From 1st February 2016, courts will have new powers to impose higher fines on organisations that breach health and safety legislation. The change is in response to a perception that penalties were previously too low. The new guidelines apply to all health and safety and corporate manslaughter cases.

The level of fines for health and safety offences depend on the size of the offending organisation:

  • Up to £10 million for large organisations (£50 million+ turnover)
  • Up to £4 million for medium-sized organisations (£10-£50 million turnover)
  • Up to £1.6 million for small businesses (£2-£10 million turnover)
  • Up to £450,000 for micro-businesses (£2 million or less)

The level of fine applicable depends on two factors: the level of harm caused and the degree of culpability. Culpability ranges from low, in which the offender is regarded as having met their health and safety obligations, to very high, in which there has been a deliberate breach of the law, or a flagrant disregard.

These higher penalties are a good reminder that health and safety should not simply be a box-ticking exercise, and that doing the bare minimum in this respect could have dire consequences. Taking health and safety seriously is clearly a sensible approach to keeping employees safe, but it also provides evidence that may help to reduce the level of culpability in the event of an accident.

Now is a good time to check that your health and safety policies are up to date, in compliance with all relevant legislation and applicable to all of your business activities. For example, have you introduced any new services or products that involve new working practices? Are these processes covered by your policies? Are your risk assessments up to date? Do you have any new machines, tools or vehicles that are not covered by risk assessments? Has equipment been inspected and tested recently? Are your new joiners made aware of your health and safety policies – and given all the training they need to stay safe?

Test your own health and safety policies

One way to evaluate your own health and safety setup is to imagine that someone has been injured at work and you are having to answer a magistrate’s questions. Firstly, consider what sort of accident might occur. What could your organisation have done differently to mitigate the risk? What would interest – or concern – the magistrate? Where do the gaps in your safety systems exist? What aspects of your activities would you have difficulty in explaining?

If you consider these questions you may quickly find that you have areas of concern, or risks that are not being addressed. And as magistrates now have the power to levy crippling fines, the time to address these concerns is now.

About VinciWorks

Our eLearning courses are available either as off-the-shelf packages, or can be customised to suit the needs of your business. With our eLearning packages you can easily provide the mandatory health and safety training that your employees need, and enjoy the peace of mind that comes with the audit trail of course completions.

Our health and safety eLearning courses include:

  • Risk Assessment
  • Manager’s Overview of Health and Safety
  • Slips and Trips
  • Manual Handling

So you’ve implemented a new data protection policy, trained your employees, and you’re confident your business is now in compliance with data protection regulations.

You might think your work is done, but if you stop there, you’re missing out on a golden opportunity to turn your data protection policy into a competitive advantage.

Privacy has never been more important to consumers than it is today, and with the number of high profile data breaches in the news and the impending General Data Protection Regulation, it’s only going to become more important.

In today’s privacy-conscious marketplace, data protection is about more than compliance – it’s about trust. So, what can you do to make the most of this marketing opportunity? Here are our tips:

1. Make information on how you handle data easily available on your website

This is the absolute minimum you should be doing nowadays. Customers want to know what data you’re collecting and why – and you’re legally obliged to make this as transparent as possible.

A terms and conditions page may help you comply with data protection regulations, but clear, prominent messages explaining why you collect data and how it helps you deliver your services will boost consumer confidence in your business.

2. Make it clear what data you’re collecting and why WHENEVER you collect it

Many websites today ask for permission to store cookies, and paper forms have included consent checkboxes for years, but data protection should ideally be part of the conversation during every transaction whether via your website, email, social media, over the phone, or in person.

By always telling customers what data you’re collecting and why, you’ll not only ensure compliance, you’ll also demonstrate how seriously your business takes data privacy and earn the trust of your existing and potential customers.

3. Get consent for anything data will be used for

It’s your responsibility to check that individuals have consented to be contacted by you before you make contact, but this is the minimum you should be doing to earn the trust of your customers.

The proposed General Data Protection Regulation states that explicit consent will need to be obtained for any potential use you’ll make of data – an excellent opportunity to make it absolutely clear how the data you collect helps your business to deliver the best service it can.

4. Be clear about how consumers can opt out and have their data deleted

It’s a legal requirement that businesses allow customers to have their data removed, but many businesses fail to make this process clear – perhaps out of fear that too many customers will avail themselves of the service.

This is counterintuitive when it comes to gaining trust, and in the long term will cost you customers who are suspicious of giving away personal information to a company they don’t have confidence in.

5. Create a data privacy culture among employees

Every employee should receive training in data privacy issues, but it’s especially important for those facing privacy-savvy customers. Expect your staff to face some tough lines of questioning about your data protection policies in the future, which may even be the difference between making and losing a sale, especially when it comes to larger companies.

Being able to explain your processes clearly and demonstrate that data privacy is part of the culture will prove your business can be trusted with the customer’s data before they even need to ask the question.

6. Make sure the customer journey is fluid, especially where their data is involved

Your customers expect you to be well organised and in control, especially when it comes to their data.

Whenever a customer has an enquiry, your employees should use the necessary access controls, such as security questions, to verify who they’re speaking to. Once verified, make sure your employees will be able to easily find what they need – you don’t want customers thinking you don’t know what you’re doing, especially when it comes to their privacy!

7. Respond accordingly in the unfortunate event you suffer a data breach

If you’ve done everything you can to create a data privacy culture, then it’s unlikely you’ll suffer a data breach – but if you do, how you respond could be the difference between irreparable damage to your reputation and a minor blip.

Contact everyone who may have been affected immediately. If customers find out you tried to keep a breach quiet, your reputation will be ruined. As part of your response, put as much resource as you can into offering support services and helping customers to take any steps necessary to secure their privacy.

What VinciWorks offer

If you’re looking for a cost effective way to create a data privacy culture then consider VinciWorks’ Compliance Essentials eLearning courses or our introduction to Data Protection eLearning courses. Delivered online and accessible on computers, tablets and mobile phones, our compliance eLearning courses enable you to shape organisational culture and generate an automatic training record for audit purposes.

Compliance with data protection regulation is often seen as a bane of the IT department’s life, so it’s no surprise that efforts are sometimes focused solely on meeting the minimum legal requirement as quickly and easily as possible.

Regulations can feel like barriers that get in the way of doing business, but there are benefits of creating a data privacy culture that go far beyond compliance.

So, apart from avoiding legal repercussions and fines – which could be up to 4% of global annual turnover once the General Data Protection Regulation (GDPR) comes in – what other benefits might businesses expect?

1. A data privacy culture gives you a competitive advantage

When choosing which businesses to deal with, customers increasingly want to know their data is in safe hands.

Full transparency around the data you collect, what it will be used for and how customers can control it will be one of the core requirements of the GDPR, and customers will look elsewhere if businesses don’t win their trust.

By being one of the first to implement a transparent data privacy culture, you could make the difference between which leads to a potential customer choosing you rather than a competitor.

2. You will (by necessity) develop a better understanding of how your data is used

To be transparent around how your business processes data, you need to have develop an in-depth understanding, including identifying every point at which data is captured, where it is stored, how it is accessed, and how it is destroyed.

Getting to grips with all of this may require initial effort in defining and redefining processes as well as employee training, but will pay dividends in the long run.

Better organised, more centralised and more accurate data makes streamlining processes and meaningful analysis possible and far more straightforward that if your data culture is a free for all.

3. Good data handling builds trust among employees

One of the main focuses of the GDPR is to empower consumers regarding the data businesses hold on them, and the discussion around this has increased widespread awareness of data privacy issues.

Data privacy has therefore become as much an ethical issue for your employees as a legal one. They’ll want to know the business they’re working for respects the privacy of consumers in the way they want demand their own privacy is respected by companies they purchase from.

Implementing a data privacy culture will therefore make your best employees more proud to work for you – and more likely to stay.

4. Your business will be more secure

Though it can sometimes feel like it, data protection regulation doesn’t serve solely to meet the best interests of consumers. Compliant businesses are protected in equal measure, and implementing a data privacy culture makes businesses far less vulnerable to cybercrime.

Why? Because all of the processes, policies and training required in creating a data privacy culture strengthen the biggest data liability in your business: your employees. The vast majority of data breaches are caused by individual errors, some of which are unforced, and some the result of hackers exploiting the naivety of employees through techniques like phishing and social engineering.

Embedding a data privacy culture is the surest way to secure your business against these threats at the same time as complying with data protection regulation.

How VinciWorks can help

Our Compliance Essentials Suite is a cost effective training solution for creating a data privacy culture. Compliance Essentials includes a number of information governance eLearning courses covering data protection legislation, records management and information security.

Compliance Essentials also includes delivery through our Astute eLearning Platform and all courses are regularly updated to reflect changes in legislation and best practice at no extra cost – so when the General Data Protection Regulation is in place, subscribers will not need to budget for additional training.

Updated Tuesday, August 30, 2016

In April 2016 the EU General Data Protection Regulation (GDPR) was signed into law by the European Union. It will take effect in all member states two years after its formal adoption.

The regulation represents the most significant global development in data protection law since the EU Data Protection Directive in 1995. A “regulation”, unlike a “directive”, will be applicable in all EU member states without the need for national legislation. The regulation’s aim is to harmonise data protection law across all member states. It will supersede the UK Data Protection Act.

The changes are designed to make sure that people’s personal information is protected – no matter where it is sent, processed or stored – even outside the EU. They will give people more control over their own personal data. Continue reading

A recent study conducted by GoCompare.com found that nearly a fifth of workers would rather sell their holiday entitlement back to their employers than take a break. However, 68% of the respondents surveyed said that they valued time over money, and a study conducted by Oxford Economics last year concluded that well-rested employees boosted workplace productivity and morale significantly.

“Time away from work and proper rest are important, so working more and having fewer holidays is unlikely to be a long term recipe for success for most people,” said Ella Hastings from GoCompare.

Adam Sacks, president of the Tourism Economics division of Oxford Economics adds: “It is a misconception that employers are ahead of the game when workers don’t use the time they’ve earned. Leaving earned days on the table harms, not helps, employers by creating a less productive and less loyal employee.” Research conducted by Alertness Solutions backs him up: it found that a break from the office can result in an 80% increase in employee performance, with reaction times improving by 40%.

So it’s clearly in your interests for your employees to feel comfortable taking a well-deserved break, but, in a study carried out by TravelSupermarket.com, the pressure of work was cited as the main reason employees fail to take their annual leave entitlement. A further 9% reported feeling guilty that a colleague would have to take on extra work during their absence.

So what can you do to encourage your employees to take their full holiday entitlement?

Some employees feel stressed not because they are overworked, but because they have never developed good time management skills to help them cope. For example, employees may not know how to prioritise their tasks, how to minimise distractions, or how to delegate tasks to appropriate colleagues. If employers can help their teams to develop these essential skills, employees can manage their work more successfully and feel more confident about taking breaks and holidays – which in turn boosts long-term productivity.

Creating a clear plan for cover will allow employees time for a handover, and also provide fair warning for those who may need to pick up extra tasks for a week or two.

Ensuring that goals and deadlines are both reasonable and clearly communicated in good time will assuage fears of nasty surprises on the eve of a holiday – or upon return to the office.

Finally, maintaining a culture of wellness and communicating that employees are encouraged to recharge their batteries will encourage individuals to use their holiday entitlement.

Home working is becoming more and more popular, as technology makes it more feasible and more employers become convinced of the benefits of flexible working. Many employers find that allowing home working can increase employee retention, widen the pool of potential applicants (particularly among those with physical disabilities), and provide financial benefits by allowing companies to operate from small or remote premises.

Many employers report improved performance from home workers. Not only are they free from a commute and the distractions of an office, they are often motivated to improve their productivity. According to a study conducted by the University of Illinois, “telecommuters want to be seen as ‘good citizens’ of the company in order to justify their flexible work arrangements.”

However, it is essential to keep in mind that you are responsible for the health, safety and welfare of your home workers, even though they are not working from your premises. You have an obligation to carry out a Health & Safety Risk Assessment on the home worker’s premises, and to ensure that any requirements of your Employers’ Liability Insurance are met.

Employers must also:

  • ensure that the equipment the home worker uses is fit for purpose
  • test, certify and maintain any electrical equipment you provide (such as a company laptop)
  • ensure that lighting levels and computer glare are at appropriate levels – and don’t forget that home workers are also entitled to an eye test paid for by their employer
  • reduce the risk of trips and falls by ensuring home workers tidy away loose cables
  • provide adequate training to allow the employee to work safely
  • create an emergency plan so that the alarm can be raised and medical attention sought without delay
  • maintain appropriate records of serious accidents, illness or injuries.

It is also important to properly assess potential home workers to ensure that they don’t have a medical condition that would make it unsafe for them to work alone, and that they aren’t assigned tasks that should not be undertaken unaccompanied.

You can find more information on your health and safety obligations for homeworkers at the Health and Safety Executive (Homeworkers).

Less than a year remains before the SRA’s new approach to continuing competency becomes mandatory. This webinar will demystify the regulations for solicitors, compliance officers, L&D departments and managers.

Are you debating when to adopt the new approach?
After this webinar you will have a clear understanding of the tools and next steps required for a successful transition. The webinar will include:

  • Best practice
  • Case studies
  • SRA guidance
  • Practical advice

Watch the course now

This recording is provided free of charge. If you found it valuable, feel free to forward it to a colleague.