Author Archive for Barkley Business Services – Page 2

A New Lease? – the pitfalls

If you are thinking about renting a shop them make sure you understand the terms of the  New Lease.

Make sure it is an asset and not a nightmare

Avoid the Pitfalls. Do not sign what is put in front of you unless you know what you are signing. Otherwise you could be committing yourself to three or more years of paying for  a property that is not what you need for your business which can be  a very expensive mistake.

Five Tips

  1. Make sure you negotiate a Break Clause so that if things do not go as well as you hoped you can end the Lease early. Otherwise unless you can find someone to take over the Lease you will have to pay the rent to the end of the term whatever.
  2. Make sure the Lease covers the area that you expected. Ask for  a plan and check it against the Property
  3. Be aware you will probably be expected to leave the property is a good state of repair. If the property needs work to put it into good repair make sure you fit this into your budget. If it is a problem negotiate with the Landlord . There are various options here.
  4. Check that the planning consent is the right one for the use you want. If not get it changed before you sign any documents.
  5. is there a flat above? Make sure the shop and the flat are totally separate. You do not want the tenant of the flat with the right to wander into your shop or your insurance will be invalid.

GDPR-Can you still use USB sticks?

The Risks

Under the terms of GDPR a business is obliged to keep data/information it holds on behalf of an individual safe and undestroyed. Everyone has become used to putting data on USB sticks and other removable storage then carrying them around in pockets/ bags. They are often taken home.

However USB sticks go missing. In a recent survey from Apricorn over 80% of employees said they had lost an USB stick and not told their employers. Under the new rules if a USB stick goes missing it should be reported to the ICO within 72 hours. Explanations will be required.

The question then is was the information encrypted and if not why not.

It is essential that all businesses think carefully about their procedures and how they use USB sticks, Can they safely be taken out of the building?

New protocols will be needed. Staff will need training. Businesses may decide just to put everything in the cloud and forget about USB sticks altogether as IBM has decided to do.

Important Points to take away:

  1. Care is needed where USB sticks come from. They are often given away at trade shows and not scanned for viruses when used. Businesses should provide any necessary removable storage devices to their employees and ban all others.
  2. All sensitive data on removable devices should be encrypted. If the device could be taken out of the premises then encryption should be considered whatever is on it.
  3. Removable devices should be protected by PINs and passwords.
  4. A policy covering the use of removable devices by employees should be put in place.
  5. Staff should be trained as to what is acceptable and what is not
  6. Removable storage devices should be tracked so that the business knows where they are
  7. Procedures should be put in place to ensure any losses are reported to the employer and the employer reports it to the ICO

A business can lose data through hacking. They should not just give it away on a little stick. Under the new rules more care is needed.

  There are lots of types of removable storage .                    The risks now need managing

GDPR – Important points you may have missed

  1. It does cover Paper Records not just online. They must be kept safely not in a box in the corner and preferably with safe copies elsewhere.
  2. Laptops, desktops are they password protected? Do you have a good antivirus? They must be kept secure.
  3. Is your building secure? Can anyone enter unnoticed? Do you have  a record of visitors ? Are your doors kept locked?
  4. Memory sticks– are they taken off site ? Are they encrypted? The crown prosecution service has been fined over £300.000 for losing CDs of witness statements. You must be extra careful
  5. Is your data backed up properly? You are responsible for avoiding the destruction of data so do not lose it through computer collapse or flood fire etc. 
  6. GDPR says you must delete an individual’s data on request. Be careful as you have a legal obligation to keep your records including your data. HMRC says seven years and it is six years limitation on legal claims.So do not be too keen to delete data and find yourself in a mess elsewhere.
  7. Do not assume that because you are small it does not apply. It applies to all small businesses even those that collect invoices and hand them to their accountant.
  8. GDPR covers all data held by a business and is not just about marketing . It is just that is where all the noise has come from
  9. Fines and standards required will be relative to the business. Small businesses unless extremely bad will just be guided to the proper course. Large companies with big budgets who should know better will be fined.
  10. The ICO is looking for an effort to comply in initial stages. do not worry if you are not perfect.

    Not a cliff edge to fall off or climb.

GDPR Essentials- A Privacy Notice

Under the GDPR rules that come in this May every business that uses data needs Privacy Notice. This is wider than those Privacy Policies many have on their websites as these just relate to the website itself.

The Changes

Your new Notice must relate to all your data that you use or collect in your business. You must also set out the rights of anyone regarding data you hold on them. This includes the right to ask what personal information is held on them. There are strict rules regarding how such questions must be dealt with.

What you must tell anyone whose data you hold
  1. When you collect information
  2. Why you collect data. You must comply with one of the lawful grounds set out in GDPR.
  3. What data you will collect
What steps you will take to keep their data safe

You must ensure you take adequate steps to keep data safe. This includes security on your computer and website against hacking etc. If manual notes are kept these must be kept in a secure location safe from fire or other destruction and theft. Obviously it would be wise to consider more than one copy for manual information.

What you will do with data you hold

This includes how long you will keep any data and why it will be kept for that period. You must be able to justify the length of time under GDPR. Aside from that you need to keep client records for at least six years so you have them should you receive any claims against you and need to defend yourself. Similarly HMRC may investigate you and you may need to show them exactly what work you carried out with details. Think this all through before removing any data.

Sending Privacy Notice to Subscribers/Clients

You are obliged to send a copy of your GDPR compliant Privacy Notice to anyone whose data you hold and this includes subscribers to your website etc.

There is no need to panic about GDPR. They are  a set of rules designed by government officials to control larger companies with lots of marketing staff who send out material in large annoying quantities. The smaller businesses have just been caught up in all this and will be struggling to run their businesses if they comply with the letter of the new regulations. There will therefore be a period of adjustment when it is decided how the rules will actually affect small businesses in practice so they are still able to function.

Not a cliff edge to fall off or climb.