call us
Glasgow
+44 (0)141 221 2984
Edinburgh
+44 (0)131 225 6366
Stirling
+44 (0)1786 451745
Dumbarton
+44 (0)1389 765238
Hamilton
+44 (0)1698 459444
Glasgow
+44 (0)141 221 2984

Edinburgh
+44 (0)131 225 6366

Stirling
+44 (0)1786 451745

Dumbarton
+44 (0)1389 765238

Hamilton
+44 (0)1698 459444

French Duncan

Blog

GDPR – The importance of accountability

This blog was originally published on LinkedIn on 18th January 2018.

GDPR will affect every aspect of business, from operations to sales, marketing and your supply chain. Nothing will be exempt from the scrutiny of the Information Commissioners Office (ICO) and understandably businesses are worried. The only thing that has yet to be made clear is the consequences of non-compliance.

What we aim to make clear is how GDPR will affect the supply chain and how you can prepare for its implementation. So if your client asks “Are you GDPR compliant?” on May the 25th you can confidently answer yes. These regulations may seem frightening at first but they also provide an opportunity - companies that are well prepared for GDPR will have a distinct competitive advantage over those that are not.

GDPR introduces a new principle to the management of personal data, the principle of accountability. It isn’t enough to merely comply with the new regulations, instead, you must be able to demonstrate compliance with the regulations. If asked you must be able to prove the governance measures you have put into place in order to adhere to the regulations, showing the measures taken to ensure data compliance has been integrated into data processing activities at all stages. Here are six activities you can carry out to ensure compliance:

Data audits

If you receive data or outsource your data processing, you will be required to ensure that there is compliance throughout your supply chain. This means it is vital to perform an audit of how your data is collected, where it is stored and what it is used for. Work with your IT department to find out what data you are currently storing, where it has come from, what are you using it for and who you are sharing it with. If your data flows through the supply chain you need to ensure every company that touches your data is GDPR compliant and asking them the question isn’t enough. They must provide a clear outline of what measures they are taking to ensure the protection of your consumer’s personal information.

Identify contact risk areas

Once you have completed your audit you will have a clearer perspective on where data enters and leaves your organisation. If there are any contracts that appear risky, ask them how they plan on preparing for the regulations or begin sourcing alternatives. Some companies will take the impending regulations more seriously than others, make sure you use companies that care. If you are working with a partner that isn’t taking it seriously then you are both liable under the regulations.

Monitor Compliance

Compliance is not a one-off occurrence, and it is up to you to ensure everyone that touches the personal information you manage are always GDPR compliant. But how you monitor this is up to you, it is worth considering ways to ensure they are compliant and ways to do this include audits and spot checks for key suppliers.

Practice your response

If you are storing personal information on prospects or clients then under GDPR they can request to have their information forgotten. These requests must be processed within 30 days, without exceptions, regardless of the complexity of your supply chain. Work out who your contact would be at each of your suppliers and who you would need to communicate with to satisfy any requests. Failing to prepare, is preparing to fail.

Spread the word

Having the right strategy in place is vital, but it can be worthless if your employees are not aware of how to manage data and how your processes will change going forward. Make sure the team of people who manage data and liaise with suppliers are aware of the new rules and how it will affect their roles. These individuals will be key in ensuring your compliance and in removing any data if requested.

Get insured

Check with your existing insurance supplier if they cover data protection and security breaches. If not you should review your options, some insurers will even cover breaches by suppliers so it is very worthwhile doing your research.

Taking key steps to prepare for GDPR is extraordinarily important and although time-consuming now, could save you considerable fines in the future. To learn more about the implications of GDPR or to get in touch with one of our experts, please visit our website.

GDPR – What does it mean for SMEs and how do you prepare?

This blog was originally published on LinkedIn on 29th November 2017. 

The General Data Protection Regulations will be implemented on the 25th of May 2018. These regulations will have a huge impact on how organisations, regardless of size, handle, process and store personal data.

Collyer Bristow (a leading UK law firm) carried out a research study with 460 senior decision makers working for SMEs in the UK and they discovered that 55% of small businesses had not heard of GDPR. When the rules come into law all businesses operating within the European Union (or working with businesses and public sector organisations within the EU) will have to adhere to these rules. They will be replacing the existing 1995 EU Data Protection Directive. The new regulations will see data protection law harmonised across Europe as well as providing greater rights and stronger protection for individuals.

A survey carried out by Yougov also showed that 38% of decision makers were not aware of the new rules nor the potential fines they may carry and that the main problem for SMEs is a lack of awareness. With a lack of awareness naturally comes a lack of preparation. The EU governing body for the regulation will not accept ignorance as an excuse and non-compliance with the regulations may result in a fine of €20 million euros or 4% of the company’s annual turnover, whichever is higher.

The first thing for SMEs is not to panic and to seek more information about how they may be affected by the new legislation, from articles by the ICO (Information Commissioners Office) or from speaking to a consultant that can help small businesses prepare for the legislation. There is often a move by many to pray on the fear of small businesses but bear in mind, this legislation has not been created to bankrupt small business but to harmonise existing legislation and protect the rights of our customers.

Major Differences

There are three major differences from the existing legislation that SMEs need to prepare for - changes in accountability and compliance, changes in an individual’s access to their own data and the introduction of GDPR fines. 

Accountability

When the regulations come into law your business will be more accountable for the handling of personal information. Ways to address this include implementing a data protection policy and creating documents setting out the process for how data is processed within the company. If you have collected personal information or information of a sensitive nature and this information is lost, destroyed, altered or there is unauthorised access to this data then you must report it within three days to the ICO and to the person the data is regarding. An individual in some scenarios must provide their consent to have their data stored and processed.

An individual’s right to their data

As well as providing organisations with new obligations, GDPR gives individuals greater power to access the information you store on them. Requests for the information stored on an individual will now be free of charge and businesses must be able to provide an individual with all the information stored on them within a month. Individuals will now also receive the right to be forgotten, where they can request to the information stored on them to be deleted if it is no longer necessary for the purpose it was collected, consent is removed by the individual to store it, if there is no legitimate interest and if it was unlawfully processed.

GDPR Fines

Having already gone over the fines above we want to reiterate that the purpose of the legislation is not to cripple businesses. Elizabeth Denham, Information Commissioner of the ICO, states that "We will have the possibility of using larger fines when we are unsuccessful in getting compliance in other ways, but we've always preferred the carrot to the stick".

We can help businesses prepare for the implementation by offering a GDPR audit and by providing training to your team to ensure you never let your customers down and never face these potentially severe fines. Please visit our website for further information.

Capital Allowances - what lies ahead?

This blog was previously published on LinkedIn on 12th December 2017.

Capital allowances rules are frequently seen as an unnecessarily complex tax relief. They recently came under tough criticism from businesses in the Office of Tax Simplification (OTS)’s review, entitled “Simplification of the corporation tax computation”. The OTS published a call for evidence and the consultation period has just closed. They aim to publish a report with recommendations in Spring 2018.

By way of background, capital allowances are the means by which businesses obtain tax relief for depreciation of fixed assets. Depreciation is not a permitted tax deduction when calculating corporation tax; relief is instead given in the form of capital allowances by allowing the businesses to deduct the capital allowances from accounting profit to calculate the taxable profit. The allowances can only be claimed on certain specified types of fixed asset, the main one being plant and machinery. There are specific rates of allowance for the different asset classes.

One of the OTS’s recommendations from the initial review was to replace capital allowances with a deduction for accounts depreciation so as to align the tax position more with the accounts, thus removing the need for separate calculations. This would also simplify deferred tax calculations.

As a result, the OTS announced a period of consultation to inform their review of whether it is feasible to replace the current capital allowances system with a depreciation based system. Such a change would remove the necessity to classify assets for capital allowances purposes, with the treatment of depreciation of tangible assets for tax purposes flowing directly from that calculated in the accounts. 

This is a subject which has been reviewed previously by the OTS. However it was found to be more complex to administer than the existing capital allowances regime. It remains to be seen what their recommendations will be this time round.

Although a depreciation based system would remove administrative burdens placed on companies to classify the assets when claims are made, there are various issues which need consideration:  

  • There will be a requirement for a more robust depreciation system which cannot be manipulated. This may include strict percentages for different types of assets and a restriction on changing methods of depreciation, for example, from straight line to writing down method, etc.
  • A further complexity will be buildings which may be depreciated over a long useful life, but which may contain assets of a shorter life which are eligible for capital allowances, for example, heating and ventilation systems. 
  • How will the existing capital allowance pools carried forward be written down in future years?  Will the write downs be claimed over a limited or unlimited period of time?
  • Deferred tax calculations will need to be reworked and will most likely distort the movement in deferred tax in the year of transition. Like the FRS102 transition period, we expect there will be a requirement for a recalculation of the deferred tax for a year or two prior to the year of transition, if time permitted this. 
  • There will continue to be a requirement to keep track of the depreciation on the non-qualifying assets to ensure no future relief is obtained on currently non-qualifying assets. 

There will be a need for a transition period which the OTS acknowledges but how this would be done will need to be addressed. 

French Duncan’s capital allowances team have extensive expertise in this field and can assist our clients throughout the capital allowances process. Replacing the current system, if the Government chooses to do this, will be a major step and our team will be well placed to guide our clients through the new landscape.

« Previous    1    2    3    4    5    6    7    8    9    10    11    12   13   Next »