  Details must be permanently erased.

 

This means businesses should review their existing data and delete any that they do not have a valid reason to hold it.  The GDPR sets out the legal bases available for processing personal data such as needing it to perform a business contract.  Businesses should review what data they hold, have they got consent and do they need to keep it?

 

Data should be kept secure and this will require a review of current practices to prevent data breaches.

 

Personal data is a key tool for SMEs looking to target and retain customers: GDPR means it must be handled with the utmost care.

 

You should start planning for the GDPR now and consider an information audit and, for many businesses, a change in culture.

 

How can we help?

We are attaching a checklist of actions you should undertake before 25^th May 2018 to ensure you have a policy for compliance to ensure you have the collect permissions and data is stored as securely as possible.

 

 

 

GDPR PLANNING CHECKLIST

 

The GDPR takes force from 25^th May 2018.  You should start planning so that on that date you can demonstrate compliance with the GDPR.  Businesses are expected to put into place comprehensive but proportionate governance measures.

 

The following checklist will allow you to prepare for the GDPR by documenting existing procedures, looking for areas to strengthen.  You will need to use your judgement to confirm you have proportionate governance measures if you complete the planning yourself or you may choose to use an external consultant.  Document the actions you are planning to take and note the changes.

 

1. Review all data held and ask “why is it held?” and “do you still need it?” and “is it safe?” Make sure you note the different sorts of data you hold e.g. employees, customers, suppliers, third parties;

 

2. Look at the consent procedures as well as privacy notices on your web site and terms of business. Do you get customers to positively agree to you holding their data;

 

3. Document the reasons you hold data e.g. consent, legitimate interests or a legal obligations to collect and process data;

 

4. Plan how you will handle data requests and the right to be forgotten from individuals within the new timescales;

 

5. Look at your processes to keep data safe, identify any problem areas (e.g. data held on mobile devices) and decide how you can reduce the risk of data breaches (e.g. encryption). This will mean looking also at your back-up security of data, computer and passwords and identifying new technology to help you comply with the GDPR;

 

6. Document the procedures you have in place to detect, report and investigate data breaches and let everyone in your business know about your new data protection policy;

 

7. Consider who in your business will be the person responsible for the GDPR and making sure all employees are aware of the new regulations and ensuring compliance.

 

Disclaimer This checklist should not be relied upon as comprehensive guidance but as a reminder of some of the key points of GDPR and users should refer to the Information Commissioner’s Office for more detailed guidance.  Please see www.ico.org.uk   If you require further help with your planning please contact us.

Statutory maternity pay (SMP) must be paid to a pregnant employee who has been continuously employed by the employer for at least 26 weeks, up to the week before the 14th week before the week containing the expected birth. But does this 26 weeks include periods of unpaid work experience?

A firm of solicitors thought their office junior (OJ) was not entitled to SMP, as she was only employed by the firm from 14 August 2015 to 31 December 2015, a period of less than 6 months. However, OJ undertook a year of work experience with the same firm from August 2014 to 13 August 2015. During that period OJ was paid a weekly allowance of £35 by the government body which organised the work experience, and the legal firm voluntarily topped up her money by £15 per week.

[Read more…] about 05/04/2018 – Maternity pay

Taxpayers are now far more aware of their NIC record as it is easy to view when they access their online personal tax account. This will tell the taxpayer if they have any tax years where they have not paid sufficient NIC for the year to qualify as a credit for the state retirement pension.

Where the gaps have arisen in the last six years, they can be completed by paying voluntary class 3 NIC or in some cases class 2 NIC. The last day to pay contributions for 2011/12 would normally be today: 5 April 2018.

[Read more…] about 05/04/2018 – Missing NICs

Statutory maternity pay (SMP) must be paid to a pregnant employee who has been continuously employed by the employer for at least 26 weeks, up to the week before the 14th week before the week containing the expected birth. But does this 26 weeks include periods of unpaid work experience?

A firm of solicitors thought their office junior (OJ) was not entitled to SMP, as she was only employed by the firm from 14 August 2015 to 31 December 2015, a period of less than 6 months. However, OJ undertook a year of work experience with the same firm from August 2014 to 13 August 2015. During that period OJ was paid a weekly allowance of £35 by the government body which organised the work experience, and the legal firm voluntarily topped up her money by £15 per week.

The office manager of the legal firm claimed that OJ did not become an employee until 14 August 2015, but the HMRC showed OJ was on the firm’s payroll from at least April 2015. The firm claimed this was a mistake, but other aspects of OJ’s duties indicated that she was performing real work during the period of work experience and was not just work-shadowing. At no time was OJ provided with an employment contract.

The legal firm also argued that SMP was not due as OJ had not provided proper notice of her pregnancy on the form MAT B1. The tribunal ruled that the from MAT B1 was not necessary for proper notice to be given to the employer, a verbal notice was sufficient.

The lessons from this case are:

• review the terms and conditions for all work experience students;
• only put individuals on the payroll if their pay level requires that; and
• have all employees sign an employment contract.

Written by the Tax Advice Network

Welcome to our monthly newswire. We hope you enjoy reading this newsletter and find it useful.

 

How to use Google Analytics effectively

 

Google Analytics is a free service which allows you to analyse visitors to your website. You could have thousands of visitors to your firm’s website every month, but those visitors don’t mean much if you don’t know anything about them.

[Read more…] about April 2018 – Monthly Newswire

Welcome to our latest monthly tax newswire. We hope you enjoy reading this newsletter and find it useful. Contact us if you wish to discuss any issues further.

 

NO MAJOR TAX CHANGES IN CHANCELLOR’S SPRING STATEMENT

As announced last year, the Chancellor’s Budget will in future take place in the Autumn each year as opposed to the Spring. There was however a Statement by the Chancellor on 13 March, but he made little mention of tax changes, instead choosing to focus on the state of the economy and stating that there is “light at the end of the tunnel”. This contrasts with other recent Chancellors such as Gordon Brown and George Osborne who used both the Spring Budget and Autumn Statement to make announcements of tax changes.

[Read more…] about April 2018 – Monthly Tax E-News