A cautionary tale of why you need Terms and Conditions for your business.
We all read about the huge container ship the Ever Given stuck in the Suez Canal apparently due to a bad gust of wind. This blocked the canal for a few days. Over 300 ships were left stuck and waiting for the ship to be refloated. The alternative being a long and expensive diversion around the bottom of Africa.
This happened out of the blue.
What if your goods had been on the Ever Given or one of the other ships delayed and caught up with this. This happened to many businesses waiting for the arrival of their container.
What happened to those businesses waiting for their container? What if they required parts to finish manufacturing a product ? What if they had resold the items in the container to some other business?
Any goods being produced would be delayed.
Any buyer of your goods would not get what they had purchased at the time that had been agreed. They may have resold the goods and so it goes on down the chain. Lots of unhappy people all looking at the person above them for compensation for their losses.
But it was not my fault you say. No one is interested if you had agreed to supply the goods by a certain delivery date. You are liable for breach of contract and payment of damages.
How terms and Conditions can protect you.
- They can specify a delivery date that allows for external problems giving you some leeway.
- They can contain a Force Majeure clause. This mean that you are not in breach if problems are due to a major external cause over which you had no control. This used to be called the ‘Act of God’ clause but is now much wider. The more modern ones allow for problems caused by a pandemic providing cover against Covid 19.
To rely on a Force Majeure it has to be :
- Expressly mentioned in the Contract otherwise it does not apply
- Specify what events your Force Majeure covers as there is no set legal definition.
- The Force Majeure event you rely on must make something physically or legally impossible and not just difficult or unprofitable.
Effects of Force Majeure clause
This depends on what is written in the contract.
Generally it provides for all obligations to be suspended whilst the Force Majeure event continues.
When the Force Majeure event ends the obligations start again to apply.
In some cases, you may provide for the contract to be terminated if the event causing the problem continues for say six months.
What if there is no Force Majeure clause in the Contract- or no contract or Terms and Conditions
If you had a container on the Ever Given you would be in breach of contract if the goods did not arrive in time. No one is interested that it is not your fault. You should have taken the proper steps to protect your business.
What has happened to GDPR in Brexit?
First point- GDPR has not gone away. It still applies to all organisations based in the UK. It is now governed by UK GDPR rather than the EU GDPR as before.
- You can transfer personal data to the EU/EEA as before Brexit. (For the uninitiated EEA = EU plus Iceland, Norway, and Liechtenstein).
- However, for the transfer the other way EU/EEA it is more complicated. The EU-UK Trade and Cooperation Agreement signed at the death has created a ‘Bridge’ to allow ‘the continued free flow of personal data from the EU/EAA to the UK’ for up to six months.
So, what happens after six months?
To freely transfer data from the EU to a country outside the EU the country has to be considered to have Adequate provisions in place for the safety of private data. The EU has yet to rule on this. Whilst it should be expected to be no problem as we have just left the EU this cannot be assumed as being automatic as there are potential issues.
Some countries such as New Zealand, Canada and Switzerland have the benefit of their systems being deemed Adequate by the EU and data can flow freely between them and the EU. It is expected that UK will join this category but there is no guarantee this will have been approved by the end of the six months period.
The Information Commissioners Office advises businesses to make alternative arrangements for the end of the six-month period which is not an optimistic sign.
If the six-month period ends and the UK has not been deemed Adequate, then it will become a Third Country for GDPR purposes.
Then data can only be transferred to the UK if Standard Contractual Clauses (SCCs) are in place setting out the obligations of each party to ensure the proper protection of the data.
Businesses are also required to have a representative in the EU in these circumstances and to amend their policies to cover the new situation.
So get prepared.
Many seem to fail to understand what a Company is. Some say they have a company but do not. Some get the accountant to set one up but never really understand what they have created. You should not leave these things to any professional but make sure you as the business owner you understand the details.
1. What is a Company?
It is a newly created legal entity separate from any person .
It is created through Companies House and is given a registered number, address and at least one appointed Director
2. What is the difference from being a sole trader where you are James Brown trading as Preston Homes and being Preston Homes Ltd.
James Brown is personally liable for all debts incurred by Preston Homes. Creditors can take his home and make him bankrupt.
A Company is subject to far more rulesand regulations than a sole trader regarding how the business is run and what tax is paid.
If James Brown is a Director of Preston Homes he is an employee subject to PAYE even if it is his business and he is the sole shareholder and director.
3. Why do accountants tend to advise a new business owner to start as a sole trader?
The record keepingand tax rules are easier.
The tax payable is likely to be lower. A sole trader completes a self assessment tax return setting expenses against income and pays tax on income above their personal allowance. A company pays corporation tax on its profits. The directors are subject to PAYE. Dividends are only tax free up to £2000.PA.
4. What should a business owner choose?
It is a choice for each business owner to take on the individual facts in each case.
The benefit if limited liability for the owner should be balanced against the lower costs and tax benefits of being a sole trader.
They should consider how risky the business is. This is from the inherent nature of the business being carried out eg medical businesses are generally more risky than making cardboard boxes.
This is also how well funded and generally financially sound the business is. You should have a cash flow forecast to make sure you do not run out of money . You should also complete a plan to see that the business product or service is itself very profitable or just marginally so.
You should consider your own circumstances. a single person may be more willing to take a risk than someone with a family.
Ask your accountant what your tax position will be as a sole trader and a company then balance these against the benefit of having limited liability.
5. What legal matters should you consider if there is more than one Director or Shareholder?
Directors as employees need agreement setting out what their role is and what their reimbursments will be
Shareholders need an Agreement setting out what their roles will be , what is done if they wish to sell their shares or a dispute. If you have 50% of the shares each you need a mechanism if you disagree so the business does not grind to a halt.
Every Business Owner needs to know and understand these things. It is your business.
When General Data Protection Regulation came into force in May 2018 there was much fuss and panic. The powers that be gave little practical advice. Packs of documents were advertised that were far more than a small business would need. IT people suddenly became experts in legal documents . Then of course there is the old faithful of documents being found on the internet.
Businesses say they have ‘done’ GDPR when it is generally a total mess. So where did it all go wrong ?
- GDPR is a new law . Being new there was little practical advice to go with it . As with any new law it needed explanation from people who understood law.
- Few businesses needed lots of documents and if they did they certainly needed someone with the expertise to use them.
- GDPR is based on certain principles and to comply you need to understand these as they apply to your business.
- GDPR documents also need to apply to your specific business and what you do . They need adapting as needed . It is not a question of putting the words in gaps in preprepared so called documents.
- GDPR is not just about documents. Proper compliance needs adjustments to your work practices and procedures. Staff need training. Employment contracts and staff handbooks will probably need amending.
So what is there to do apart from documents?
- Look at how your business works and ensure you are complying with the principles of GDPR. Understand what legal basis to process data applies to what you do- many do not.
- Adapt and amend your working procedures to ensure compliance
- Train your staff in the new procedures
- Upgrade your security especially online. Cyber-crime is rapidly increasing so does your chances of a data breach with all the problems that brings (including the GDPR ones)
- Register with the ICO if your business fits the criteria for registration.
- Make sure you and you staff know what to do if there is a breach or any GDPR issue.
- Do not sign any GDPR agreement sent to you by another business without fully understanding what you are committing to especially if they are a big powerful company.
- If you send data abroad make sure you have the right checks and documents in place.
So if you need a Review of what you have or to start from scratch please contact us email@example.com
Passwords are supposed to ensure that only the correct person or people can access something. In a business context this is generally for a laptop or mobile phone. However in these days of sophisticated cyber criminals a good old password can offer little or no protection against a determined and skilled hacker. However too many businesses are far too laid back in their approach to this problem and putting their business at risk.
What must you consider :
- Avoid predictable Passwords- such a family or pet names and family birthdays . Hackers can see your social media and find out details about you.
- Avoid the most common Passwords . It is hard to believe that Password and 123456 are very common after all the warnings. Replacing letters with numbers Passw0rd fools no one.
- Change the manufacturers default passwords that devices are issued with before they are used. Someone hacked into those home cameras that tell you if you have a burglar because of a failure to do this.
- Use two factor authentication (2FA) for important websites such as banking and email . Monitor even this as the best hackers can get past even these.
- Make sure all laptops, MACS and PCs use encryption products that require a password of their own.
- When available use fingerprint recognition for a mobile devices.
- Use strong passwords . All should be longer than eight characters and include a mix of random , letters , number and symbols.
- Never reuse Passwords . Every account should have a unique password. Otherwise if a hacker obtains the password they can access every account you have.
- Change your Passwords from time to time. Do not have a quarterly cycle that is easily guessed e.g. change spring234 to summer234.
- Consider using a password manager . This will put all the passwords in one place and you have to remember one Master Password. The Master Password has to be very strong .
Make sure your staff are properly trained and appreciate the risks you are taking . If you lose your data it will affect everyone – and not in a good way.
- Your website is under constant attack both within the UK and all around the world. Some nine out of ten login attempts to eCommerce websites are hacking attempts a speaker said recently.
- You must assume you will at some point be hacked however careful you are. Being careful obviously reduces the risk of this happening
- When you are hacked you need to have everything in place to get back up and running quickly. ie accessible up to date back ups.
- Losing data through hacking is a Data Breach that should be reported to the ICO. Repeated breaches would indicate to them you are not acting properly and lead to trouble.
- Businesses are tempted not to report breaches in spite of the legal obligation to do so. Employees are even less likely to report breaches they have caused to their employer.You must impress on Employees the importance of proper reporting or the consequences for your business could be very bad.
- Some businesses arrange for employees to change passwords every three months as recommended. However if they change in accordance with a four part connected sequence there is no point. Changing Winter24 to Spring24 and then Summer24 is pointless.
- Be careful what information you put on your social media. Serious hackers will look at this for a source of information to break passwords and find memorable information . Examples are your Mother’s maiden name ( see your uncles full names), your date of birth, your favourite football team, your pet’s name. Better to use random letters as passwords.
- The most used passwords are still 123456 and password- yes really.
- Employees can be the weakest link. Some will learn about security. A minority ,unless you are a dreadful employer, will be malicious and intentionally cause trouble especially if leaving. Make sure former employees are instantly deleted from the systems once they go. We often hear of people logging in months after they leave. The vast majority of employees have no bad intent but just get lazy or make a mistake such as clicking a dodgy link that has bad consequences . Training you employees is therefore key and then monitoring them afterwards so they do not slip into bad habits.
- Ensure that staff only have access to what data they need to do their work. In the past often everyone could access everything but the more people see more data the greater the risk of a breach. So work out what individual employees need to see then limit them to that. Most modern programmes enable employees access to be limited in this way.
If you need help with this and need advice and a way forward please contact us.
Have you noticed how Artificial Intelligence has crept up on us all. If you saw Terminator 2 when it came out it all seemed so unreal and futuristic. Now so many aspects of our lives are governed by A.I.
This weekend the Sunday Times had a story about how you would no longer need to produce your passport at every stage at Heathrow. You would go onto a facial recognition system and then be identified at every stage. In the USA apparently you go onto a central system and pop up whenever you go flying. To think people objected to Identity Cards when they can now follow you without you even being aware of this.
In China the use of facial recognition technology is wisely used to keep trace of their citizens. The ‘Sharp Eyes’ system correlates security cameras in public and private places and a national database of faces. At KFC in Hangzhou customers can buy chicken nuggets by smiling at the camera. Chinese police use face recognition to spot suspects and monitor undesirables.
You will have seen the US TV series where people are identified in a moment by running their photo against a data base. Even in the UK police, especially in London ,are using the technology to scan crowds for people of interest. This use will only increase.
We are increasingly warned that many jobs will be lost and replaced by A.I. in the near future. Unlike the past these will include professional and highly trained jobs such as accountancy and legal positions. It is now standard to use A.I. to assess loan and mortgage applications according to set rules. You can be declined without your application ever seeing a human face.
There is increasing concern about the regulation of A.I. As with anything new it takes time for these things to catch up and there is a distinct lack of rules.
There is a tendency to assume that because A.I. is supposedly a mathematical objective process it is never wrong. Who is monitoring the decisions made? Further the decisions are often so complex that a mere human cannot check the decision one way or another.
Some efforts are being made to establish rules on these issues . Some A.I. procedures are covered by GDPR but there is some way to go.
The result of an adventure to Manchester:
- There are lots of businesses offering new services and products against problems and issues that most businesses do not realize exist let alone need services against. Cyber-crime is the fastest growing crime of all.
- The Police want you to report any cyber-crime to them at Action Fraud, They have been criticized for not doing anything but do need to have evidence and records of what is happening. You can do this online or by telephone.and also sign up for alerts. Contact details
- If fraud causes you to lose money or there is some other loss it should be reported as a crime to the normal Police channels.
- It is highly likely that your user names and passwords are for sale on the Dark Web along with lots of other undesirable things. There are 2.2 billion stolen User names with passwords on there
- The volume of malicious attacks on your website from all over the world in any day is unbelievably high which is why you need maximum protection. Some 500,000 new malware appear every day of which 75% are only used once.
- You need to keep totally up to date with software updates. There can be a short delay when malware appears and the fix is issued but any damage is minimized. If you fall behind then disaster can strike.
- People are still too laid back about passwords. Still popular are the old favorites Password and 123456. Even Donald and Football make the top twenty. Passwords should not relate to any information about a person that can be found on the internet such as on Facebook as hackers know how we think and can work out these things. We are not as clever as we think we are.
- Businesses are developing new technology but not ensuring the software keeps up . Some CCTV cameras of the type heavily advertised on TV to protect your home were found to be vulnerable to the code being replaced so your feed could be stolen. You could find your self looking at someone else’s baby or front drive on your phone. You should also check how long support for your device will be available as this can be overlooked and once support ends the device can either cease working or be totally exposed
If you need any help with making your business secure please contact firstname.lastname@example.org
Do you know if there is asbestos in your commercial property.? In the past it was a common building material and only recently have the dangers become apparent. It was only banned from buildings in 2000.
In the 1970s Artexed ceilings were all the rage and seen everywhere. Much Artex contained asbestos .If moved or damaged it is dangerous. It was also often used in the construction of buildings due to its insulation effects.
Many taking on a Commercial Lease are not aware of the risks. If they are responsible for repairs and maintenance they are also responsible for any asbestos on the property.
The Law -Control of Asbestos Regulations 2012
These set out rules on how a commercial property should deal with any asbestos. The penalty for non compliance include a fine of up to £20,000 and up to 12 months in prison. If anyone’s health is affected they could sue for far more than this.
Medical Risk – Inhaling fibres causes asbestosis a serious lung disease and lung cancer
What you should do if you have a property built before 2000
- Check if asbestos is present
- Work out who is responsible for it -you or the landlord -most probably you.
- Have any potential asbestos surveyed by someone suitably qualified
- Have any potential asbestos analysed properly
- Put together a Plan for management of the asbestos.
Tell People – Most important tell anyone who may be affected . This includes your staff and most importantly any tradesmen who may come along and drill holes or attempt to move asbestos material.
Moving asbestos should always be done by a suitably qualified contractor.
The Potential Cost -All this can get very expensive so check what you are taking on before you sign anything.
Do not be tempted to turn a blind eye to any risks. It is dangerous for you and anyone who comes into the property who you will be liable for.
If you are thinking of taking on a commercial property then speak to us for advice.