Part 2 – GDPR Compliance. Health and Safety for Data.

Part 2 – GDPR Compliance. Health and Safety for Data.

OK it’s not the most riveting subject, but sometimes that’s life. To resume from last week, the issue is that by May 2018, all of us who have European clients or contacts and hold data, will have to be compliant with the EU General Data Protection Regulation 2016/679.

And to focus all of our minds, the fines which can be imposed on those whose lack of attention to the rules have contributed to a data loss, could close down our businesses entirely.

If we assume that the steps discussed in my Blog last week – link here – have been taken, then you have your Data Protection Policy written, and a Privacy Notice ready to give to each new client or contact.

So that’s all fine, but no business can operate in a vacuum. Imagine how many third parties are in the chain between Amazon, say, and its customer who has ordered a new watch. Banks, couriers, web search engine operators, third party suppliers, all need to be sharing some aspect of the data which has been given to Amazon.

In my own case, I use agents to attend Consular offices, and I use Couriers. And of course I cannot mend my own computers or set up my office network or website. So there are boffins who occasionally need to get inside my computer remotely. Which means of course that everything I store on it – absolutely everything I know about my clients – can be stolen if I let the wrong person have that access.

So next to protect yourself so far as possible, you obviously need to choose these people as carefully as you can. And in the modern world, after everything has gone wrong in spite of your best precautions then you will be required to document the basis upon which you have reached your final choice. I suspect that “we just googled the cheapest” will not cut it.

Therefore, you will be wise to create a “Policy upon Appointing Suppliers” document. Of course, that will be a rod for your own back, if having created the document, it turns out that one of your employees just “Googles the Cheapest” anyway. You need to ensure that every person in your business who can make deals with suppliers, reads the policy and acts upon its principles every time.

This can be the hardest part of the whole endeavour. If you have bright independent-minded work colleagues and employees, one of the most frustrating things a manager is faced with is getting them to behave in accordance with the policy in the manual. The phrase “herding cats” sums it up. It really will be necessary to refer to the data protection policies of your business as a routine item at every board meeting and team meeting to keep it in the forefront of everyone’s mind.

Industry has taken on board the responsibility it has to health and safety; now it really must give the same attention to the safety of the data it holds. Doing so will protect the financial health of your business.

Once you have your policy as to how to choose a supplier you will need to consider how to apply that policy in a particular case. Sometimes, businesses will consider that the specialist knowledge of the supplier is so far removed from their own that the best practical measure is to issue a questionnaire. At the least, you can seek the supplier’s assurance that it is aware of its own Data Protection responsibilities and has its own policies and measures in place.

The cynical will say that the whole thing is an exercise in CYB – Cover your Back. But honestly, even if everyone does have covering their own backs as the primary motive for compliance with the rules that’s not such a bad thing.

Same as driving within the speed limit, it doesn’t matter if the motive is to avoid fines and disqualifications – still the result may be that nobody died.

Every business is different so each one will have to come up with its own policies, rules and questionnaires, and decide for itself how many meetings to hold and how often.

But a most important point is, that everyone, repeat everyone, needs to be included in the process.

I imagine that a hacker would probably not try to scam data access from the Chief Executive Officer of your business. If your part time receptionist has a computer, then that is as good as the CEO’s computer, and it may be an easier task to scam access there. By, pretending to be “from IT” or whatever.

Vigilance as ever is the key and as I said last week, I am very open to ideas and suggestions from you. Do please get in touch and tell me how you and your business are facing up to GDPR for 2018.

And in the meantime, as ever – our message to you is, for documents for use around the world do contact me or Louise Morley here at AtkinsonNotary E7 Joseph’s Well Leeds LS3 1AB, phone 0113 8160116 and email notary@atkinsonnotary.com or via the website http://www.atkinsonnotary.com

 

 

Advertisements

Are We All Ready for Compliance With GDPR? I’m Not!

Are We All Ready for Compliance With GDPR? Oh, You Are, Are You? Good For You.

If you are all ready for GDPR, Feel free to leave the room.

For the rest of us, read on.

The deadline for compliance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is approaching, and Brexit will not save us.

On 25th May 2018 any business with European clientele needs to comply with the principles of the Regulation. Or what? you ask. A slapped wrist and a formal letter requiring you don’t do it again?

How does a fine of 20 MILLION Euro, or 4% of your turnover whichever is GREATER sound?

That’s going to make people take notice I think: speaking for myself, I am not too keen on dropping 20 million every few weeks.

Now I am not claiming expertise in these matters, I imagine that I am in the same boat as most of my readers who are in business and interact with clients on the internet. Which is, aware of the existence of the Regulation, aware of the need to comply with it, and a bit concerned as to how to go about that.

So if I share my thoughts with you, can I ask you to share with me please? Do please tell me how you are setting your own businesses up.

Seems to me, that the requirements at base are that each business must
1 Comply with the GDPR, and
2 Be able robustly to resist any suggestion that it has not done so.

Or to put in a different way, if challenged, or if any data is ever stolen from us, we must be able to show evidence that we have considered the requirements of the regulation, decided how best to comply, and actually complied.

The best, perhaps only, way to demonstrate this is to start from the position of having a business-wide DATA PROTECTION POLICY.

This is a document which does not need to be published or available on the internet for everyone in the world to read, but it needs to be agreed by the business, shown to all employees, available to all at any time. And once it has been prepared, it needs to be followed.

So whilst the document above does not need to be published, there is then a further document which very much does need publication. Every existing contact now, and then every new contact of the business, for whom you hold any data (so that’s all of them) needs to be made aware of their rights and your obligations in respect of those rights.

You need to issue this, the PRIVACY NOTICE.

This explains what data you will retain and how you will process it. It gives contacts the option of saying “I don’t agree” – in which case they can chose to go elsewhere. Much like the website boxes we all tick to say – I agree with your terms and conditions. What do you mean, you never read terms and conditions? Shame on you.

And in order to avoid that 20 million Euro fine, it would be handy to be able to prove that the Privacy Notice has actually been issued. The obvious way is to include it [or a link to it on your website] in every email sent from your business.

That still leaves the occasional contact who wanders into your office in person, or the person who has not yet joined the internet/email revolution. Yes, they exist.

Those people need to be handed written copies of the Privacy Notice, and ideally you might give them two, one to keep, and one to sign and return to you for your file.

Whether or not your Privacy Notice says so [and I would say it should do] your contacts will have rights – rights to view the data you hold, rights to correct mistakes in it, sometimes rights to have it erased. You need to understand what rights they have, so that you can implement them on request.

So if you do all that this week, come back next week for part two.

As I have said, I am learning this as I go, so if I am one page ahead of you, that’s fine.
If I am actually far behind you, do please drop me an email and help me to catch up!

And in the meantime, as ever – our message to you is, for documents for use around the world do contact me or Louise Morley here at AtkinsonNotary E7 Joseph’s Well Leeds LS3 1AB, phone 0113 8160116 and email notary@atkinsonnotary.com or via the website http://www.atkinsonnotary.com

Authenticating Your Educational Certificates – “Help please I am overseas!” Louise Morley Assists.

Authenticating Your Educational Certificates – “Help please I am overseas!” Louise Morley Assists.

Many clients email me from overseas requesting assistance in verifying, notarising and legalising copies of their English Educational Certificates i.e Degrees, Transcripts as genuine.

The main concern is that they are not in England and need to deal with this remotely – i.e by email.

This need not be not a problem – we can usually do this for you.

Upon hearing from you, we will contact the educational institution which has issued your certificate(s) – Degrees, Diplomas, Exam results etc, to confirm authenticity.

Each University and school will have a standard procedure which needs to be followed and they usually charge a small fee of around £10.

If you are already overseas then this is not an issue – we can deal with this remotely i.e by email.

The norm is that the University will require that the student sign a consent authorising them to release the verification details to us.

We will prepare any necessary consents and email them directly to you for signing and dating and scanning and emailing directly back to me if this is allowed, otherwise you may need to post the “wet signed” consent back to us.

Upon which country you require to use your notarised certificates depends the process which next must be followed – different countries have different requirements and it is our job to keep up to speed with the latest guidance for notarisation and legalisation – if you are unsure as to the requirements for notarisation and legalisation then why not ask the experts! (And that would be us by the way!)

An example of a country that does continuously change the process necessary to obtain their certification stamps would be The People’s Republic of China “PRC”.

Their strict guidelines must be adhered to. Not just one Authorisation needs to be provided but two! – Also if there is any discrepancy with your name listed on the certificate and the name listed in your passport [often we find that your University will have omitted your middle name from your Degree Certificate. Why do they do that?] then again the PRC will reject. They will require an Affidavit is prepared and sworn before a Notary confirming that the name discrepancy is an error and the certificate is yours.

Another example UAE – UAE will not have any bundling of documents whatsoever – so if you have a degree and a related transcript then you may think they both could be attached together to make one document thereby saving on legalisation fees as the UAE charge £37.50 for a private document and a whopping £500 for a commercial document – but no, the UAE will not accept any bundling – all documents must be separate. And separate fees must be paid.

All I am trying to say is don’t be worried. If you are overseas or of course, if you are in England, and you need your certificate(s) verifying, notarising and legalising for use abroad – then why not let me worry about the requirements and instruct me to proceed on your behalf?

As always, Please do contact me or Chris whenever you need Notarial certification or Legalisation for any of your Documents– at http://www.atkinsonnotary.com – or phone me on 0113 816 0116 (internationally 0044 113 8160116)

Power of Attorney and other Deeds for use in Foreign Countries

Power of Attorney and other Deeds for use in Foreign Countries

Probably the work we are asked to assist with more than anything else is the witnessing of the execution of Deeds of Power of Attorney.

It’s not surprising really. We are in Leeds, our clients are local, and they want to complete transactions abroad.

Realistically, unless you can afford the time and money which you would have to invest in going to the foreign country, and staying there until all of the necessary paperwork has been prepared and completed, you will have to appoint someone else to do the paperwork for you.

Usually, that will be a lawyer qualified and working in the foreign Country concerned.

Otherwise, it may be a friend of yours there , a relative, or a business partner .

Either way, you will have to execute a paper authorising that person to act on your behalf. “Execute” means in this context, sign it in the presence of a Notary Public .

Typical problems we come across on a regular basis include:-

The foreign party give a vague instruction to our client along the lines of “just sign a letter of authority”. Yeah, right.

If you go down this road, expect them to respond in due course along “Your letter of Authority is nearly right. But we can’t use it because ……..”

Really the best advice I can give is that if you are told from abroad to “just sign a short letter of authority” then you should say – Please draft the wording you need me to sign.

That way, your Turkish, Afghan, whatever agent must produce the form of authority which they require. And if they later say – “oh it’s not quite right” for any reason at all, then you are perfectly justified in saying – “Well, we signed the form you sent us, so if it’s not right, ok, but you will have to pay the wasted fees”.

There are many many rules and wrinkles which we in AtkinsonNotary are well aware of.

For Example, for Spain, sign each page. For Florida and California and India and Zimbabwe and South Africa, you need two witnesses as well as the Notary.

In Italy and South Africa, if you do not use black ink, your document will be rejected however correct it may otherwise be. Conversely, in Florida, you should use blue ink. Yes, I know.

And once the paperwork is correctly executed in England there is the question of legalisation.

For most countries of the world, a Foreign and Commonwealth Apostille is necessary. We can get this.

For many countries, the Apostille is not enough. For example, UAE will also require a consular stamp and currently a fee of £500.00 if there is a commercial aspect to the case.

There is increasingly a tendency for the Consular offices of different Countries to apply their own somewhat random rules.

China will need a certified copy of the passports of the signatories. And of the passport of a Company Director if any Company is the subject of the notarisations. It has recently decided to request two additional separate application forms to accompany each stamp application.

Bolivia needs every non-Spanish language document to be accompanied with a translation into Spanish, and the Consulate will charge for each. It is cheaper therefore to ensure that each Bolivian paper is written in two columns, one column being the Spanish text.

The Dominican Republic needs a Spanish translation or else the Consulate will prepare a translation and charge you for it.

Angola needs all of the above and will still reject the document if the translated languages are sewn into the document in the wrong order, – The Portuguese text must always appear first.

So there you are. It’s easy if you know what to do. [And we do] And it’s impenetrably difficult if you don’t.

What can I say? Come to AtkinsonNotary and we will sort your documents. First time, no hassle. Honestly, you will thank us for it. See the testimonials on the AtkinsonNotary website, and our Google reviews. Every one 5 star. [Tempting fate? I hope not].

Well if we don’t blow our own trumpet, who will?

So the song this week – In a Foreign Land.

As always, Please do contact me or Louise whenever you need Notarial certification or Legalisation for your Documents– at http://www.atkinsonnotary.com – or phone me on 0113 816 0116 (internationally 0044 113 8160116)

We Can Certify Company Papers.

We can certify your Company Papers.

As a Notary in England assisting Companies with interests abroad, I have a fund of cases which highlight the problems which can arise in certifications for use in foreign Countries.

L. P. Hartley said – “the past is a different country, they do things differently there”

Well AtkinsonNotary can certainly tell you, that a foreign Country is a foreign country, and Eee by gum they do things differently there.

Perhaps the biggest disconnection between the UK Company Culture and that of other countries, might be between us and former Eastern Bloc countries, in respect of the matter of Companies House recorded information.

In former Soviet Russia and its satellites, the State required to know and authorise everything. So, the State would be in a position at any time to say who were the authorised Directors of a Company.

And to say, whether the Company has a licence here and an accreditation there.

To Say, whether the Company has a recorded criminal conviction.

To say, whether or not the Company has paid all tax due and to issue a certificate that it has. 

To say, whether a company is insolvent.

The idea that this is possible remains the mind-set in these countries.

Contrast and compare. Some of the above can be easily ascertained from Companies House in England. But, much of it cannot.

For example the suggestion that the English tax office will issue a certificate that ABC Limited has paid all taxes due from it up to date – is a non-runner. Quite the opposite in fact, the HMRC reserve the right to investigate a Companies Tax affairs retrospectively after many years.

And yet, if you are putting in a tender for work in Poland, you will be asked to provide such unobtainable certification.

A second example. In many foreign States, application is made to the State for the right to become a Director. The State approved you, and you are appointed. So, the State will always know the names of the Directors of a Company.

In England, the Company decides who it will appoint as Director. And once it has done so, those persons are Directors. And then Companies House should be told. But if the Company Secretary takes ages to tell Companies House then it won’t know. But the Directors are still the Directors.

The situation therefore is that Companies House here in England is not the source of authority, but in effect is merely an office which records what it has been told. Re-active, not proactive.

Recently, Companies House has decided to discontinue revealing the information it has as to the holders of a Company’s shares. This is a problem when the bureaucrats of, say, Azerbaijan are demanding certification of the identities of the company’s shareholders and the number and value of shares held. Sometimes the only information available is to be found from Company returns which may be over a year old.

This is the kind of anomaly which can be warranted and explained and “made all right” by a thorough Notarial Certification. We are here to help.

At AtkinsonNotary we are subscribers to Companies House Direct which is a paid-for service, rather than the free Companies House website. The latter whilst increasingly reliable has in my experience occasionally revealed gaps in Company narrative. The paid service also enable instant ordering of certificates from Companies House when available.

In respect of Companies House certificates, I would seek to suggest to Company secretaries that when these are required to be obtained and Notarised, it will save you time and money if you ask me to Contact Companies House to obtain them direct.

It will save time because I can order them within minutes of your contact and receive them the following day.

It will save money because, having ordered the Certificate and received it direct from Companies House, there is no need for me to contact Companies House to ensure that the certificate received is genuine, as I would otherwise be required to do. [Not that I don’t trust you, mind!]

For wrestling with foreign Company requirements, and for documents for use around the world do contact me or Louise here at AtkinsonNotary E7 Joseph’s Well Leeds LS3 1AB, phone 0113 8160116 and email notary@atkinsonnotary.com or via the website http://www.atkinsonnotary.com