• 0759 004 7669
  • info@barkleylegal.co.uk

You are here: Home / Articles Posted by BarkleyLegal

Archives

Standard

GDPR and Brexit -Are You Prepared?

What has happened to GDPR in Brexit?

First point- GDPR has not gone away. It still applies to all organisations based in the UK. It is now governed by UK GDPR rather than the EU GDPR as before.

So now:

  1. You can transfer personal data to the EU/EEA as before Brexit. (For the uninitiated EEA = EU plus Iceland, Norway, and Liechtenstein).
  2. However, for the transfer the other way EU/EEA it is more complicated. The EU-UK Trade and Cooperation Agreement signed at the death has created a ‘Bridge’ to allow ‘the continued free flow of personal data from the EU/EAA to the UK’ for up to six months.

So, what happens after six months?

Background

 To freely transfer data from the EU to a country outside the EU the country has to be considered to have Adequate provisions in place for the safety of private data. The EU has yet to rule on this. Whilst it should be expected to be no problem as we have just left the EU this cannot be assumed as being automatic as there are potential issues.

Some countries such as New Zealand, Canada and Switzerland have the benefit of their systems being deemed Adequate by the EU and data can flow freely between them and the EU. It is expected that UK will join this category but there is no guarantee this will have been approved by the end of the six months period.

The Information Commissioners Office advises businesses to make alternative arrangements for the end of the six-month period which is not an optimistic sign.

If the six-month period ends and the UK has not been deemed Adequate, then it will become a Third Country for GDPR purposes.

Then data can only be transferred to the UK if Standard Contractual Clauses (SCCs) are in place setting out the obligations of each party to ensure the proper protection of the data.

Businesses are also required to have a representative in the EU in these circumstances and to amend their policies to cover the new situation.

So get prepared.

Standard

Are you a Company or not ?

Many seem to fail to understand what a Company is. Some say they have a company but do not. Some get the accountant to set one up but never really understand what they have created. You should not leave these things to any professional but make sure you as the business owner you understand the details.

1. What is a Company?

It is a newly created legal entity separate from any person .

It is created through Companies House and is given a registered number, address and at least one appointed Director

2. What is the difference from being a sole trader where you are James Brown trading as Preston Homes and being Preston Homes Ltd.

James Brown is personally liable for all debts incurred by Preston Homes. Creditors can take his home and make him bankrupt.

A Company is subject to far more rulesand regulations than a sole trader regarding how the business is run and what tax is paid.

If James Brown is a Director of Preston Homes he is an employee subject to PAYE even if it is his business and he is the sole shareholder and director.

3. Why do accountants tend to advise a new business owner to start as a sole trader?

The record keepingand tax rules are easier.

The tax payable is likely to be lower. A sole trader completes a self assessment tax return setting expenses against income and pays tax on income above their personal allowance. A company pays corporation tax on its profits. The directors are subject to PAYE. Dividends are only tax free up to £2000.PA.

4. What should a business owner choose?

It is a choice for each business owner to take on the individual facts in each case.

The benefit if limited liability for the owner should be balanced against the lower costs and tax benefits of being a sole trader.

They should consider how risky the business is. This is from the inherent nature of the business being carried out eg medical businesses are generally more risky than making cardboard boxes.

This is also how well funded and generally financially sound the business is. You should have a cash flow forecast to make sure you do not run out of money . You should also complete a plan to see that the business product or service is itself very profitable or just marginally so.

You should consider your own circumstances. a single person may be more willing to take a risk than someone with a family.

Ask your accountant what your tax position will be as a sole trader and a company then balance these against the benefit of having limited liability.

5. What legal matters should you consider if there is more than one Director or Shareholder?

Directors as employees need agreement setting out what their role is and what their reimbursments will be

Shareholders need an Agreement setting out what their roles will be , what is done if they wish to sell their shares or a dispute. If you have 50% of the shares each you need a mechanism if you disagree so the business does not grind to a halt.

Every Business Owner needs to know and understand these things. It is your business.

Standard

GDPR – The Myths and the Mess

When General Data Protection Regulation came into force in May 2018 there was much fuss and panic. The powers that be gave little practical advice. Packs of documents were advertised that were far more than a small business would need. IT people suddenly became experts in legal documents . Then of course there is the old faithful of documents being found on the internet.

The Result

Businesses say they have ‘done’ GDPR when it is generally a total mess. So where did it all go wrong ?

  1. GDPR is a new law . Being new there was little practical advice to go with it . As with any new law it needed explanation from people who understood law.
  2. Few businesses needed lots of documents and if they did they certainly needed someone with the expertise to use them.
  3. GDPR is based on certain principles and to comply you need to understand these as they apply to your business.
  4. GDPR documents also need to apply to your specific business and what you do . They need adapting as needed . It is not a question of putting the words in gaps in preprepared so called documents.
  5. GDPR is not just about documents. Proper compliance needs adjustments to your work practices and procedures. Staff need training. Employment contracts and staff handbooks will probably need amending.

So what is there to do apart from documents?

  1. Look at how your business works and ensure you are complying with the principles of GDPR. Understand what legal basis to process data applies to what you do- many do not.
  2. Adapt and amend your working procedures to ensure compliance
  3. Train your staff in the new procedures
  4. Upgrade your security especially online. Cyber-crime is rapidly increasing so does your chances of a data breach with all the problems that brings (including the GDPR ones)
  5. Register with the ICO if your business fits the criteria for registration.
  6. Make sure you and you staff know what to do if there is a breach or any GDPR issue.
  7. Do not sign any GDPR agreement sent to you by another business without fully understanding what you are committing to especially if they are a big powerful company.
  8. If you send data abroad make sure you have the right checks and documents in place.

So if you need a Review of what you have or to start from scratch please contact us info@barkleylegal.co.uk

Standard

Danger- Passwords-10 Tips

Passwords are supposed to ensure that only the correct person or people can access something. In a business context this is generally for a laptop or mobile phone. However in these days of sophisticated cyber criminals a good old password can offer little or no protection against a determined and skilled hacker. However too many businesses are far too laid back in their approach to this problem and putting their business at risk.

What must you consider :

  1. Avoid predictable Passwords- such a family or pet names and family birthdays . Hackers can see your social media and find out details about you.
  2. Avoid the most common Passwords . It is hard to believe that Password and 123456 are very common after all the warnings. Replacing letters with numbers Passw0rd fools no one.
  3. Change the manufacturers default passwords that devices are issued with before they are used. Someone hacked into those home cameras that tell you if you have a burglar because of a failure to do this.
  4. Use two factor authentication (2FA) for important websites such as banking and email . Monitor even this as the best hackers can get past even these.
  5. Make sure all laptops, MACS and PCs use encryption products that require a password of their own.
  6. When available use fingerprint recognition for a mobile devices.
  7. Use strong passwords . All should be longer than eight characters and include a mix of random , letters , number and symbols.
  8. Never reuse Passwords . Every account should have a unique password. Otherwise if a hacker obtains the password they can access every account you have.
  9. Change your Passwords from time to time. Do not have a quarterly cycle that is easily guessed e.g. change spring234 to summer234.
  10. Consider using a password manager . This will put all the passwords in one place and you have to remember one Master Password. The Master Password has to be very strong .

Make sure your staff are properly trained and appreciate the risks you are taking . If you lose your data it will affect everyone – and not in a good way.

Standard

Your Data-10 Important Tips

  1. Your website is under constant attack both within the UK and all around the world. Some nine out of ten login attempts to eCommerce websites are hacking attempts a speaker said recently.
  2. You must assume you will at some point be hacked however careful you are. Being careful obviously reduces the risk of this happening
  3. When you are hacked you need to have everything in place to get back up and running quickly. ie accessible up to date back ups.
  4. Losing data through hacking is a Data Breach that should be reported to the ICO. Repeated breaches would indicate to them you are not acting properly and lead to trouble.
  5. Businesses are tempted not to report breaches in spite of the legal obligation to do so. Employees are even less likely to report breaches they have caused to their employer.You must impress on Employees the importance of proper reporting or the consequences for your business could be very bad.
  6. Some businesses arrange for employees to change passwords every three months as recommended. However if they change in accordance with a four part connected sequence there is no point. Changing Winter24 to Spring24 and then Summer24 is pointless.
  7. Be careful what information you put on your social media. Serious hackers will look at this for a source of information to break passwords and find memorable information . Examples are your Mother’s maiden name ( see your uncles full names), your date of birth, your favourite football team, your pet’s name. Better to use random letters as passwords.
  8. The most used passwords are still 123456 and password- yes really.
  9. Employees can be the weakest link. Some will learn about security. A minority ,unless you are a dreadful employer, will be malicious and intentionally cause trouble especially if leaving. Make sure former employees are instantly deleted from the systems once they go. We often hear of people logging in months after they leave. The vast majority of employees have no bad intent but just get lazy or make a mistake such as clicking a dodgy link that has bad consequences . Training you employees is therefore key and then monitoring them afterwards so they do not slip into bad habits.
  10. Ensure that staff only have access to what data they need to do their work. In the past often everyone could access everything but the more people see more data the greater the risk of a breach. So work out what individual employees need to see then limit them to that. Most modern programmes enable employees access to be limited in this way.

If you need help with this and need advice and a way forward please contact us.

Standard

The Rise of Artificial Intelligence

Have you noticed how Artificial Intelligence has crept up on us all. If you saw Terminator 2 when it came out it all seemed so unreal and futuristic. Now so many aspects of our lives are governed by A.I.

This weekend the Sunday Times had a story about how you would no longer need to produce your passport at every stage at Heathrow. You would go onto a facial recognition system and then be identified at every stage. In the USA apparently you go onto a central system and pop up whenever you go flying. To think people objected to Identity Cards when they can now follow you without you even being aware of this.

In China the use of facial recognition technology is wisely used to keep trace of their citizens. The ‘Sharp Eyes’ system correlates security cameras in public and private places and a national database of faces. At KFC in Hangzhou customers can buy chicken nuggets by smiling at the camera. Chinese police use face recognition to spot suspects and monitor undesirables.

You will have seen the US TV series where people are identified in a moment by running their photo against a data base. Even in the UK police, especially in London ,are using the technology to scan crowds for people of interest. This use will only increase.

We are increasingly warned that many jobs will be lost and replaced by A.I. in the near future. Unlike the past these will include professional and highly trained jobs such as accountancy and legal positions. It is now standard to use A.I. to assess loan and mortgage applications according to set rules. You can be declined without your application ever seeing a human face.

There is increasing concern about the regulation of A.I. As with anything new it takes time for these things to catch up and there is a distinct lack of rules.

There is a tendency to assume that because A.I. is supposedly a mathematical objective process it is never wrong. Who is monitoring the decisions made? Further the decisions are often so complex that a mere human cannot check the decision one way or another.

Some efforts are being made to establish rules on these issues . Some A.I. procedures are covered by GDPR but there is some way to go.

Standard

Interesting facts you can learn at a Cyber Security Conference

The result of an adventure to Manchester:

  1. There are lots of businesses offering new services and products against problems and issues that most businesses do not realize exist let alone need services against. Cyber-crime is the fastest growing crime of all.
  2. The Police want you to report any cyber-crime to them at Action Fraud, They have been criticized for not doing anything but do need to have evidence and records of what is happening. You can do this online or by telephone.and also sign up for alerts. Contact details
    https://www.actionfraud.police.uk.
  3. If fraud causes you to lose money or there is some other loss it should be reported as a crime to the normal Police channels.
  4. It is highly likely that your user names and passwords are for sale on the Dark Web along with lots of other undesirable things. There are 2.2 billion stolen User names with passwords on there
  5. The volume of malicious attacks on your website from all over the world in any day is unbelievably high which is why you need maximum protection. Some 500,000 new malware appear every day of which 75% are only used once.
  6. You need to keep totally up to date with software updates. There can be a short delay when malware appears and the fix is issued but any damage is minimized. If you fall behind then disaster can strike.
  7. People are still too laid back about passwords. Still popular are the old favorites Password and 123456. Even Donald and Football make the top twenty. Passwords should not relate to any information about a person that can be found on the internet such as on Facebook as hackers know how we think and can work out these things. We are not as clever as we think we are.
  8. Businesses are developing new technology but not ensuring the software keeps up . Some CCTV cameras of the type heavily advertised on TV to protect your home were found to be vulnerable to the code being replaced so your feed could be stolen. You could find your self looking at someone else’s baby or front drive on your phone. You should also check how long support for your device will be available as this can be overlooked and once support ends the device can either cease working or be totally exposed

If you need any help with making your business secure please contact usanne@barkleylegal.co.uk

Standard

Asbestos in Commercial Properties- The Risks

Do you know if there is asbestos in your commercial property.? In the past it was a common building material and only recently have the dangers become apparent. It was only banned from buildings in 2000.

In the 1970s Artexed ceilings were all the rage and seen everywhere. Much Artex contained asbestos .If moved or damaged it is dangerous. It was also often used in the construction of buildings due to its insulation effects.

Many taking on a Commercial Lease are not aware of the risks. If they are responsible for repairs and maintenance they are also responsible for any asbestos on the property.

The Law -Control of Asbestos Regulations 2012

These set out rules on how a commercial property should deal with any asbestos. The penalty for non compliance include a fine of up to £20,000 and up to 12 months in prison. If anyone’s health is affected they could sue for far more than this.

Medical Risk – Inhaling fibres causes asbestosis a serious lung disease and lung cancer

What you should do if you have a property built before 2000

  1. Check if asbestos is present
  2. Work out who is responsible for it -you or the landlord -most probably you.
  3. Have any potential asbestos surveyed by someone suitably qualified
  4. Have any potential asbestos analysed properly
  5. Put together a Plan for management of the asbestos.

Tell People – Most important tell anyone who may be affected . This includes your staff and most importantly any tradesmen who may come along and drill holes or attempt to move asbestos material.

Moving asbestos should always be done by a suitably qualified contractor.

The Potential Cost -All this can get very expensive so check what you are taking on before you sign anything.

Do not be tempted to turn a blind eye to any risks. It is dangerous for you and anyone who comes into the property who you will be liable for.

If you are thinking of taking on a commercial property then speak to us for advice.

Standard

Using your own Laptop, Tablets and Smart Phones at Work

Working out of the Office is becoming more and more common .Employers encourage it as it saves them the expense of providing office space for all its employees.

This can be working on the go, working at home or just working from different locations. Many employees use their own equipment for this.

Third Party Contractors are increasingly used and will need access to all the data to do their work properly.However it brings a whole range of risks. Security and confidentiality are essential.

The Advantages of this Include

  1. Employers are saved the cost of supplying the equipment
  2. Employees can use the machine they want eg. with Windows or a Mac
  3. Employees may be more careful with their own equipment
  4. Flexibility to work on the go

Disadvantages

  1. Security and Confidentiality Risks
  2. Good Policies are needed and compliance enforced
  3. Good management required

Important Steps to Take

1.Ensure good password management with training and enforcement

2. Regularly back up systems

3. User to keep systems up to date as no IT department

4. Agree a list of approved apps and services that can be installed as business data must be protected

5. Arrange for any device to be swiped when an employee leaves the business.

So get organised. Contact ainfo@barkleylegal.co.uk

Standard

Doing Business with Big Names- What you should know

If you had the opportunity to do business with a well known name what would you do? These are businesses with large marketing budgets to develop a Brand where you like and trust them. However if you are entering a Business contract with them how far should you trust them?

Points to remember:

  1. Their image of trust is developed for their Consumers not you
  2. They will know that you are unlikely to pay someone to properly check over any documentation you are sent.
  3. They will have standard contracts drafted by skilled lawyers that are very much biased in their favour.
  4. They are highly unlikely to have any sense of being even handed. This is business and they are much bigger and more successful than you are.

There are obviously exceptions to the above but you would be wise to assume the worst and then be delightfully surprised.

I have seen many contracts from large businesses that are on the edge of being legal. They are often resistant to any amendments because ‘that is their contract’. The last such person I argued with had less knowledge and understanding of their own contract than I did because going through it was not what they did.

What to check for:

1. Who the party to the Contract is. Do not assume anything

2. What are the payment terms ? The time for you to be paid will probably be 60 days . The time for you to pay them will be less . Can your business survive such a long delay for payment ?

3. What are the penalties if you are late paying. Most businesses will charge you interest of 8% above base rate once you are late. Large companies will add compensation and costs which if you are finding it hard to pay the original bill make it all even harder.

4. What are delivery terms? When does risk pass? Make sure it is when you receive the goods not before.

5. What Warranty is given? If you deal with Private Individuals you will have to give a warranty whatever to them so make sure the supplier gives you one. If you sell to other businesses they will not be impressed if you cannot give them some warranty about your product.

6. Be careful about them reserving the right to make changes without notice to their Terms of Business- you may not like them and be stuck with them.

Make sure you have all documentation carefully checked by someone who fully understands what it all means. Do not rush to sign . Get your facts then make a measured decision if the contract is right for you and your business. Do not be dazzled by big names.They have power and will use it.

Barkley Legal are happy to go through any documentation and explain it all to you in straightforward language. Please contact us

1 2