Later this month sees the third annual Devon and Somerset Law Society (DASLS) Legal Awards, recognising the contribution that the South West’s numerous law firms bring to our locality.
Solicitors Title is delighted to have been recognised for the second year running as a go-to firm for corporate and commercial work in this year’s Legal 500 rankings. Legal 500 is an independent directory of
Solicitors Title; a go-to business law firm – latest Legal 500 guide
When the time came to renew our franchise contract we realised we needed specialist knowledge and support in our negotiations with the Franchisor. We were referred to Richard James a Partner in Solicitors Title by a
Renewing WIBN’s Franchise – Pragmatic and Incisive Advice
We have been actively working on GDPR for almost a year now, helping clients and contacts navigate the changes that this new data protection law will bring about. Sadly, many have been misled, remain confused or, despite attending lots of seminars, are still lost as to what to do! Is this you?
With GDPR taking effect one week today, there is little time, but there is time to address and formulate a plan to achieve compliance. And although it is about compliance, in reality it is about setting yourself apart from those of your competitors who will simply choose to do nothing.
In a recent interview on BBC Breakfast, the Information Commission, Elizabeth Denham, said:
“Companies and public bodies are already realising that good business means proper control and responsible control over personal data; that’s what customers demand; that’s what customers need and that’s what citizens expect”, adding that “we will take action against those who are negligence or mis-use personal data.”
By not doing anything, consumers will no doubt read that to mean that a business is not interested in responsibly looking after their information; itself, not good for business.
If you still don’t know where to start, I’ve attached part of our GDPR toolkit that I thought may be useful in dispelling some of the myths and mis-information that you may have heard! We have also been staggered to see businesses saying they are removing people from their e-mail marketing lists if they do not actively consent by 25th May. In many cases this is not necessary and is actively damaging those businesses through a lack of knowledge or having been told something that simply isn’t correct.
If you are looking at these issues but are unsure how to meet the 25th May deadline, our practical toolkit and added support, tailored to the right level depending on the size and type of organisation that you are, will help overcome the question that we keep hearing : ‘but I just don’t know where to start’!
Areas where we are actively helping businesses include:
1. Ensuring contracts are updated to cover GDPR provisions – this is mandatory; not optional;
2. Redrafting privacy and cookie policies and notices, demonstrating transparency;
3. Updating internal procedures, staff policies and handbooks, reflecting new obligations;
4. Advising on the correct approach to marketing, particularly e-mail marketing and using lists; and
5. Assisting, through the remainder of our toolkit, in demonstrating compliance – a key GDPR theme.
Do e-mail or call us now to put in place the steps that you need in time for 25th May. The ICO expect all businesses (not just large ones) to be able to show that they have a plan and are implementing it. So contact us and we can tailor a plan for you, to your needs and budget, in good time.
As consumers, we’re tired; tired of spam, tired of being gamed into receiving marketing that, in fact, we don’t want and tired of companies that have no regard for our values and, indeed, adopting an approach that that might, in fact, lead us to engage more fully with them, if only they could get away from the old-school approach to marketing. Consumers now want engagement; they don’t want to be ‘sold to’ – the goalposts have moved; to a different pitch!
It has been reported this afternoon, that after several days, including a delay due to the company in question not having an available barrister for the hearing, the Information Commissioner (ICO) has the warrant they sought to search the offices of Cambridge Analytica.
The delay highlights the weaknesses, however, of the system designed to protect the personal information and data of individuals – something coming into sharp focus with the onset of the General Data Protection Regulation (GDPR) and the Data Protection Bill, currently moving through Parliament, that will deal with related matters and those at the behest of nation states, that will govern the UK’s data protection regime going forward.
After May, it is hoped that the UK regulator will have stronger powers to better protect the personal information of data subjects, as companies and businesses continue to prepare for the new rules – our own approach and practical workshops around Data Protection Advice have focused on the competitive advantages for business in fully embracing a Privacy by Design approach throughout their organisations – something we suspect that consumers (particularly given the light being shone on these issues as a result of the misuse of Facebook data within this case) will themselves embrace, exercising their stronger and new-found data protection rights.
Terrance Murray is an experienced scaffolder and therefore presumably thought it was ok to take a risk; after all, as he might have thought, the likelihood of something going wrong would be low.
60ft from the ground, he was wearing his safety harness, whilst working from scaffolding set against a building in Manchester. The Problem? It was not attached to anything; he got down ok but the risks to those around him were captured by a retired health and safety inspector, who photographed his antics. The Result? He now faces jail for admitting breaches of the Health and Safety at Work Act.
The work was being undertaken at the rear of Sunlight House, a Grade II listed building on Quay Street in the City.
He was witnessed walking on planks with no side rail that might prevent a fall. The potential for life-threatening injuries were therefore significant, whether to him, his apprentice whom had been working below or members of the public on the ground.
Following the hearing, an HM inspector of health and safety said: “The potential for his actions was the death of a young man. This is a situation which could easily have been avoided. He had all the right equipment.”
Mr Murray, now facing jail, had not appreciated the significance of his actions but of course in such serious circumstances, there will be no leeway to him. The judge, at Salford Magistrates’ Court recommended he get himself a lawyer when the case comes before the court.
With the onset of GDPR, replacing the UK Data Protection Act 1998 in May, the adoption of health and safety requirements as the default position on construction sites and other business premises is of course the norm these days. The General Data protection Regulation and its requirements will, no doubt, follow a similar path. Failing to deal with and indeed embrace GDPR, taking a positive approach to good data management, as the default position in your business, will likewise be the norm; why not get ahead and gain competitive advantage now? Take a look at Our Data Protection Advice concerning Data Management, the DPA 1998 and under the upcoming GDPR for businesses, those involved in franchising, the tech sector, care homes and even other law firms! If you are yet to complete or even start your GDPR journey, call us to see how our range of packages, workshops and in-house advice can assist you before 25 May 2018.
As awareness began to climb around GDPR, towards the end of last year, the media had focussed on the headline-grabbing fines that might be levied for those businesses found to be non-compliant – headline-grabbing indeed; but not reality for most businesses subject to GDPR. In fact, Elizabeth Denham, the UK’s Information Commissioner herself warned last December of ‘scaremongering because of misconceptions.’
Although our offices are closed, due to the severe weather, we remain available to our clients and contacts.
As a result of our major IT upgrade last year, we have full remote availability to our systems, wherever we are, meaning that there should be limited disruption to our services today. Our offices, however, are closed and therefore for best contact information, please e-mail your usual contact, who can reply or call you back, rather than calling our usual telephone numbers.
We thank you for your understanding and hope everyone remains safe and secure.
Best wishes from all of the Team at Solicitors Title.
Later this month sees the third annual Devon and Somerset Law Society (DASLS) Legal Awards, recognising the contribution that the South West’s numerous law firms bring to our locality.
In total 12 awards are being hotly contested, recognising both individuals and firms themselves, across a range of categories which include Client Experience, Corporate Social Responsibility and even Legal ‘Hero’ of the Year! In addition to these, firms of different sizes are also recognised for their overall success. In the 1-10 partner category, Solicitors Title, based in the City’s iconic Gandy Street, is again shortlisted, having been nominated for the same award at the inaugural event in 2016.
Perhaps fitting, given Solicitors Title celebrates its 20th Anniversary this year. Originally set up as a property-focussed firm, with a new focus on the home-buying process, back in 1998, today, a focus on business and the people that own, grow and run them is the focus – from start-ups to some of the South West’s well-known names. Having expanded into Somerset some 5 years’ ago and in 2016 achieving recognition nationally for its corporate and commercial work by independent directory Legal 500, Solicitors Title certainly punches above its weight.
With a focus on certain sectors, not associated with many of its competitors, the firm is able to differentiate itself from more traditional firms. Technology law, franchising and complex property advice accounts for much of the firm’s work; and keeping their clients up-to-date on the topics that matter is key – feedback from recent events on GDPR – the new data protection code coming in from May this year – has been really positive, reflecting more of a practical approach to advice; being part of your own team rather than a service provider that you hire when things have gone wrong!
The awards evening is supported by headline sponsor SOS, a specialist legal software company.
Recognised alongside Solicitors Title in the Best Law Firm 1-10 Partners category, will be Boyce Hatton, Rosie Bracher, Cartridges Law and Beviss & Beckingsale. The awards dinner is being held in March.
As reported in recent days, many KFC outlets remain closed across the country, due to problems with a new supplier; what it has called “teething problems”, but whatever the reason, KFC’s predicament brings into sharp focus the reliance on suppliers in business and the risks that can arise if they are unable to deliver – in KFC’s case, literally.
Until last Tuesday, the South-African owned Bidvest distribution group handled the logistics in delivering KFC’s fresh chicken to its restaurants and outlets across the UK.
A change in supplier can be a common decision and no doubt, given the significance of KFC’s supply chain to its successful operations through the UK, that decision would not have been taken lightly.
Whatever the reason, one of the most important aspects in any business relationship, be it with your suppliers, as here, your clients or customers or your staff, is what happens if things go wrong? What a negative way to look at things you might think? But this is not about being negative; in fact it should be a positive aspect of any initial negotiations – sometimes things don’t go to plan; sometimes that will be outside of either party’s control – such as adverse weather delaying a shipment of goods, for example – but sometimes, it is caused by one side, for whatever reason, failing to meet the obligations they had agreed.
Naturally, in those circumstances, people think of insurance – if I crash my car, the insurance is there to protect me in any claim. However, SMEs have a real opportunity to manage their customer and supplier relationships, through well-thought-out contract terms.
We were recently advising a technology business on the supply of equipment to a much larger group. Say they on-sell that equipment to their own customers, to be used in ways that our client simply wouldn’t know and for some reason they decide the equipment isn’t suitable, causing them to lose a major contract – is that the responsibility of our client?
In KFC’s case, what is the value of potential damage to its brand and business from this current issue? With the majority of its outlets closed. And of course that is not only the loss of revenue but the potential for its brand to be tarnished in some way – in fact, KFC have been handling communications around the problem positively, with regular updates, but arguably their new supplier is liable for any losses and damage that they suffer.
It is often only when problems arise that SMEs and businesses recognise that in fact they do not have contracts in place. Within well-crafted terms and conditions, it is possible to spell out exactly what happens if a problem arises – this includes, practically, what should be done to try and manage the issue but also should outline where liability falls. Is DHL likely to be responsible for the entire loss of revenue suffered by KFC? Business owns can, within their terms, limit the extent of their liability in these kinds of circumstances; both, financially – perhaps with a cap on value of any claim and in terms of the kinds of los that are included – in DHL’s terms, no doubt, they would have excluded liability for loss of business caused by issues in delivery, given these issues are foreseeable. In your business, you can do the same – if a delay in supply to one of your clients and customers causes them to lose a major contract, costing £100,000, can they seek to pass that loss on to you, in a claim for damages? Or have you limited the potential for such claims in well-crafted terms and conditions?
Devising bespoke contracts and terms for your business can allow you to cover these issues, ensuring the risks in your business are minimized, even if things, as they will, sometimes go wrong. It also ensures that the relationship between you and your clients or customers is stronger, as the basis upon which you are doing business is clear. Click here for more information on our fixed price services in these areas: Commercial Contracts and Online Trading and E-Commerce
A fundamental change under GDPR – the new data protection code which comes into effect in less than 4 months’ (25 May 2018) – will have particular relevance for anyone involved in a franchisor/franchisee relationship. Why? Because of the way in which data is handled; a franchisee operates their own business and is, under the existing Data Protection Act 1998 (“DPA”), a controller (i.e. a person that determines the purpose for and manner in which data is processed); franchisors, by contrast, and despite their obvious vested interest in that data (under many franchise agreements, client data can only be used within the franchisor’s system, licensed to the franchisee under their franchise agreement) are not merely associated parties; in fact they also have a vested interest in the information that their franchise network collects and processes. Ultimately, customers or clients are entering into a relationship with the brand, meaning the franchisor.
From a practical standpoint, a franchisor’s relationship with ‘its’ customer data has arguably been in the guise of a data processor – with access to records of this information maintained and used by its franchisees and, in some cases, to provide facilities to capture prospects or those that might be interested in a franchisee’s products or services, through a central website or micro-site or page dedicated to a particular franchisee’s territory. A franchisor that does not undertake specific analysis on this data as a whole, is arguably no more than a data processor under the current DPA; but under GDPR, processors become subject to much enhanced obligations, not dissimilar to those applicable to their network of franchisees.
Taking the relationship from another angle, to some degree the franchise network will rely on the franchisor to guide them in best-practice and compliance; after all, their purchase of a franchise would, to some extent, have been to avoid the need to devise, think about and implement much of the back-office function of the business – the expectation within a franchise, as a ‘business-in-a-box’, is to be able to open and focus on sales and growth, without much of burden applicable to a start-up or owner-operator.
Much has been made of the vast fines that could apply to a data breach; these should not be ignored but our own assessment, as with much of the true approach to GDPR, is that proportionality will play its part. If it were going to cost a small retailer, tuning over say £120,000, £50,000 to implement a particular aspect of GDPR, this may not be seen as proportionate, subject to other relevant factors.
But what if you are a franchisor? With a franchisor’s specific role in directing and guiding their network of franchisees, albeit they may not be directly responsible for the processing of that data now, their heightened obligations under GDPR even if they are truly only a data processor and their obvious interest in the protection of their brand/reputation which could be seriously damaged following a data breach by a lax franchisee, franchisors should be taking the lead and communicating not only with their own internal team but also across their franchise network to ensure that plans are in place and assessments are carried out to minimize the potential risks.
Included will be a consumer’s appreciation of the franchisee’s relationship with the franchisor and that much if not all of their data will be made available to the franchisor, both to ensure efficient operation of the franchise business but most likely under obligations binding the franchisee within the franchise agreement or the operations manual, given what is effectively equivalent standing by a specific provision within the agreement; franchisees will look upon franchisors to advise on best communication and to implement and provide updated privacy notices and related documentation, to ensure best practice.
How we are Helping Franchise Businesses:
As specialists in both franchising and technology law, including data protection (recommended in both the 2016 and 2017 editions of independent Directory, Legal 500 in these areas), we are supporting franchisors and franchisees with:
1) Guidance on the practical implementation of GDPR, including data minimisation and analysis;
2) Advice and updates to operations manuals, technical notes and training around secure and effective data management;
3) Updated privacy notices and communications, including on websites and social media;
4) Handling data requests and breach notification plans – a data breach now has to be notified within 72 hours; a challenge if discovered on a Friday(!); and
Ensuring marketing is conducted legally, including under PECR Regulations.
The General Data Protection Regulation (GDPR) is the new data protection code that replaces the existing Data Protection Act 1998 in May 2018. Many have focussed on the negative aspects such as the fines for non-compliance, which are eye-watering. You may recall TalkTalk’s security breach in 2015, which led to the loss of 150,000 customers’ data and resulted in a fine from the Information Commissioner’s Office (ICO) of £400,000; under GDPR that would have been £70 million!
Arguably, it was not TalkTalk being lax; but instead came about from part of their infrastructure being inherited when they took over Tiscali, a number of years earlier. This leads to the first practical step that we take when working with clients, preparing for GDPR. What data do they have and where is it?
Data is everywhere and can be found in unexpected places. It dawned on me the other day that having certain clients’ phone numbers in my mobile, means that some of that data is also in my car, because it’s uploaded via Bluetooth. You need to consider how wide the net is; documentation kept out of the office, data found in or copied to personal devices or e-mail accounts – Hilary Clinton’s use of a private e-mail server, for example.
The challenge comes simply from how well connected we are these days and as a result of this complexity, the aim is to harmonise data security across the EU. So when people ask me whether Brexit will get in the way, the simple answer is no; GDPR is here to stay.
Where businesses process data they must do so lawfully, fairly and transparently. To demonstrate lawful processing, a business must show that it is necessary for the performance of a contract or they must be able to justify, in line with the Regulation, that it is for the purposes of their legitimate interests.
Otherwise, businesses must demonstrate consent and this must be more than a simple tick-box amongst other terms; these requirements are detailed and cover how and the purposes for which that consent is obtained. Why not just e-mail all of your clients or customers confirming they are happy? A couple of recent cases suggest this might be a dangerous strategy; e-mails sent by the companies involved were themselves deemed to be marketing; for which there was no prior consent under the Privacy and Electronic Communications Regulations from 2003 – a related set of regulations that govern e-marketing activities.
Don’t worry then, you think, we’ll just outsource everything! Not quite; businesses will now be liable for the actions of suppliers that handle data on their behalf; at present there is a distinction between the data controller that owns the data and a supplier engaged with processing it (obvious examples being outsourcing and the use of cloud-based IT infrastructure). Therefore we are looking at clients’ existing arrangements. Providers should recognise your greater responsibilities and should not be seeking to exonerate themselves through well-crafted terms and conditions – you may need to prioritise reviewing your suppliers’ contracts.
GDPR may be about compliance, but we’re encouraging businesses to give themselves a competitive advantage by adopting a privacy by design approach and demonstrating that the protection of their customers’ and clients’ personal information is central to everything they do. They say a week is a long time in politics; so it’s hardly a surprise that today’s digital economy, back in 1995 (when the current Data Protection Directive came in), would have seemed more science-fiction than today’s day-to-day reality.
Areas where we are currently helping clients are within our Online and E-Commerce services under GDPR and Data Protection.