Is your business GDPR ready?

Is your business GDPR ready?


GDPR Key Changes

Here is an overview of the main changes under GPDR and how they differ from the previous directive.

​The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR as well as information on the impacts it will have on business can be found below.

Increased Territorial Scope (extra-territorial applicability)
Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. Previously, territorial applicability of the directive was ambiguous and referred to data process ‘in context of an establishment’. This topic has arisen in a number of high profile court cases. GPDR makes its applicability very clear – it will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU.

Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

The conditions for consent have been strengthened, and companies will no longer be able to use long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​

Data Subject Rights

Breach Notification

Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.

Right to Access

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects. Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.

Data Portability

GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format‘ and have the right to transmit that data to another controller.

Privacy by Design

Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At it’s core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. More specifically – ‘The controller shall..implement appropriate technical and organisational an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing.

Data Protection Officers

Currently, controllers are required to notify their data processing activities with local DPAs, which, for multinationals, can be a bureaucratic nightmare with most Member States having different notification requirements. Under GDPR it will not be necessary to submit notifications / registrations to each local DPA of data processing activities, nor will it be a requirement to notify / obtain approval for transfers based on the Model Contract Clauses (MCCs). Instead, there will be internal record keeping requirements, as further explained below, and DPO appointment will be mandatory only for those controllers and processors whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences. Importantly, the DPO:

  • Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices
  • May be a staff member or an external service provider
  • Contact details must be provided to the relevant DPA
  • Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge
  • Must report directly to the highest level of management
  • Must not carry out any other tasks that could results in a conflict of interest.​

Information from the website.

by 10 Apr 2018
Spring Statement 2018

Spring Statement 2018


VAT and tax

The government has started a consultation on changes to VAT system following an Office of Tax Simplification report last year which said that some entrepreneurs don’t grow their business because of the tax impact when they reach the £85,000 VAT threshold.

Possible measures include a gradual introduction of 20% VAT above £85,000.

The government is also seeking evidence on how online marketplaces can help people who sell products through online platforms such as Amazon and eBay pay the correct announce of tax.

Hammond said the government is investigating a new “VAT collection mechanism to ensure the VAT consumers pay actually reaches the Treasury”.

Business rates

In the 2017 Autumn Budget, it was announced that business rates revaluations will take place every three years, rather than every five years, following the next revaluation in an effort to “make bills more accurately reflect the current rental value of properties”.

The Spring Statement announces that the next revaluation, due in 2022, will be brought forward to 2021. “This will mean businesses can benefit from the change to three-year revaluations earlier, with the first taking place in 2024”, the government said.


The government will release £80m to help small businesses recruit apprentices.

Late payment

Philip Hammond announced a review into the “scourge of late payment”.

Skills and training

Measures are being explored on extending tax relief for training by employees and the self-employed to support upskilling and retraining.


The government is to investigate measures to “understand how best to help the UK’s least productive businesses”.

Human capital and the economy

The government has tasked the Office of National Statistics with working “on a better assessment of human capital, so investment can be better directed”.

Digital payments

A consultation has been launched on “cash and digital payments in the new economy”.

It will explore “how the government can support digital payments and ensure that the ability to pay by cash is available for those who need it, whilst cracking down on the minority who use cash to evade tax and launder money.”

Entrepreneurs’ Relief

The government has announced a consultation on changes to Entrepreneurs’ Relief “to ensure that it does not discourage entrepreneurs from seeking external finance for their companies”.

At present, entitlement to the special 10% rate of capital gains tax may be lost when an entrepreneur’s company issues new shares and as a result, causes their personal stake to fall below 5%.

The government proposes allowing an individual in this position to elect to be treated as if they had disposed of their shares and reacquired them at their market value just before the time the company issued new shares.

This article appeared on the Enterprise Nation website on the 13th of March 2018

by 14 Mar 2018
No more surcharges for debit and credit card payments

No more surcharges for debit and credit card payments


Credit card payment at terminal in shop


On the 13th of January some important changes were introduced to rules on credit cards and access to financial information, which could affect small businesses. Here are the things you need to know about if you’re a business owner.

It’s going to be illegal to charge customers for paying by credit or debit card

Any business that accepts card payments will fall under the remit of a change in the law, which will prevent adding a surcharge if a customer pays by debit or credit card. This includes both online and physical transactions as well as applying to public agencies.

Corporate, business and commercial debt cards are excluded by the new legislation.

Why is it happening?

It’s because of something called the European Payment Services Directive 2 (PSD2) comes into force, which includes a ban on surcharges for card transactions.

The Second Payment Services Directive (PSD2) is a piece of European legislation that requires payment service providers (PSPs) to make changes to existing operations. The new legislation follows on from the 2013 rules, which banned businesses from charging more than it cost them to process the payment.

As part of the new legislation it will be illegal for any business to charge extra for using a debit or credit card anywhere in the EU.

Can I still have a minimum spend for someone paying by card?

As businesses have to pay the bank when a customer uses a card, many make the decision to put in place a minimum spend, below which card payments will not be accepted. This will not be illegal under the new legislation and so businesses can still do this.

You won’t be able to pay your tax bill with a personal credit card

The UK’s tax agency, HMRC, has decided not to accept personal credit card payments as they now consider them too expensive to process.

What does HMRC’s decision mean for my business?

With HMRC now refusing to accept personal credit card payments, businesses will have to use one of the following methods of payment when paying their tax:

  • Direct Debit
  • Faster Payment
  • Bacs

The alternative is to use a corporate, business and commercial cards and debit cards which aren’t affected by the new legislation. Beware that you will be subjected to a surcharge if you choose to pay this way.

It’ll be easier to compare financial products… but your data will go to more people

In August 2016, the Competition and Markets Authority (CMA) issued a ruling ordering the nine biggest UK banks to allow licensed startups direct access to their data, right down to the level of current account transactions. This has led to the creation of Open Banking which enables personal customers and small businesses to share their data securely with other banks and with third parties. This will allow you to compare products and manage your accounts using regulated third parties to provide new and innovative payment services.

How does Open Banking work?

Open Banking will enable companies to give more accurate personal financial guidance, tailored to your particular circumstances and delivered securely and confidentially.

To be able to provide tailored advice for your business, companies need to know how you use your account. Currently, to get personal finance guidance, you have to give over all of your confidential banking information.

With Open Banking, approved companies will be able to see your transaction information and this can help them find the best account, or loan, that suits you and your business.

What third parties have signed up?

In order to be able to access Open Banking, companies must be regulated by the Financial Conduct Authority. This means that your data isn’t available to just anyone. You have to give consent before any third party can access your banking data. If you don’t want your provider to share your data with third parties, nothing will change from how it is at the moment.

All data passed between companies will be encrypted and protected.

The list of approved companies can be found on the FCA register.

SOURCE: The Federation of Small Businesses (FSB)


by 15 Jan 2018
What will be The Colour of 2018?

What will be The Colour of 2018?


Are you planning a new design for your website, product packaging, interior design or fashion and wonder what will be the colour of 2018? Well, probably you can guess from the picture that, indeed, the colour of 2018 will be Ultra Violet (Code 18-3838) according to Pantone, which is a fabulous new shade of purple.

Why this particular purple? It appears that Pantone’s new distinctive blue-based purple hue was created in honour of international icon, Prince, and was inspired by Prince’s custom-made Yamaha purple piano which was originally scheduled to go on tour with the performer before his untimely passing at the age of 57. Prince’s association with the colour purple was galvanised in 1984 with the release of the film Purple Rain, along with its Academy Award-winning soundtrack featuring the eponymous song. Paying tribute by developing a special purple colour for this globally renowned talent known worldwide as “The Purple One” seemed only right and a way for his artistic legacy to live on forever.

Pantone describe this new purple shade as a colour that is a combination of the excitement of red and the tranquility of blue making it in essence the marriage of two diametrically opposed emotions. Conveying an aura of mystery, intrigue and unconventionality, this colour will definitely stand apart from all others in the year to come.

As packaging design becomes more sophisticated, Ultra Violet offers complexity and nuance that appeals to our desire for originality in all that we touch. Similarly, in graphic design, Ultra Violet resonates with this dynamic medium through its multi-dimensional feeling. Shades of Ultra Violet are increasingly used in packaging and graphic design by forward-looking brands in the CPG, luxury, and beauty worlds as well as by personalities and artists seeking to stand out.

On the runway or the streets, Ultra Violet is an enchanting purple that provides a theatrical linkage for both men’s and women’s styles. True to the coupled nature of Ultra Violet, created by combining red and blue, Ultra Violet lends itself to unique color combinations in fashion and is easier to pair with all colors on the spectrum than one might think. With golds or other metallics, Ultra Violet becomes luxurious and dazzling; with greens or greys it evokes natural elegance. Similarly, Ultra Violet takes on distinct appearances with different materials. Lush velvets in the color suggest intrigue for evening, but are also unexpectedly modern in athleisure or sneakers. In accessories, jewelry, and eyewear, Ultra Violet suggests the complexities of natural gems, textures, and florals.

Ultra Violet becomes spell-binding and steeped in spirituality in beauty to create expressive looks for all. The complex and deep nature of the color is well-suited for beauty looks created by combinations, blends, and ombres. A singular matte purple on the lips or nails makes a bold statement of non-conformity, while softly blended metallics and shimmers in Ultra Violet transform the eyes into windows to the cosmos. Purple shades in hair continue to elevate street styles as a symbol of creative expression. On the palette for every beauty medium, Ultra Violet complements and emboldens every other color, adding complexity and mystery.

In interiors, Ultra Violet can transform a room into one of extraordinary self-expression, or conversely its polish can tone down a room with subdued, modern pairings. Adding spice and brightness, Ultra Violet calls attention to a tufted couch, piece of art, or accent wall. As a color that can take you in so many directions, Ultra Violet makes a statement in any space, whether it’s one of tradition and elegance or unexpected boldness. In hospitality, we are seeing purples like Ultra Violet take center stage in interior spaces as large and small hotels harness color and design to entice travelers and stay relevant.

How to Use the Pantone Colour of 2018

Pantone have created eight different colour palettes that feature PANTONE 18-3838 Ultra Violet to help you bring this year’s special shade into your designs. All colour bases are covered; brights, deeper hues, pastels, mid-tones, and metallics. With Ultra Violet as a versatile trans-seasonal and gender-neutral anchor in every palette, each of the eight palettes conveys its own distinctive feeling and mood and can easily cross-over fashion and accessories, beauty, home interiors, and graphic design applications.

To further inspire your creative juices, within each of these eight colour stories they have also included three suggested colour harmonies. The colour harmonies provide you with examples of how individual colours in the palette can be mixed together and in what proportion or measure. The uniquely developed colour bars which make up the colour harmony accompany each highlighted colour story.
We also strongly encourage you to explore each of these eight palettes on your own. Create your own combinations. Develop your own individualized color mixes. Imagine and invent. Experiment and express. And most importantly, have fun. There has never been a better time to be original and leave your very own colorful mark on the world.


by 9 Dec 2017