“What can I say about George, other than the guy is not only great at what he does, but he’s honest, reassuring and a genuine pleasure to talk to. A few months back, my business
Alongside the health crisis being caused by Covid-19, the coronavirus is rapidly causing economic difficulties for business which, owing to what some consider to be not fast enough action by the Government, is leading to
A Business Perspective – Coronavirus/Covid-19
Award Winning C2 Safety: Jerome Timbrell, Managing Director, on working with us: “The decision to use Solicitors Title was made so much easier when we met face to face with Richard James, head of Solicitors
Setting up the First Health & Safety Franchise in the UK
A fundamental change under GDPR – the new data protection code which comes into effect in less than 4 months’ (25 May 2018) – will have particular relevance for anyone involved in a franchisor/franchisee relationship. Why? Because of the way in which data is handled; a franchisee operates their own business and is, under the existing Data Protection Act 1998 (“DPA”), a controller (i.e. a person that determines the purpose for and manner in which data is processed); franchisors, by contrast, and despite their obvious vested interest in that data (under many franchise agreements, client data can only be used within the franchisor’s system, licensed to the franchisee under their franchise agreement) are not merely associated parties; in fact they also have a vested interest in the information that their franchise network collects and processes. Ultimately, customers or clients are entering into a relationship with the brand, meaning the franchisor.
From a practical standpoint, a franchisor’s relationship with ‘its’ customer data has arguably been in the guise of a data processor – with access to records of this information maintained and used by its franchisees and, in some cases, to provide facilities to capture prospects or those that might be interested in a franchisee’s products or services, through a central website or micro-site or page dedicated to a particular franchisee’s territory. A franchisor that does not undertake specific analysis on this data as a whole, is arguably no more than a data processor under the current DPA; but under GDPR, processors become subject to much enhanced obligations, not dissimilar to those applicable to their network of franchisees.
Taking the relationship from another angle, to some degree the franchise network will rely on the franchisor to guide them in best-practice and compliance; after all, their purchase of a franchise would, to some extent, have been to avoid the need to devise, think about and implement much of the back-office function of the business – the expectation within a franchise, as a ‘business-in-a-box’, is to be able to open and focus on sales and growth, without much of burden applicable to a start-up or owner-operator.
Much has been made of the vast fines that could apply to a data breach; these should not be ignored but our own assessment, as with much of the true approach to GDPR, is that proportionality will play its part. If it were going to cost a small retailer, tuning over say £120,000, £50,000 to implement a particular aspect of GDPR, this may not be seen as proportionate, subject to other relevant factors.
But what if you are a franchisor? With a franchisor’s specific role in directing and guiding their network of franchisees, albeit they may not be directly responsible for the processing of that data now, their heightened obligations under GDPR even if they are truly only a data processor and their obvious interest in the protection of their brand/reputation which could be seriously damaged following a data breach by a lax franchisee, franchisors should be taking the lead and communicating not only with their own internal team but also across their franchise network to ensure that plans are in place and assessments are carried out to minimize the potential risks.
Included will be a consumer’s appreciation of the franchisee’s relationship with the franchisor and that much if not all of their data will be made available to the franchisor, both to ensure efficient operation of the franchise business but most likely under obligations binding the franchisee within the franchise agreement or the operations manual, given what is effectively equivalent standing by a specific provision within the agreement; franchisees will look upon franchisors to advise on best communication and to implement and provide updated privacy notices and related documentation, to ensure best practice.
How we are Helping Franchise Businesses:
As specialists in both franchising and technology law, including data protection (recommended in both the 2016 and 2017 editions of independent Directory, Legal 500 in these areas), we are supporting franchisors and franchisees with:
1) Guidance on the practical implementation of GDPR, including data minimisation and analysis;
2) Advice and updates to operations manuals, technical notes and training around secure and effective data management;
3) Updated privacy notices and communications, including on websites and social media;
4) Handling data requests and breach notification plans – a data breach now has to be notified within 72 hours; a challenge if discovered on a Friday(!); and
Ensuring marketing is conducted legally, including under PECR Regulations.
The General Data Protection Regulation (GDPR) is the new data protection code that replaces the existing Data Protection Act 1998 in May 2018. Many have focussed on the negative aspects such as the fines for non-compliance, which are eye-watering. You may recall TalkTalk’s security breach in 2015, which led to the loss of 150,000 customers’ data and resulted in a fine from the Information Commissioner’s Office (ICO) of £400,000; under GDPR that would have been £70 million!
Arguably, it was not TalkTalk being lax; but instead came about from part of their infrastructure being inherited when they took over Tiscali, a number of years earlier. This leads to the first practical step that we take when working with clients, preparing for GDPR. What data do they have and where is it?
Data is everywhere and can be found in unexpected places. It dawned on me the other day that having certain clients’ phone numbers in my mobile, means that some of that data is also in my car, because it’s uploaded via Bluetooth. You need to consider how wide the net is; documentation kept out of the office, data found in or copied to personal devices or e-mail accounts – Hilary Clinton’s use of a private e-mail server, for example.
The challenge comes simply from how well connected we are these days and as a result of this complexity, the aim is to harmonise data security across the EU. So when people ask me whether Brexit will get in the way, the simple answer is no; GDPR is here to stay.
Where businesses process data they must do so lawfully, fairly and transparently. To demonstrate lawful processing, a business must show that it is necessary for the performance of a contract or they must be able to justify, in line with the Regulation, that it is for the purposes of their legitimate interests.
Otherwise, businesses must demonstrate consent and this must be more than a simple tick-box amongst other terms; these requirements are detailed and cover how and the purposes for which that consent is obtained. Why not just e-mail all of your clients or customers confirming they are happy? A couple of recent cases suggest this might be a dangerous strategy; e-mails sent by the companies involved were themselves deemed to be marketing; for which there was no prior consent under the Privacy and Electronic Communications Regulations from 2003 – a related set of regulations that govern e-marketing activities.
Don’t worry then, you think, we’ll just outsource everything! Not quite; businesses will now be liable for the actions of suppliers that handle data on their behalf; at present there is a distinction between the data controller that owns the data and a supplier engaged with processing it (obvious examples being outsourcing and the use of cloud-based IT infrastructure). Therefore we are looking at clients’ existing arrangements. Providers should recognise your greater responsibilities and should not be seeking to exonerate themselves through well-crafted terms and conditions – you may need to prioritise reviewing your suppliers’ contracts.
GDPR may be about compliance, but we’re encouraging businesses to give themselves a competitive advantage by adopting a privacy by design approach and demonstrating that the protection of their customers’ and clients’ personal information is central to everything they do. They say a week is a long time in politics; so it’s hardly a surprise that today’s digital economy, back in 1995 (when the current Data Protection Directive came in), would have seemed more science-fiction than today’s day-to-day reality.
Areas where we are currently helping clients are within our Online and E-Commerce services under GDPR and Data Protection.
We are looking to appoint a legal assistant to work primarily in our property department in Exeter city centre. Whilst we would like to talk to experienced legal assistants/ paralegals, this post will most likely suit someone who is looking to pursue a career in law for which this would be a first step on the ladder so do not let a lack of experience deter you from applying if you are serious about a career in law.
You will be expected to show your commitment towards a career in the law. You must be prepared to start at the bottom, to be conscientious, hard working flexible and reliable and in return you will be provided with a solid training in conveyancing and in property law. You will be exposed to all types of property transactions, both residential and commercial. In addition you may be required to assist from time to time in other disciplines.
In the first instance, please write, by post or by e-mail (the later addressed to: [email protected], setting out why you want to work in the law and why you would like to be considered for this particular post.
It has been a busy time over the last few months; with legal changes including the onset of GDPR and exciting developments for some of our clients and for us as we continue to grow our business. It’s nice for us to voice the positives but what we also like to do is share our clients and fellow businesses’ success too and that is why we produce our Business Round Up.
On 1 October 2017, the Pre-Action Protocol for Debt Claims (the “Protocol”) will come into force.
The Protocol will apply to any business, including sole traders and public bodies, (the “Creditor”) looking to bring a claim against an individual or a sole trader (the “Debtor”).
Our offices will be closed from 1pm on Friday 23rd December 2016 and we will reopen at 9am on Tuesday 3rd January 2017.
Wishing all our clients and contacts a Merry Christmas and Happy New Year.
For many, chasing their customers for payment is at best a necessary evil. In order to minimise the need to do so, we provide some tips on improving payment performance.
When should you chase payment?
In order to successfully recover payment it is essential to gather information about your customer before you carry out any work for them. You should be able to identify your customer’s full legal entity, their company registration number and their contact details, including the name of the person that you should communicate with for invoicing purposes and to deal with queries quickly.
Solicitors Title is delighted to have been recognised as a go-to firm for corporate and commercial work in this year’s Legal 500 rankings.
Legal 500 is an independent directory of the leading law firms and lawyers. Published annually, the guide is compiled after extensive research, including confidential references from clients and contacts and following assessment of the work carried out by each practice being reviewed.
You may have worked hard for a long me in a company or business and whether you expect it or not, you end up being called into his or her office for a chat! Fortunately, it’s not to present you with your P45 but instead to offer
It seemed almost impossible this week not to talk about Brexit and the effect on the property market though I’m sure that there’s a lot of people who are already starting to groan when they hear the word given the wall to wall media coverage. If nothing else, it seems as if everyone has an opinion – and one which they ‘re willing to share with anyone who will listen – and that least makes for a refreshing change from the weariness and apathy