Loading...

Follow Rocket Lawyer UK - Everyday Law Blog UK on Feedspot

Continue with Google
Continue with Facebook
or

Valid

It was reported that absenteeism during the 2006 World Cup cost UK businesses £100 million a day.

With the 2018 Fifa World Cup in full swing ACAS has produced guidance to help employers prepare for potential issues. Such issues include unauthorised absences and a decrease in productivity that could arise during the World Cup period.

Employers who are concerned about staff productivity should start planning and implementing procedures as soon as possible to reduce the impact that the World Cup could have on their business.

Create a tactical strategy

I’m not talking about a blind-pass or tackle. I’m talking about a business strategy.

Before the start of any major sporting event (whether it’s the Olympics or the World Cup), employers should consider having agreements or policies in place to deal with taking time off, sickness absence or even watching football matches during work hours.

Ideally you should gauge the level of interest in the World Cup within your business. If no one in your company is at all interested in football, then there might not be any issues!

Defender or attacker?

Employers should be flexible. An employer should consider a more flexible working day such as allowing employees to come in a little later or finish earlier, and agree when this time can be made up.

You may also want to allow staff to listen to the radio or watch the TV in a communal area as a possible option. Any change in hours or flexible working arrangements should be agreed in advance by the employee’s manager.

Time out

Employees who wish to take time off work around the time of the World Cup should book annual leave in the normal way, as set out in any policies. However, employers may wish to look at being a little more flexible when allowing employees leave during this period.

Some employees may want to travel to Russia to watch the matches live, however, they should remember not to book flights until leave has been agreed. Employees should also be aware that they may experience travel delays when they are back in the UK so should return in plenty of time so their work doesn’t suffer.

It is important that both parties come to an agreement – staff should however, be made aware that it may not always be possible for special arrangements to be made. All businesses will, after all, need to maintain minimum staffing levels.

Don’t get called foul!

A consistent approach should be applied for leave requests particularly when this comes to other major sporting events. Employers should remember that not everyone likes football! Even though it is expected that football fans will be first in line for holiday application requests during this time, employers should ensure that holiday is granted fairly on a ‘first come first serve’ basis.

Football sickness

Your sickness policy will still apply during this time and this policy should be operated fairly and consistently for all staff.

Levels of attendance should be monitored during this period. Employers should ensure that there are clear rules and procedures in place for dealing with absences (including late attendance due to post match hangovers) or patterns of absence. Employers should make staff aware that patterns of absence could result in formal proceedings against the employee.

For further information read Managing sickness absence and Managing employee absenteeism.

Social media and website use – #WorldCup2018

There is likely to be an increase in use of social media and websites during the World Cup period. Employers should therefore ensure that they have a Social media policy in place making it clear what is and isn’t acceptable usage.

Drinking or being under the influence

The World Cup is likely to lead to an increase in the consumption of alcohol. Employers should therefore re-issue ‘zero alcohol policies’ and/or remind staff that anyone found under the influence of alcohol at work could be subject to disciplinary procedures.

If employees decide to have a ‘liquid lunch’, employers should encourage employees to take the rest of the day as annual leave or unpaid leave in order to have business continuity and minimise the amount of disruption to the business.

Goal!

If you’ve considered these things for your business and employees, then there’s no reason you can’t achieve your goals. Careful planning will enable the World Cup period to run smoothly for businesses and allow staff to enjoy the event. It is anticipated that employers who are flexible in their approach, are less likely to suffer from employees taking unauthorised absences.

Rocket Lawyer has several HR policies and procedures available for you to make!

The post Fifa World Cup 2018 – Are you tackling employee absences properly? appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

When I mention ‘cookies’, you probably imagine an oven-baked treat of the chocolate chip variety. In computer terminology though, cookies are completely different, but they both have something in common – they can sometimes make your life just a little bit better.

So what are cookies? What are they doing on our computer? Are they bad for us? Read this blog to find out.

Did someone say cookies?

If you’ve ever been online or browsed the Internet you’ve probably heard of cookies or clicked ‘accept’ on a pop-up banner to accept them. This unfortunately doesn’t send a batch of chocolate chip cookies to your computer. But it does contain helpful information about you and your preferences.

Web browsers create simple text files called cookies when you visit websites on the Internet. Your device stores the text files locally allowing your browser to access the cookie and pass data back to the original website.

For example, if you visit a website and wanted to select a certain language, you’d select an option that said ‘I’d like to view your website in English’. The website would then save that information to a small document – a cookie – to your computer. The next time you visit the same website, it would be able to read the cookie it saved earlier and ‘remember’ your language preference and display the website in English. This saves you the inconvenience of selecting the language again.

Are there different types of cookies?

Just like the edible ones, there are different types of Internet ones too. Different cookies have different functions and purposes.

Session cookies

Session cookies are commonly used on online stores or shopping websites, such as Amazon or Ebay. They help websites recognise users and the information provided as you move from one web page to another and remember what items you placed in your shopping basket. They only retain information about a user’s activities for as long as they are on the website and are deleted when you close your web browser.

Permanent cookies

Permanent cookies are stored on your computer until it expires or until you manually delete it. Permanent cookies can identify a user by assigning a unique tag to the cookie. These are the types of cookies used on websites that need to know who the user is but offer the ‘Remember me’ function when we enter our name and password. When you select a website to remember you, the website remembers the username and password so you don’t need to re-enter it every time you visit. The result is that it offers faster and more convenient access. In addition to authentication, other website functions are possible such as menu preferences, preferred theme, language selection or even internal site bookmarks.

Third party cookies

Third party cookies are files that have been stored onto your device by a website that is different from the website you are actually visiting. Advertisers use these to track your visits to various websites on which they advertise. These cookies are used to collect information about what sites you visit, things you like, dislike and purchase. They often use this information to show ads, products or services specifically targeted to you.

Are cookies bad?

Sweet treats should only be eaten in moderation.

But on a serious note, Internet cookies are technically harmless. They are simple text files that are stored passively, and cannot be used to view data on your hard disk or capture other information from your computer.

However, websites can use cookies to track users as they browse the web, collecting highly personal information and often transferring or selling that information to other websites without permission or warning. Viruses and malware can also be disguised as cookies and some, such as the zombie cookie, can even be re-created even after they’ve been deleted.

Summing up cookies

Since the beginning of cookies, the popularity of these clever little helpers exploded and they gradually evolved into a more complex, yet essential part of the internet.

At first, cookies would contain just a few preferences such as language. But soon, developers realised that the more information they could store, the better experience they could provide to their users. This development holds the potential for constantly improving browsing and user experiences. At the same time it becomes more difficult to understand what information is being collected, stored and shared.

It’s up to the creators of a website to determine what information they do and don’t store, and more importantly; what they use that information for. Cookies are a tool. Just like a hammer or a saw they can be used for bad things, but they are intended to be used for good things. The responsibility lies with the people using them.

If you’re a business who collects and stores information through cookies, consider creating a Website privacy policy to be compliant with the cookie law.

The post Cookies – What are they and what do they do? appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Excellent opportunity for a 2-3 year PQE solicitor to join a thriving legal technology company based in Shoreditch.

Apply for this job

About Rocket Lawyer

We believe everyone deserves access to simple and affordable legal services.

Founded in 2008, Rocket Lawyer is the largest and most widely used online legal service platform in the world. With offices in North America and Europe, Rocket Lawyer has helped over 20 million people create over 3 million legal documents, and answer over 30,000 legal questions.

Rocket Lawyer are in a unique position as a legal technology company in the UK to provide legal advice directly to our customers as an unregulated entity. By combining expert legal advice from solicitors and paralegals with technology Rocket Lawyer UK is accelerating its mission to provide access to justice to small businesses and consumers who are currently excluded from the market. We are investing in our technology and hiring a team of solicitors to take on this challenge!

About the Role

Rocket Lawyer pioneered online legal services in the United States and United Kingdom, and we have recently launched in France, Spain and Netherlands. The proprietary and patented Rocket Lawyer technology platform enables the creation of legal documentation and delivery of legal advice from lawyers knowledgeable in local laws, in any language. You’ll be based in Shoreditch, London, the biggest tech cluster in Europe, working with the UK legal team.

As a Company & Commercial Solicitor, you will be primarily responsible for providing legal advice to our small business customers, including leading and growing the legal team. A secondary responsibility is to work with the product development and legal operations teams to  develop and scale our legal advice platform. You must therefore be a tech savvy, entrepreneurial company & commercial lawyer and be able to work independently, without supervision. You will be managing your own busy caseload from inception to completion, with support from a new legal operations team, and leading the provision of legal advice to our small business customers.

This is not a traditional role. Rocket Lawyer is innovating the way legal advice and services are provided. We are applying technology to modernise the way legal services are delivered, increasingly automating legal advice and building a large scale platform for a network of lawyers to work with small business and consumers online to provide affordable legal advice.

The Clients

There are no typical clients, but the focus to date has been on start-ups, Tech Companies and E-Commerce businesses.

Clients are new startups, micro and small businesses who need advice on typical small business company & commercial matters.

The emphasis is on scalability, so using technology to deliver high volume affordable and quality legal advice. This position would not suit a lawyer looking for complex high value work, but more a tech driven lawyer looking at innovative ways to unbundle and automate legal advice at a large scale.

Clients are looking for the full spectrum of Company & Commercial work, typically including:

  • Incorporations
  • Shareholder agreements
  • Confidentiality agreements
  • Services and collaboration agreements
  • Terms & conditions of business
  • GDPR

This is an exciting opportunity for a Company & Commercial lawyer who is keen to help transform the delivery of legal services. Excellent career progression prospects exist for the right candidate, with an opportunity to develop and lead large scale legal service provision in the UK.

The Person
  • Qualified, practicing company & commercial solicitor – 2-3 year PQE
  • Additional experience in employment law a bonus
  • Commercially astute, with an ability to understand clients’ broader needs in addition to excellent technical legal expertise
  • Obsessed with new technology, with an entrepreneurial flair and be able to translate that into new ways of delivering legal services
  • Work autonomously to manage your own caseload and risks
  • Leverage and supervise paralegals to provide lower cost, quality legal advice
  • Manage external consulting solicitors, ensuring the provision of quality legal advice
  • Contribute to the development of the Rocket Lawyer precedent database
  • Support marketing and business development activity, regularly writing and blogging
  • Work with product development experts to build out the first, global legal advice platform

Apply for this job

The post We’re hiring! Company & Commercial Solicitor appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

I spoke to Lauren Delin (Senior Paralegal at Rocket Lawyer UK), about the GDPR and the challenges that Rocket Lawyer has faced in getting ready for GDPR. Below is the conversation we had.

Alan: We know that the GDPR came into force on the 25 May. What did you do to get Rocket Lawyer compliant with the GDPR and incoming UK data protection laws?

Lauren: A key part of GDPR compliance was ensuring our products were up to scratch and of value to those who rely upon our service every day to ensure their businesses are operating in a way that is legally compliant. Here at Rocket Lawyer, we offer a range of legal documents to help customers navigate the legal landscape (which can be a bit of a minefield). Therefore, it was imperative that all affected products were made compliant before the 25 May, together with all of our great content, such as our guides.

As an international business, Rocket Lawyer was also affected by the GDPR in its own right. Our compliance programme involved reviewing our existing data privacy practices against the GDPR requirements and then identifying the actions we needed to implement those requirements by the 25 May. This involved working alongside our business teams in the US and Europe to identify the key compliance issues we needed to focus on, and then considering how they were going to affect future projects involving the handling of personal data.

Alan: That sounds like a lot of work! On a scale of 1 – 10 (with 1 being easy and 10 being hard), how hard did you find getting everything ready for the GDPR?

Lauren: I’d give it an 8 on the difficulty scale (eased only by the fantastic team of people I had the opportunity of working with and who supported me throughout!). It was certainly challenging, but only because it affected so many different areas of our business. Legal compliance was imperative, however, we also had to make sure that it was in line with our commercial objectives and market trends.

Alan: What was your approach to getting Rocket Lawyer’s documents up-to-date and compliant?

Lauren: Having a firm understanding of the requirements was a good starting point. I undertook quite a bit of research, and attended my fair share of presentations and webinars! I also took inspiration from companies I admired, paying particular attention to their approaches to data privacy, for example, the ways they communicated their data privacy practices through their privacy policies.

Alan: A hot topic has been around the impacts of the new data protection regime. What do you think will be the biggest impacts of the GDPR for small businesses and individuals?

Lauren: Unlike large businesses, small and micro businesses don’t need to appoint a Data Protection Officer, however, they could still be fined up to 4% of their annual turnover for failing to abide by the GDPR’s rules. In short, the GDPR affects a number of processes across small businesses, from sales and marketing to IT and security, so it’s important such businesses understand their obligations.

Individuals on the other hand can sleep a little easier knowing that companies are taking the protection of their personal information more seriously.

Alan: It’s been reported that many businesses aren’t compliant with the GDPR and that many businesses wouldn’t have been ready by the 25th May. What advice would you give to businesses who may not be compliant with the GDPR right now, or are in the process of becoming compliant?

Lauren: I’d advise that they undertake a review of their existing data privacy practices against the GDPR requirements to identify the actions they need to implement. It’s always advisable to get senior people involved right from the very outset to ensure data protection is incorporated into the business’ governance structure and is fully supported throughout its lifecycle. Perhaps most importantly, I’d recommend a data mapping exercise, which can help businesses understand their data processing activities and record them all. Lastly, such businesses should create solid information notices to let people know how they process personal information. Rocket Lawyer can help here! Just contact us about our GDPR audit and compliance service or browse our library of documents and guidance.

The post Rocket Lawyer Stories – GDPR appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

The GDPR and UK Data Protection Act 2018 are in full force, and some businesses will be compliant with the new data privacy laws, while others will not.

The GDPR not only enhances data privacy rights of individuals but provides for new and improved regulatory powers for the Information Commissioner’s Office (ICO).

So who are the ICO and what does the GDPR mean for businesses facing a data breach or are found to be non-compliant?

Who are the ICO?

The ICO is the UK’s independent body that is responsible for ensuring businesses comply with UK data protection laws and the GDPR. They uphold individual’s data rights and issue penalties to companies found to be mishandling data or in breach of their obligations.

What do I do if there has been a data breach?

The GDPR makes it mandatory that businesses report any serious data breaches to the ICO within 72 hours, especially if the breach affects the rights or freedoms of the individual whose data has been compromised. For example if there is a substantial risk of identity theft, discrimination or financial loss. You must also tell the individual affected of the breach.

Less serious breaches may not require notifying the ICO, but these cases must be decided on a case-by-case basis. If in doubt, you should consult your appointed Data Protection Officer (if you have one) or the person responsible for data protection compliance within your organisation.

How should I make the report?

You should make a report on the ICO website. When making the report, you should state what has happened, why and how the breach occurred and how you plan on resolving the situation and protecting against the breach happening again the future.

What powers does the ICO have?

Under the GDPR, the ICO has vastly more powers of enforcement, including investigative powers, compliance (corrective) powers and issuing financial penalties.

Investigative powers

When the ICO has been informed of a data breach, potential or real, the ICO is provided with more powers to investigate. These include:

  • ordering the data controller and the data processor to provide information that the ICO requests
  • carrying out a data compliance audit of the business
  • reviewing certificates
  • notifying the data controller or processor of any alleged infringement of the GDPR
  • obtaining access to all personal data and all information that is deemed necessary by the ICO
  • obtaining access to any premises where data is stored or processed.
Compliance powers

The ICO also has the power to issue corrective measures when investigating a data breach. Some of the corrective powers that can be imposed by the ICO could have a considerable impact on the day-to-day running of a business. These include:

  • issuing warnings
  • issuing reprimands
  • ordering the data controller or the processor to comply with the data subject’s requests to exercise their rights under the GDPR
  • ordering the controller to tell individuals of a data breach if their personal data was compromised
  • imposing a temporary or definitive ban on processing
  • ordering the rectification, restriction or erasure of personal data
  • withdrawing a certification or ordering a certification body not to issue a certificate
  • imposing administrative fines
Enforcement powers

The ICO now has stronger enforcement powers and can impose higher financial penalties. The ICO can issue heavy fines of up to €20 million (approximately £17 million) or up to 4% of an organisation’s annual global turnover.

The ICO has confirmed, however, that these top end fines will be rare and reserved for only the most serious breaches.

So what should you be doing now?

Well, if you’re not yet compliant you should start checking your business to make sure you become compliant.

Ensure you have policies and processes in place (such as a Website privacy policy or Data protection and data security policy) that can help avoid or minimise the risk of data breaches in the first place. Keep records of all data breaches and processes you have. Liaise with IT teams to implement any technical measures to protect personal data and get staff trained on dealing with subject access requests and handling personal data.

If you and/or your business need help to comply with the GDPR, Ask a lawyer about our GDPR audit and compliance service.

The post GDPR – How will the GDPR be enforced? appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Happy GDPR Day. And great news… Rocket Lawyer’s documents are GDPR compliant!

We’ve been working hard behind the scenes to get these documents up and running.

A few of the documents that we’ve updated include:

  • Website privacy policy
  • Data protection and data security policy
  • Website terms and conditions
  • Employment contract
  • Consultancy agreement
  • Subcontracting agreement
  • Terms and conditions
  • Communications and use of equipment policy

You should get a solicitor to review your current agreements with your customers, vendors and suppliers. A GDPR check will identify which documents need to be redrafted. If you and/or your business need help to comply with the GDPR, Ask a lawyer about our GDPR audit and compliance service. For further information take a look at our legal guide to Online business

The post Rocket Lawyer’s documents are GDPR compliant! appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

At Rocket Lawyer UK, we’ve helped to answer over 10,000 legal questions from our members since 2012. From doing some analysis we’ve managed to pick out some common issues that businesses and individuals face. This Ask a lawyer blog series will feature step-by-step instructions to help you solve some of these common legal issues, such as tenant eviction, dismissing your employee, business compliance and more!

In ‘Ask a lawyer: How do I comply with the GDPR’, I’ll set out some practical steps and tips for your business.

Step 1: Understand the basics of the GDPR

Remember that the GDPR applies to ‘personal data’. So it’s important to understand what is and what isn’t ‘personal data’. Personal data is any information relating to an individual who can be identified by that information. So for example, my full name (Alan Cheung) is personal data for the GDPR as you can identify me from that information. The GDPR also expands the definition of personal data to include location identifiers and online identifiers (such as IP addresses).

The GDPR also broadens the definition of ‘sensitive personal data’, which now encompass genetic and biometric data. By this, it means fingerprint scanning to unlock a phone and facial recognition software. It even includes ear canal authentication for headphone security!

Any personal data must be processed lawfully and in accordance with the six ‘Data Protection Principles’. Data must:

  1. be processed fairly, lawfully and in a transparent way;
  2. be collected and processed only for specified, explicit and legitimate purposes;
  3. be limited to what is necessary for the purposes for which is it processed;
  4. be accurate and kept up-to-date;
  5. not be kept for longer than is necessary for its purposes; and
  6. be processed securely and confidentially.

This means that you must be clear on what ‘processing’ is and what your business does with personal data internally and externally. ‘Processing’ can mean collecting, recording, organising, storing, altering, disclosing, combining, restricting, destroying or erasing data.

The Data Protection Principles also means that businesses must have a legal basis for processing data. This means that your business must have a valid reason as to why you’re processing personal data. The legal bases are:

  • Consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Vital interests of the data subject
  • Public interest

For further information read Processing personal data. Ask a lawyer if you need more information.

Step 2: Understand your business

Okay. So you’ve had the basic lowdown on the GDPR. But understanding the GDPR isn’t enough. You need to understand your own business as well.

You should complete a business-wide data audit to understand and document what information you hold, what it’s used for, how it’s used and stored, who it’s shared with and who’s responsible for it.

Consider whether you need a Data Protection Officer (DPO) or a Data Privacy Manager, who can be the point of contact within your business for all GDPR and data issues. Read our previous blog on GDPR – What’s a Data Protection Officer? for further information.

Ask yourself whether you send or receive data from outside of the EU. If you do, make sure you’re aware of the special rules on cross border data transfers. For further information read International transfers of personal data.

Step 3: Update your contracts and policies

Updating your internal policies and contracts is a must. If you have a website, you should make a Website privacy policy.

If you employ staff you should make a Data protection and data security policy. This policy is important as it informs staff of how the business is going to comply with the GDPR and how staff are expected to as well. Contracts of employment should be updated as well. Rocket Lawyer’s Employment contract contains new GDPR/Data Protection clauses.

Step 4: Train your staff

You’ll need to train staff (or yourself if you’re a one-man/woman band) to ensure that everyone is aware of the procedures that need to be followed and the responsibility everyone has. In particular, everyone needs to be trained on breach notifications. So what kind of procedure do you have if data is lost or compromised? Is there someone who can be contacted to deal with the issue?

You’ll also need to train staff on dealing with subject access requests (SAR). The new time limit means that businesses must respond to a SAR ‘without undue delay and in any event, within one month of receipt of the request’. This shortens the previous 40-day limit under the old Data Protection Act.

Step 5: Keep records and review them regularly

This is so important for any business. There’s no point in doing all the hard work in complying with the GDPR and getting everything prepared if you can’t prove it. Proper and accurate record keeping is essential. One of the key principles of the GDPR is accountability. This means there is a higher burden on businesses to prove that they are complying with the GDPR.

Remember that the ICO can come knocking on your door at any time and request your records.

To wrap up…

The GDPR is unavoidable. But it’s important you get things right, otherwise there could be serious consequences (and not just lots of stress!). But there is light at the end of this data protection tunnel.

If you and/or your business need help to comply with the GDPR, Ask a lawyer about our GDPR audit and compliance service from £1000+VAT, or if you have a legal issue you’d like me to blog about, contact me.

The post How do I comply with the GDPR? appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

GDPR – 4 letters that has everyone concerned (and with good reason).

The GDPR is a new EU regulation that will come into force on 25 May 2018. The GDPR means employers need to rethink how personal data is collected, used and kept. Both employers and employees now have new responsibilities to consider to help ensure compliance.

What is the GDPR?

The GDPR (General Data Protection Regulation) is a new and complex regulation that seeks to create a shift in how organisations handle personal data. Its role is to ensure that data processing and protection are up-to-date and current with today’s technological advancements and cultural change.

What do I need to know?

Although there are few dramatic changes to data protection from an employment law perspective, there are a few changes which employers should be aware of. Here are 5 of them.

1. Consent

It’s common for UK employers to include a data protection clause in an employment contract. Consent to data processing is given when an employee signs an employment contract. Currently, consent is a legitimate reason for processing employee data.

Employers, post-25 May, will no longer be able to rely on the employee’s consent as a legal basis for processing employee’s data lawfully due to changes from the GDPR.

Consent under the GDPR must be ‘freely given, specific, informed and unambiguous’. Consent from an employee will no longer be ‘freely given’ due to the unequal nature of the employer and employee relationship.

Employers should review their employment contracts and check to make sure any data protection clauses comply with the GDPR. For example, that employers have another legal basis (i.e. not consent) for processing employee data. Examples of these legal bases could be:

  • Processing employee data is a legitimate business interest for the employer. This means that the employer needs to process data in order to function as a business or make business decisions.
  • Processing employee data is necessary for the performance of the employment contract. This means that the employer processes employee data in order for the employee to carry out their work.

The latter is arguably easier to prove, as it’s common sense that the employer will have to process some data in order for the employee to work.

2. Subject Access Requests

Subject Access Requests (SARs) are a familiar concept. We already have SARs under current data protection laws. They allow individuals to find out what personal data is being held by them, why the organisation is holding it and who their information is disclosed to by the organisation.

According to ICO statistics, mishandling of SARs is the number one data protection issue complained about by the public. In 2016, 42% of 18,000 data protection-related complaints lodged with the ICO concerned individuals’ rights to access their personal data held by organisations.

The right for employees to gain access to personal data that their employer holds about them is the key principle of the Data Protection Act and will continue to be so under the GDPR. There are, however, a number of key differences employers must be mindful of:

  • Time to respond – Employers must respond to a SAR ‘without undue delay and in any event within one month of receipt of the request’. This shortens the previous 40 day limit under the Data Protection Act.
  • Fee – Employers can currently charge up to £10 for carrying out a SAR. Under the GDPR, this fee will be scrapped and the information must be provided free of charge. 
  • Electronic access – Employers must make it possible for employees to make SARs electronically. An employee could even make a SAR using your company Facebook or Twitter page.

Therefore, it’s important that employers check their internal policies including their Data security and data protection policy, as well as implementing new policies such as a Privacy notice. You should also train staff (eg your HR department) to identify when a request from an employee is a SAR and ensure they are aware of the new shorter deadline.

3. More detailed privacy notices

Under current law, employers are required to provide employees and job applicants with a Privacy notice setting out certain information. Under the GDPR, employers will need to provide more detailed information, such as:

  • how long data will be stored for;
  • if data will be transferred to other countries;
  • information on the right to make a subject access request; and
  • information on the right to have personal data deleted or rectified in certain instances.

Therefore you should review your current Privacy notices and update them to comply with the more detailed requirements of the GDPR.

4. Data breach response plan

The GDPR requires employers to report any data breaches. If there is an accidental or unlawful loss of personal data, the employer will have to notify the ICO promptly unless there is a low risk of causing harm to their employees. This will require a quick assessment of the likely risk. The employees will have to be notified if the breach poses a high risk to their rights and freedoms.

If the business does not have an adequate data breach response programme in place, one should be prepared. Employees will then need to be trained on its requirements.

5. Be audit ready

Knock, knock. Who’s there? The ICO.

It will be up to employers to prove compliance and the ICO can come knocking on your business without any warning to check you’re compliant. In practice, this will mean that the employer will need to have one or more data protection policies in place that demonstrate that the processing of personal data is performed in compliance with the GDPR. Data protection impact assessments will become increasingly important, and should not be forgotten.

Ensure documentary records are in place, and ensure there are clear lines of responsibility. Consider the impact of this on current employees, and their job roles.

So why should you care?

The big €20 million question. Well, if you’re found to be non-compliant with the GDPR you could be fined up to a maximum of €20 million or 4% of your turnover, whichever is greater. And remember the ICO can check-up on you without any warning. So it’s more important than ever for employers to prepare for compliance.

Ask a lawyer if you need more assistance.

The post 5 things employers need to know about GDPR! appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Rocket Lawyer is a legal technology company that provides families and small business with legal help online. We help with legal documents and filings, and we work with a network of law firms to provide legal advice.

We are looking for lawyers and firms to join the Rocket Lawyer On Call panel. There are no membership fees to pay and you get to market your legal services to millions of our customers.

We’ve interviewed some of our current On Call lawyers to find out what their experience of being part of the Rocket Lawyer network is like:

Angela Lally of SSB

SSB specialises in Wills, Trust and Probate, Family law, Personal injury & Employment law

How long have you been working with Rocket Lawyer?

5 years

What made SSB want to join Rocket Lawyer’s On Call panel?

Joining the Rocket Lawyer On Call panel has meant that we have access to customers who may initially be wary of directly approaching us because of costs.

How has Rocket Lawyer helped your firm?

Rocket Lawyer has enabled us to grow our client base on a national level, and helped us to expand the services we offer.

How do you think technology is changing the legal industry?

Technology has meant that my clients can be anywhere in the world and I can have a face to face conversation with them via Skype, or contact them quickly via email. Technology has also allowed me to grow my client base outside of the local area.

Ian Freeman of Freeman Harris

Freeman Harris specialises in Immigration law, Family law, Personal injury claims & more.

How does Rocket Lawyer work with Freeman Harris?

Rocket Lawyer refers legal enquiries to us across a wide variety of areas including immigration, litigation and intellectual property.

We also partner with Rocket Lawyer to offer their customers a trade mark registration service at competitive rates.

What made Freeman Harries want to join Rocket Lawyer’s On Call panel?

Rocket Lawyer presented an opportunity for our firm to get legal enquiries which we can then turn into paying clients. It was the first of such service that approached us and we have developed a strong and long lasting relationship.

How has Rocket Lawyer helped your firm?

Rocket Lawyer has been helpful in launching our intellectual property department which focuses on trade mark registration. The online service was launched in 2015 and the initial enquiries/filings were generated through Rocket Lawyer.

What is your favourite type of Rocket Lawyer customer?

Our favourite type of Rocket Lawyer customer is someone who knows the service they require and whose enquiry is transactional in nature rather than information gathering.

How do you think technology is changing the legal industry?

As we launched our online trade mark registration service, our firm was aware of the use of technology in making legal services more efficient and easier to access. Increasingly, more law firms will use technology to improve different aspects of their services. The legal industry will see drastic changes led by technology in the coming years.

So if you think you’d like to work with us, today and we’ll get you up-and-running quickly!

The post What’s it like to be on the Rocket Lawyer On Call panel? appeared first on Rocket Lawyer UK.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

All businesses need to win new customers to keep going. It’s particularly true in the world of gambling, where customers may gamble periodically, such as during major sporting events. Bonus offers, therefore, play a key role in getting the attention of new customers and in persuading existing customers to return.

At the same time, in the words of the Competition and Markets Authority (CMA), “Gambling is a risk but it shouldn’t be a con”. The CMA have come to the conclusion that some of the major gambling operators (including Ladbrokes, William Hill and PT Entertainment) have been too aggressive in their tactics for attracting customers (and parting them from their money) and has requested they clean up their act. There are three key points the CMA wishes to see addressed.

Wagering requirements

For a long time now, a typical advert from a gambling company would be something along the lines of “100% matched deposit bonus up to a maximum of £100”. In other words, for every £1 the player deposited, the gambling company would add another £1 to their account up to a maximum of £100. So if you deposited £100, you would have £200 to play with. However, the devil is often in the detail with gambling companies placing requirements on what the players had to do to meet the terms of the bonus. For example, the player could be required to make a high number of higher-risk bets in order to release their bonus. This would increase the likelihood of them losing their initial deposit and therefore having to make another deposit (putting more of their own money at risk) or sacrifice the bonus which tempted them to make the deposit in the first place. The CMA has requested gambling operators address this.

Restrictions on gameplay

Similarly to the above, the CMA has concluded that the gaming operators have not been sufficiently clear about the general rules of play on their site and has instructed the gambling companies to correct this situation. In particular, the CMA has specified that the gambling operators cannot rely on unclear terms and conditions to justify confiscating player funds.

The CMA has also instructed the gambling companies that they need to warn customers when they are playing with restricted funds.

Elimination of player publicity

While stories of people making big wins, particularly off free bets, are obviously great publicity for the gambling companies, the CMA has made it clear that players cannot be forced to participate in publicity.

Compliance

Most of these changes are essentially procedural changes and can therefore be implemented very quickly; in fact the CMA requested that the gaming operators implement them by March 2018. The exception is the requirement to warn players when they are playing with restricted funds, which may require changes to IT systems and so the gambling companies have been given until the end of July 2018 to implement that specific change.

The post New rules for gambling industry appeared first on Rocket Lawyer UK.

Read Full Article
Visit website

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview