Ensure GDPR compliance with these top tips

As of late, the General Data Protection Regulation, (GDPR), has been all any business has been able to focus on. It has been in effect for just shy of two months now and is a strict set of rules which mandate robust, tough data protection for everyone within the EU. It has caused a real rush of planning and organisation where businesses have had to make big changes to become compliant with these laws, in doing so, avoiding hefty fines and subsequent reputational damage.

At first, GDPR comes across as very complex and the very idea of staying compliant is hard to fathom. It is important to remember that GDPR is not just a “one-off” change. It is a constant evolution of data security, so attention must be paid, and an organisation’s approach to GDPR should be consistent and constantly maintained. Cut through the noise and ensure your company’s complete compliance by following the tips below:

  • Choose the Right Compliance Solution:
    Tying each of the below points together into one solution, is the right compliance solution. At Kaseya, we offer a wide range of solutions which address the new GDPR and are integrated solutions tailored to each business’s needs. Our suite of IT Complete solutions helps to keep your organisation safe, secure and compliant.
  • Conduct a Gap Analysis and Compliance Assessment:
    A gap analysis is a useful way to show exactly where your organisation is already in compliance, revealing existing compliance programme trends within the company as well as highlighting which areas need work and steps that must be taken to ensure complete adherence. This analysis can provide the foundation for a complete compliance assessment and ultimately, a compliance plan. The compliance plan will define what is good and working, and will also recommend specific improvements.
  • Shine a Light on Shadow IT:
    Examples of shadow IT include Dropbox, Skype and Evernote, which are applications, systems and hardware that are used by individuals without company support or sanction. They pose significant compliance risks. If an individual is using a system that you don’t know about, to store or transfer data that comes under GDPR, this puts the company at risk of a breach. Internal policy should be clearly communicated throughout the organisation, as well as keeping a record of doing so. Employees should continuously be educated to be aware that they should not be using these systems without company approval.
  • Understand the Role of Automation:
    To manually perform every IT task required to achieve full compliance would be incredibly hard and open to human error, and in some cases, even impossible due to the sheer size of the organisation. Automation of these IT tasks is critical to ensure that they are all completed correctly. Automation is the right platform to complete repeatable processes efficiently and makes sure that updates, patches, etc. are applied to all devices, tracked and reported on. This provides greater security and ensures the easier maintenance of GDPR networking.
  • Consider the Reach of your RMM Solution:
    Remote Monitoring and Management (RMM) solutions are a critical compliance tool. This enables admins to consistently monitor and remediate applications, workstations, servers and remote devices. It’s important to implement the right RMM solution for your environment to ensure that IT professionals are informed should issues arise or in case there is a change in the system status which could indicate a potential breach.  RMM systems also have the potential to automate common security related IT tasks, reporting them when completed.
  • Practise Proper Patch Management:
    To properly prevent cyber-attacks and data breaches whilst simultaneously proving compliance requires the addition of patch management. A patch management solution should automatically update servers, remote computers and workstations with software and patches, which can also include operating system fixes. This is a crucial yet challenging task for those that rely on manual IT means, so automation of patch management is a simple, efficient way of ensuring this is carried out correctly.
  • Deploy an Anti-Virus or Anti-Malware Solution:
    To completely ensure full GDPR compliance, all endpoints must be protected, and that protection must always be up to date. The right protection deployed across your entire system will maximise defences against malicious software and will work to eliminate any incursions that lead to damaging data breaches. These solutions are packed full of robust, network protecting features, can spot threats early, and can be automated to install security updates throughout your infrastructure.
  • Harden Protection Through 2FA/MFA:
    Single sign-on (SSO), two-factor (2FA) and multi-factor authentication (MFA) are each a key tool in controlling who has access to data on your network, and perfect for monitoring and securing confidential documents and information. MFA and 2FA means the end user has to verify their identity in two to several different ways before being granted access. IAM includes centralised credential management, policy-based rules and SSO for end users, which has the potential to keep all internal systems compliant. Each of these are crucial tools in access management which work to keep your entire network compliant.
  • Secure Mobile Devices:
    Mobile devices are often overlooked in the world of GDPR compliance but in fact, they should be as compliant as their desktop counterparts. Applications can have offline functions which means that any data transferred via that app, will also be stored locally on the device which can fall outside of your network’s security, breaching your GDPR guidelines and leaving this data at risk. This means that all apps, both supported and shadowed, should be reviewed regularly to minimise risk.
  • Decommission Devices:
    Any type of device that is lost, or stolen, should be decommissioned immediately to prevent anyone else from procuring confidential company data through it. The same policy should apply to equipment belonging to ex-employees, particularly when an employee has been terminated. There should be a protocol put in place where your IT department can quickly and completely deactivate a user, removing all their permissions to the network. Another part of the decommissioning process is that of data destruction, the correct WEEE protocols must be followed to make sure the data is fully destroyed and untraceable.

Finally, it is crucial to stay up to date with changes in GDPR to ensure your constant compliance, once the initial changes have been made, the maintenance is generally not as demanding.

Top 10 tips to get your finances in shape this summer

When it comes to money, it is easy to get so entangled in the jargon that you lose sight of basic sound finances.

For most of us, wealth is built slowly. It requires some straightforward planning: putting aside regular savings, using the available tax wrappers and protecting assets you cannot afford to lose.

If you need help with your finances, below are some pointers on important steps to take, and a few pitfalls to avoid, along the road to a healthy financial future.

Start an ISA

ISAs are a simple way to protect your savings and investments from tax. Everyone can save up to £20,000 into an ISA per year in cash or stocks & shares, or a mixture of both.

If you have a cash ISA, you won’t pay any tax on the interest you receive, while for stock market investment ISAs, there’s no capital gains tax to pay when you sell your holdings or on any income you receive.

Contribute to a pension

As of 6 April 2018 the full flat rate state pension is £164.35 a week, but this is unlikely to be sufficient to cover all your needs.

It’s important to think about how much money you will need once you stop working. Once you have an idea what your target income should be, review your planning each year to check if you are on target to reach your goal.

For every £1 you pay into a pension, the government pays in an extra 25p. If you are a higher rate taxpayer, then an extra 25p is available through your annual self-assessment. Once your money is invested, it can grow free of capital gains and income tax.

You can contribute 100% of your salary, up to a maximum of £40,000 (your annual allowance). If you haven’t used your annual allowance in the previous three years, you can carry this forward.

Use your allowances

As of 6 April 2018, unless you earn over £123,700, you have a personal allowance of £11,850 – the amount of money you can earn before you pay any income tax.

Unless you’re an additional rate taxpayer, you also have a personal savings allowance, which is the amount of income you can earn on your savings before tax. This is £1,000 for basic rate taxpayers and £500 for higher rate taxpayers.

You also have a dividend allowance where you can earn up to £2,000.

If you’ve made a gain on investments held outside of an ISA or pension, then you can make use of your capital gains tax allowance (£11,700) to realise some gains tax-free. If an asset is held jointly with a spouse, both can use the annual allowance against the gain, effectively doubling the tax-free amount.

Avoid the 60% tax trap

Once your income reaches £100,000, your personal allowance is reduced by a rate of £1 for every £2 of additional income until it reaches zero. This means earnings between £100,000 and £123,700 are effectively taxed at 60%.

You can reduce your income by making a contribution to a pension or donating money to a charity that is eligible for gift aid. HMRC deducts gross pension contributions and charitable donations from the total of all your income when it checks how much your personal allowance should be.

Split assets between married couples / civil partners

Married couples and civil partners are taxed separately on jointly held assets. If you have a joint savings account, you will each pay tax on half the interest earned from this. If one partner is basic rate or a non-tax payer and the other pays tax at the higher rates, transferring the whole of the account to the lower earning individual reduces the tax you pay overall.

Care should be taken over the Financial Services Compensation Scheme which refunds up to £85,000 if a bank collapses (£170,000 for joint accounts). If your savings are above this, consider splitting them between different banks.

If you give someone an asset you usually have to pay capital gains tax on the profit you would have made, had the asset been sold rather than given away. However, this rule doesn’t apply to gifts between partners. An asset that produces income, such as a share portfolio or a rental property, can therefore be owned by a lower earning partner for income tax purposes.

Beware of drawing lump sums from your pension

Those aged 55+ are able to draw unlimited sums from pensions. Using your pension savings to fund projects such as home improvements can seem attractive, but you should think carefully before proceeding: pension withdrawals can easily lead to unnecessary and unexpected tax liabilities.

When you draw money out of a pension you can usually take 25% of the total tax free, but the rest is subject to income tax. For example, if you wanted a lump sum of £20,000, then £5,000 would be tax free, but £15,000 would be taxable at your marginal rate. The first time you draw money from your pension, the pension company deducts tax on a ‘Month One’ basis (emergency tax). This means HMRC assumes you will receive the same amount on a monthly basis for the rest of the tax year and taxes it accordingly. You can apply for a refund.

If you take income from your pension you are likely to be subject to the Money Purchase Annual Allowance. This means you can only contribute £4,000 to a pension each year, rather than the standard £40,000.

Watch out for Child Benefit tax charges

If you claim Child Benefit and either you or your partner earn more than £50,000 then you could face a tax charge. The charge is 1% of the Child Benefit received for every £100 that your income is over £50,000. For example, if you receive £1,076 a year in Child Benefit and your salary is £53,000 you will pay £322.80 additional tax. If income was £60,000, then all the Child Benefit would be reclaimed through additional taxation.

You can reduce your income by making pension contributions or charitable donations. If you can reduce your income below £50,000 then you escape the tax charge entirely.

Have a contingency plan

It’s important to consider how you would cope financially in an emergency such as losing your job, or suffering a long period of poor health. If you are able, try to hold at least six month’s expenditure in cash deposits so you can easily access these.

You should also consider what would happen if you weren’t able to work through illness. Most employers will only pay your salary for a limited time, once this limit is reached you will be moved onto Statutory Sick Pay and eventually onto state benefits.

There are various types of insurance policy which can protect against the financial effects of ill-health:

  • Income protection – pays a proportion of your salary until you reach retirement or return to work.
  • Critical illness insurance – pays a lump sum if you’re diagnosed with a critical medical condition such as cancer or multiple sclerosis.
  • Accident, sickness or unemployment insurance – this is sometimes called Payment Protection Insurance as it usually relates to a specific payment, such as your mortgage or a loan. The payments are short-term.

Arrange life assurance

If you are the main breadwinner for your family, you should think about how they would cope financially if you passed away. You might have ‘death-in-service’ benefit through your employer which provides a lump sum based on your salary if you die while in employment. If you don’t have this you might also consider:

  • Mortgage protection – ensures your mortgage will be paid off on death. A mortgage protection policy is usually cheaper than a standard life assurance policy because the amount that is paid on death reduces each year in line with the outstanding balance of your mortgage.
  • Life assurance – also known as ‘Term assurance’ – this simply pays a lump sum on death, and may be used to supplement any ‘death-in-service’ benefit provided by your employer.
  • Family income benefit – this provides a regular payment over a specified number of years rather than a lump sum. This type of policy is useful if you think your family will struggle to maintain their current lifestyle without your income, and can be cheaper than a policy that pays a lump sum.

Write a will

Most people think assets will automatically pass to their spouse or civil partner if they die, but this isn’t necessarily the case. If you die without a valid will your assets will be dealt with according to the laws of intestacy. If you have children, your partner may not get all your assets and it could take some time for the division of assets to be decided.

Having a will is particularly important if you cohabit but are not married or in a civil partnership. You should take care to review your will following major life events, especially the birth of children, divorce or dissolution of a partnership.

The difference between invoices and receipts

In case of a tax compliance check, tax auditors are likely to verify whether or not all expense-related documents are in order and contain the relevant information. The most common expense documents are invoices and receipts. Here are the main differences between these two types of tax records.

Keeping tax records is one of the most essential aspects of running a business. If you’re meticulous about collecting expense-related documents, you make sure that your taxable profit is as low as possible. Documents that meet certain criteria are required to reclaim VAT.

Not all transactions are documented using paper or electronic files. But in case of a tax compliance check, you may be asked to provide evidence that your business transactions took place. For this purpose, receipts and invoices may come in quite handy.

Receipts acknowledge payments

A receipt is an acknowledgment from the vendor to the customer that the payment for goods or services has been received.

Companies issue receipts after all kinds of payments, including online, bank transfers, cheques, or “cash in hand”. A receipt is the buyer’s proof of payment and, at the same time, it requires the seller to pay taxes related to that sale.

Receipts from cash registers that you can get in shops or petrol stations typically contain information about the date of purchase, goods or services sold, the seller’s details, the amount paid, and the tax amount if applicable. Many receipts also contain information about the buyer and the method of payment, especially when the transaction is between two businesses.

A receipt is also proof of ownership of the products listed on the receipt. It’s often used to claim consumer rights in case of a faulty product to get a refund or to organise a return.

Invoices are requests for payments

Similarly to a receipt, an invoice documents a purchase between two businesses or a business and a consumer. Typically it’s issued before any payment has been made, and thus an invoice is a legally enforceable document meaning that the seller can use it as proof that the amount is owed.

An example of a purchase that requires an invoice is an ongoing service, such as from your hosting provider or online advertising campaigns.

Apart from standard information about the purchase, some invoices include the due date which may be for example 30 days. They may also include a discount for early payments.

It’s important to know the difference between an invoice and a Purchase Order, typically referred to as a PO. While invoices relate to completed transactions, a PO is the document issued earlier. A PO lists all requirements including products or services and their prices but it’s not a legally enforceable document.

Therefore every PO has a matching invoice, while not every invoice has a matching PO, due to the fact that POs are not used in every organisation.

VAT invoices make it possible to reclaim VAT

Only valid VAT invoices allow you to reclaim VAT and thus you need to make sure VAT invoices include all required details:

  • The word ‘invoice’ on the document
  • Unique invoice number that follows on from the last invoice
  • Your business name and address
  • Your VAT number
  • Date
  • The tax point (or ‘time of supply’) if this is different from the invoice date
  • Customer’s name or trading name, and address
  • Description of the goods or services
  • Total amount excluding VAT
  • Total amount of VAT
  • Price per item, excluding VAT
  • Quantity of each type of item
  • Rate of any discount per item
  • Rate of VAT charged per item – if an item is exempt or zero-rated make clear no VAT on these items
  • Total amount including VAT

For sales under £250 (including VAT) you may use simplified receipts which include less information compared to the “full” VAT invoice. Simplified VAT invoices may NOT include:

  • Date
  • Customer’s name and address
  • Total amount excluding VAT, total amount of VAT,
  • Price per item excluding VAT
  • Quantity of each type of item
  • Discounts per item

Bear in mind that delivery notes, Purchase Orders or email messages are not valid VAT invoices and you cannot use them as evidence to reclaim VAT.

Digital vs print invoices and receipts

It’s worth noticing that there is no difference between invoices and receipts regarding how you store them: you don’t need to keep paper copies of your receipts and invoices.

Both print and digital copies of your sale and expense invoices and receipts are acceptable. Businesses must make sure that these documents are readable and easily accessible in case of a tax compliance check.

Guide to the GDPR May Overhaul

General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. Our need-to-know GDPR guide explains what the changes mean for you.

In May, Europe’s data protection rules will undergo their largest overhaul in 20 years. When current regulations were drawn up in the late 1990s, the internet was still in its infancy.

To ensure the laws overseeing our personal data are fit for purpose, European regulators have created a series of new rules. The result is the mutually agreed European General Data Protection Regulation (GDPR), which will come into force on May 25, 2018. It will change how businesses and public sector organisations can handle the information of their customers.

The regulation has spawned a raft of GDPR experts who want to help businesses prepare for the changes GDPR will bring – and make a tidy sum for their expertise.

Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, says she is frustrated by the amount of “scaremongering” around the potential impact for businesses. “The GDPR is a step change for data protection,” she says. “It’s still an evolution, not a revolution”. She adds that for businesses and organisations already complying with existing data protection laws the new regulation is only a “step change”.

Still, plenty of confusion remains. To help clear things up, here’s WIRED’s guide to the GDPR.

What is GDPR exactly?

The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.

The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information, which we’ll explain in more detail later.

After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.

After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.

Don’t we already have data protection laws?

Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 sets out how your personal information can be used by companies, government and other organisations.

GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has now been published by the government. As noted by data protection expert Jon Baines, the UK’s data protection plans include everything within the GDPR – although there are some minor changes.

The new UK data protection bill

The UK government’s new data protection legislation, which will implement the vast majority of GDPR was published on September 13, 2017. The bill must pass through the House of Commons and the House of Lords before it becomes law.

The bill will implement GDPR into UK law and largely covers all the main areas of the EU regulation. However, there is some flexibility on how individual countries implement GDPR. The government says its bill sets out a number of exemptions from GDPR. These, it says, include extra protection for journalists, scientific and historical researchers, and anti-doping agencies who handle people’s personal information.

The UK has also put a greater focus on the personal data of children. Its bill says that parental consent must be required from parents of children under the age of 13 to process their data. Elsewhere, other countries are setting this level at 16.

The Data Protection Bill is currently working its way through debates in the House of Commons and House of Lords. It is subject to a number of potential amendments, which all have to be approved by both houses before the Bill can be passed and become an Act of parliament. When this happens, the 1998 Data Protection Act will be repealed.

Is my company/startup/charity going to be impacted?

In short, yes. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.

Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.

These definitions are largely the same as those within current data protection laws and can relate to information that is collected through automated processes. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it’s possible that a person could be identified by a pseudonym.

So, what’s different?

In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.

Helen Dixon, the data protection commissioner for Ireland, who has major technology company offices under her jurisdiction, says the new regulation was needed and is a positive move. However, she adds that while large businesses are aware of the upcoming changes there needs to be a lot more knowledge in smaller companies, including startups. “One of the issues with startups is that when they’re going through all the formalities new businesses go through, there’s no data protection hook at that stage,” Dixon says.

So, if you’re only just hearing of GDPR, here are some of the bigger changes to be prepared for.

Accountability and compliance

Companies covered by the GDPR will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.

In the last 12 months, there’s been a score of massive data breaches, including millions of Yahoo, LinkedIn, and MySpace account details. Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.

For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.

Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO). For many organisations covered by GDPR, this may mean having to hire a new member of staff – although larger businesses and public authorities may already have people in this role. In this job, the person has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers. “It means the data protection will be a boardroom issue in a way it hasn’t in the past combined,” Denham says.

There’s also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person’s information they have to clearly explain that consent is being given and there has to be a “positive opt-in”. A blog post from Denham explains there are multiple ways for organisations to process people’s data.

Access to your data

As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that’s held about them. At present a Subject Access Request (SAR) allows businesses and public bodies to charge £10 to be given what’s held about them.

Under the GDPR this is being scrapped and requests for personal information can be made free-of-charge. When someone asks a business for their data, they must stump up the information within one month. Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information. As Dixon points out, big technology companies, as well as smaller startups, will have to give users more control over their data.

As well as this the GDPR bolsters a person’s rights around the automated processing of data. The ICO says individuals “have the right not to be subject to a decision” if it is automatic and it produces a significant effect on a person. There are certain exceptions but generally, people must be provided with an explanation of a decision made about them.

The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.

GDPR fines

One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a data protection officer, it can be fined. If there’s a security breach, it can be fined.

These monetary penalties will be decided upon by Denham’s office and the GDPR states smaller offences could result in fines of up to €10 million or two percent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four percent of a firm’s global turnover (whichever is greater). These are larger than the £500,000 penalty the ICO can currently wield and, according to analysis, last year’s fines would be 79 times higher under the new regulation.

But Denham says speculation that her office will try to make examples of companies by issuing large business-crippling fines isn’t correct. “We will have the possibility of using larger fines when we are unsuccessful in getting compliance in other ways,” she says. “But we’ve always preferred the carrot to the stick”.

Denham says there is “no intention” for overhauling how her office hands out fines and regulates data protection across the UK. She adds that the ICO prefers to work with organisations to improve their practices and sometimes a “stern letter” can be enough for this to happen.

“Having larger fines is useful but I think fundamentally what I’m saying is it’s scaremongering to suggest that we’re going to be making early examples of organisations that breach the law or that fining a top whack is going to become the norm.” She adds that her office will be more lenient on companies that have shown awareness of the GDPR and tried to implement it, when compared to those that haven’t made any effort.

How to prepare your business for GDPR

When implemented, GDPR will have a varying impact on businesses and organisations: for instance, not every company will require a data protection officer. To help prepare for the start of GDPR, the ICO has created a 12-step guide.

The guide, which is available here, includes steps such as making senior business leaders aware of the regulation, determining which info is held, updating procedures around subject access requests, and what should happen in the event of a data breach. In Ireland, the regulator has also set up a separate website explaining what should change within companies.

The ICO says that “many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA)”. It adds for businesses already complying with the current data protection law, it’s highly likely they will be meeting many of the GDPR principles.

As well as this guidance, the ICO says it is creating a phone service to help small businesses prepare for GDPR. The service will provide answers about how small companies can implement GDPR procedures and starts at the beginning of November 2017.

What big tech is doing

The big tech companies, like all others, have no exemption from GDPR. Google and Facebook, two of the biggest collectors of personal information, have been making changes to their businesses. But things haven’t gone without a hitch.

Amid Facebook’s Cambridge Analytica data scandal, the company has altered its position several times. Mark Zuckerberg initially said Facebook wouldn’t apply the same privacy protections across the world. Since then he’s reversed his position and announced everyone would get the same “tools” wherever they lived.

But Facebook has also changed the terms and conditions of its users who live outside the US and Europe. Reuters reports Zuckerberg’s company is changing the location of most of its user registrations outside of Europe to the US, rather than Ireland. This means 1.5 billion people won’t fall under the protection of GDPR.

Elsewhere, Google has sent notifications to all of its users to update their data and review what is collected about them. The firm has also updated its ad settings. Some individuals have received notifications saying they should review their privacy settings and Google has also created a page for the businesses it works with.

Why Terms and Conditions are important

While a Terms and Conditions agreement is recommended to have for your website, it’s not required by law to have this agreement.

Only Privacy Policies are required by law if you collect personal data from your users: email address, first and last names, shipping address, etc.

A Terms and Conditions agreement is also known as a Terms of Service or a Terms of Use agreement:

A Terms of Service Agreement is a set of regulations which users must agree to follow in order to use a service. Terms of Use is often named Terms of Service, Terms and Conditions, or Disclaimer when addressing website usage.

This agreement sets the rules that users must agree to in order to use your website.

Because of its importance, here are 5 reasons why you should have a Terms and Conditions.

Reason #1: Prevent Abuses

A Terms and Conditions acts as a legally binding contract between you and your users.

This is the agreement that sets the rules and guidelines that users must agree to and follow in order to use and access your website or mobile app. The Privacy Policy agreement informs users what kind of data you collect and how you are using that data.

In this agreement, you can include the necessary sections to inform users of the guidelines of using your website or mobile app, what happens if users are abusing your website or mobile app, and so on.

Examples of actions of abusive users can include: spamming other users, posting defamatory content, etc.

If your website or mobile app hosts content that is generated by users, you can include a clause in the Terms and Conditions to inform users that harmful language won’t be tolerated, as well as spamming other users (depending on the function of your website: via public or private messages).

All of these can result in having those users who are found abusing your website temporarily banned.

Reason #2: Own Your Content

As the website owner, you’re the owner of your logo, content (except for user-generated content, as most websites will inform users that any content created by users is theirs), the design of the website, and so on.

In the Terms and Conditions, you can inform users that you are the owner of such content (as mentioned above) and that the content you own is protected by international copyright laws.

Reason #3: Terminate Accounts

If Reason #1: Prevent Abuses suggested that you could temporarily ban users, another common clause that Terms and Conditions agreements include is the Termination clause.

This clause informs users that abusive accounts will be terminated and banned from using the service.

The Termination clause is aimed at websites that have a registration section (e.g. user must register before using and/or accessing certain sections of the website), as you can disable or ban the abusive users based on the activity of their accounts.

Reason #4: Limit Liability

Terms and Conditions agreements commonly include a warranty disclaimer that tries to limit the website owner’s liability in cases where errors are found in the content presented on the website.

This kind of clause notifies users that the owner can’t be held responsible for any errors in the content presented, or for the information provided being accurate, complete, or suitable for any purpose.

Reason #5: Set The Governing Law

Usually, the Governing Law clause of a Terms and Conditions agreement refers to the jurisdiction that applies to the terms presented in the agreement.

If you operate your website from another country (Australia, UK, Canada, South Africa), update the agreement to include the home country or the country in which your company (that owns and operates the website) is registered in.

New Year’s accounting resolutions

The beginning of the year is a great time to reflect on the past twelve months and prepare for the next. Here are some useful accounting tips to help you get your business finances up-to-date and ready for the year.

Keep your business in shape

People often make New Year’s resolutions to live a healthier life. For example, they might resolve to change their diet, exercise more often, or cut down on alcohol.

You can make the same sort of resolutions for your business, to help it stay in top shape for the coming year. Since money matters to your business, it makes good sense to look at its overall financial health and see where you can make improvements.

Here are 10 tips that will help you understand what you’ve achieved in the past year – and what you might be able to achieve in the next. Some you can put into action right now. Others can become resolutions to help your business grow in the new year.

1. Review your financials

It may not be the financial year end for your business yet. But it doesn’t hurt to go through all those sales receipts and invoices now, and check your bank account to make sure the figures add up.

Quality accounting software makes this easy for you – and does most of the work automatically.

2. Talk to your accountant

One good reason for getting your accounts in order now is so you can share them with your accountant for checking.

Some accountants might not want to look at the detailed figures until nearer the end of the financial year. But if you can persuade them to take a quick look now, they may be able to give you a rough idea of what your tax bill will be.

It’s good to have that knowledge sooner rather than later. That way you can ensure you save the right amount of money and avoid any unpleasant surprises.

3. Review growth, revenue and sales goals

Take some time to reflect on the past year and ask yourself some important questions:

  • Did your business grow?
  • How did your revenues and profits compare with the previous year?
  • Are you sales trending up? Take a look at the sales graphs in your accounting software to see.
  • Does your expenditure over the past 12 months give any cause for concern?
  • If you made a list of goals last year, did you achieve them?

In short, try to understand how your business has changed since the end of the previous year. If it’s grown, give yourself a pat on the back – and keep going.

If business hasn’t improved, ask yourself why, and dig into the figures to find out more. Now might be a good time to get professional advice from an accountant. They can help with the coming years financial planning. This will help you get on the right track.

4. Stay up-to-date with tax law and filing deadlines

Tax laws and regulations change on a regular basis. Talk to your accountant to make sure you’re up-to-date, and understand how any changes affect your business.

Ask them when you’ll need to file and pay taxes. Set up your calendar with the appropriate alerts and reminders for the coming year.

5. Update your payroll

Be sure to update your internal systems, such as online payroll. With the right software this will be easy to do. Items to consider include:

  • Handing out bonuses
    Check local legislation – you can probably pay bonuses now instead of waiting for the end of the tax year. It might help your tax accounting to do it sooner rather than later.
  • Pay employees electronically
    Pay your employees by direct deposit to save everyone time, money and resources.
  • Reviewing employee status
    Make sure you know the difference between an employee and an independent contractor or consultant. Check the status of all your employees. If you get this wrong it will cost you money – and you may be penalised by the government.

6. Get your accounting software up-to-date

It’s hard to take a step back and evaluate your accounting software when you’re busy using it on a daily basis. So a quieter period of the year is a good time to consider whether it’s working for you.

If you’re using traditional desktop accounting software or Excel spreadsheets, think about the benefits of moving to online accounting. Online accounting makes it easy to access your business accounts from anywhere, at any time, using a laptop, tablet or smartphone.

You’ll also reduce your IT costs, because software maintenance and upgrades are handled for you. And online or cloud accounting is secure, with powerful encryption and remote backups. So there’s less chance of your vital business information being lost or stolen.

Do your research, find out which accounting software might be suitable, then try it out. Most software packages have free trials so you can see whether the product is right for you and your business.

Christmas gifts and inheritance tax

During the holiday period one of the questions I’m asked most frequently is, “what are the IHT implications of making gifts to my family?”

This is a complex area, so it’s a good idea to review your planning regularly.

This article isn’t personal advice. If you’re unsure of the suitability of any investments for your circumstances, please contact us for personal advice. Remember tax rules can change and any benefits depend on personal circumstances.

Common IHT exempt gifts

Most of us are aware that we can make some gifts without incurring an inheritance tax charge.

One of these is £3,000 each year, which can be given to anyone you choose.

This allowance can be carried forward for one year if it’s not used, so if you didn’t use it last year you can give away £6,000 this year.

There are additional gifts like this that can be made on special events, such as marriage, as well as donations to charities and political parties.

On top of this, you can make a gift of £250 each year to as many people as you like. This can work well for grandparents with lots of children and grandchildren.

Lesser-known IHT exempt gifts

There are also lesser-known gifts you can make. One of the most overlooked is unlimited gifts from surplus income.

For this exemption to apply you’ll need to establish a pattern of gifts. The gifts have to be made from excess income and you should be able to show they don’t affect your standard of living.

Our Financial Advisers frequently work with their clients on maximising tax-efficient income to use this valuable exemption.

Potentially exempt transfers

Any other gifts not covered by the above examples are Potentially Exempt Transfers (PETs). They’re ‘potentially’ exempt as you need to survive seven years for them to become IHT-free.

So, how much can be given away without incurring an immediate inheritance tax charge?

Well, in theory, there’s no limit, so a considerable sum (even the majority of your assets) could be passed on via PETs. If you don’t survive seven years, a gift exceeding your nil rate band (currently £325,000) could be taxed. The rate of tax is reduced on a sliding scale should you survive between three and seven years.

If you’re considering substantial gifts you should seek financial advice.

Keeping accurate records

Making a record of any gifts made and, importantly, the exemption you are claiming, will help your executors administer your estate.

Our advisers can help you to record gifts appropriately and advise on the implication and timing of any gifts.

Could you benefit from financial advice?

One of the first tasks when advising clients is to look at how much inheritance tax might be payable on their estate.

With recent rule changes and the introduction of the new residence nil-rate band, now could be the perfect time to review your financial arrangements.

In addition to gifting, there are a number of other ways to reduce the impact of inheritance tax.

The challenge for investors is knowing when taking professional advice can add real value. We can help you decide – we always provide initial consultations about our advisory service without fee or obligation.

We’ll help you understand why our expert financial advisers could be the answer if you need more help, and how financial advice works, including the benefits and costs.