Tag Archives: Regulatory changes

3 Steps Every Business Needs To Take To Comply With GDPR - Apart From Email Marketing

3 Steps Every Business Needs To Take To Comply With GDPR – Apart From Email Marketing

3 Steps Every Business Needs To Take To Comply With GDPR - Apart From Email MarketingGDPR is all about introducing greater transparency, increased accountability and enhanced privacy rights for all of us. For example, we can manage our permissions to tech platforms as a result of being notified about the data they hold and collect on us. These new rights are necessary in a world  where the likes of Google collect the most mind boggling information.

The fact that GDPR requires tech companies to design their platforms with privacy built in, means a “take it or leave it” stance will no longer be the prevailing approach. The legislation has teeth. For example, there are eye watering fines for companies that ignore the regulations, which will have even the richest of them pay attention.

So, I think GDPR will introduce a sea change into the handling of data as is apparent from the changes introduced by Facebook following the recent Cambridge Analytica revelations.

Complying with GDPR

GDPR is all encompassing, impacting so many different areas of a business. So, it can be overwhelming.

A good place to start if you’re a small business wanting to understand your obligations under GDPR is the ICO’s site. There are plenty of resources provided to help you to comply, although I suspect the majority of small businesses will ultimately need help because it’s one thing to know about GDPR, but it’s quite another to know what to focus on when attempting to comply with the new laws given that there is so much to do.

There are certain actions that every business should be taking immediately to reduce GDPR risks. And that’s not the much publicised question whether or not to ask for consent to market to your lists which I previously wrote about on this blog GDPR – Why Consent Should Be Used As A Last Resort. Sadly too many advisers out there are still telling businesses that obtaining specific consent for everything is the way to go, which will place huge administrative burdens on those businesses that follow such blanket advice.

3 Steps

There are 3 steps every business should be taking in the light of the GDPR changes, that many businesses may be missing given the spotlight on email marketing. That is, to consider the data they hold in the cloud and take simple basic measures, such as:

  1. Use strong passwords. If employees, virtual assistants, or contractors (such as your website development company) have access to your data, then are they using strong passwords so as to keep your data safe?  They could easily compromise your security by their actions.
  2. You should introduce clauses and contracts with your freelancers, and contractors. Explain the impact of GDPR. Are they using laptops with encryption? Do they know not to log into your sites in internet cafés? Are they always logging off when they leave their computers unattended? These basics are essential. You are responsible for educating your workers, contractors and other team members about GDPR and the actions they need to take so they don’t compromise security of your data or otherwise cause you to be in breach.
  3. You want to let contractors such as your digital marketing agency, virtual assistance service, or web developers know that using outsourced staff and giving others access to your site without your knowledge is not permitted without your specific consent. These entities are processors of your data. They should not be appointing sub processors without your knowledge. You need to know if your agency is giving access to your data to a third party. Otherwise, what is the point of your doing  due diligence checks when taking on an agency, only for them to engage a temporary helper (possibly using a less rigorous vetting exercise than you employ) to assist them when providing their services to you?

If you’ve not yet addressed these GDPR issues in your business then don’t delay as they are, in my view, one of the greatest security risks small businesses face.

If, on the other hand, you are an agency using outsourced team members to deliver services such as website design, form building, online questionnaire development, search engine optimisation, Facebook or Google advertising, and the like, then your business model may need some adjusting. You should be thinking about what your clients will need from you, and pre-empting their concerns.


With just over a month to go, and many contracts and steps to take immediately, you can’t afford to leave it any longer. While it’s unlikely you will face fines for failing to address every aspect of GDPR, doing nothing is not a sensible option. Come 25 May, your website will be a tell tale sign if you’ve not taken any steps to comply with GDPR.

We have various service options to help clients, ranging from access to templates and clauses, to providing some consultancy, or taking care of the entire process for you. Get in touch if you have would like a quote or have any questions.


FTC ruling on blog paid reviews

Intellectual Property Value – Do You Need Specialist Skills to Value IP?

What Is Your IP Worth?As intellectual property (IP) becomes more recognised as an asset class, interest in it is increasing – so much so that apparently according to the IPKAT Hong Kong property surveyors have been trying to break into assessing the intellectual property value in a business.

They recently called upon overseas bodies (for example, the Royal Institution of Chartered Surveyors to promote the virtues of having surveyors perform IP valuations.

As the IPKAT says, the question is whether

  1. IP valuation is a sub-category of business valuations or a self-contained professional endeavor; and
  2. (ii) in either case, to what extent must an IP valuation professional understand the legal context of IP rights?

The starting point is to consider what we mean by IP

What is IP?

The term IP is generally associated with registrable rights like trademarks, patents and designs.  However, SMEs also have many non registrable IP issues to consider, such as copyright, know how, trade secrets, database rights, organisational knowledge and more.

Unless an SME takes advice to identify, manage, and protect its IP assets it could be seriously exposed because intangibles are a poorly understood asset class.

There is no one size fits all when it comes to determining a business’s risks and opportunities. Even  two businesses in the same industry, with similar business model, may have different issues to address depending on how they develop their businesses and what contracts and other arrangements they have in place, For one business copyright may be the critical asset, while for another it may be the database or a patent.

They will not necessarily be equally desirable to an investor as their value on exit would be impacted by a number of factors unique to each business.

Why have an IP valuation?

One issue a valuation will consider is whether there is key IP underpinning a company’s competitive advantage. If so, another question is whether that competitive advantage is adequately protected.

Banks and investors may accept IP assets as valuable security to finance an SME’s growth if the business can demonstrate that those IP assets underpin revenues and forecasts, and impact cash flow.

How the strength of the IP asset is critical

A fictional example may help convey how IP works.

Say a company has developed an innovative solution that becomes well known in its industry. That competitors will copy a good idea is inevitable. So, if a company’s asset isn’t protected with a patent or other barrier to entry, it is more vulnerable to copy cats.

However, where there are no patents to protect the product, it is a mistake to assume there is little you can do to prevent a competitor stealing market share. You may not be able to stop them creating similar products but you may be able to protect your competitive position and create barriers to entry through the name you choose for the product.

The name is a potential barrier to entry because it can stop competitors using similar ones to identify their offerings – but only if it is a name that the business can uniquely use.

If the business chooses a generic name (that is, one that describes what the product does, rather than an actual name), the name will not be capable of protecting the company’s asset. This is so even if the company registers that name as a trademark combined with a logo. Such a registration would effectively only protect the logo where the name is generic.

So the upshot is that the business has a product that gives it a competitive advantage. It has a valuable asset, but not as valuable as it would be if the name was capable of stopping competitors stealing market share when providing ‘me too’ solutions.

That not all names are equally effective at containing IP value is not generally well understood

Shifting value of IP

IP value is rarely static. Intellectual property rights can change in value over time for a variety of reasons. For example, when you first patent something, it’s possible you have a unique solution to a problem so that your patent provides a strong competitive advantage. But then as other solutions to the problem emerge, the value of your patent may be reduced. On the other hand, if you have successfully marketed your product, despite your patent becoming less critical to your competitive advantage, your trademark may have gained value as your name recognition has increased.

So, failing to give a product a distinctive name that is capable of functioning as a trademark, or not checking whether other people’s rights might prevent use of the chosen name long term impacts the value that is generated, and that would inevitably depress the value of your IP.

IP value is impacted by the choices you make

The above example is designed to illustrate how the IP in question, or the choices you make impact IP value. You need to be ready to make changes if needs be. However, names are not the sum total of IP. There are so many other issues that impact IP value.

There are a number of IP actions required in order to build value and wealth. Implementing effective contracts is a hugely important, but misunderstood aspect of IP protection.

Because it is never possible to foresee what problems and scenarios might arise for a business in the future, it is prudent to secure its IP rights to the fullest extent, so the business has adequate protection to protects its position in the market.

Therefore, identifying IP rights, and protecting and managing them, is essential for any ambitious business.


Clearly IP valuation is not an area in which surveyors would have appropriate transferable skills.

IP and business are closely intertwined. In practice, you need to take both into account. That is why it requires the combined skills of business and IP experts to get the most effective IP valuation and strategic advice.

In a future post, I will explore the different methods for valuing IP.

Online shopping. Know your obligations.

Online Selling And Your Obligations To The Consumer

Online shopping. Know your obligations.Online selling entails certain obligations to the consumer. Online sellers, whether of goods or services, have responsibilities towards the buyer. Being aware of these obligations ensures that you are complying with the law and treating of your sellers fairly. This is becoming an increasingly important area as online selling becomes the norm.

We will look at the impact of two key legal documents, their requirements and how they regulate your relationship with the consumer. This way, you will be in a better position to ensure your online ecommerce site complies with the law.

Online Selling And The Ecommerce Regulations

Introduced in 2002, the Ecommerce Regulations apply to anyone providing a service for payment at a distance (including websites) and requiring online sellers to provide specific information at certain points on commercial websites. The purpose of them is to make sure that consumers have minimum process standards when buying online.

To be successful in the online selling business, and develop a good reputation, the minimum information to be provided is your trading and business name, geographical address, an email address (a contact us form alone is not enough), any registration number (e.g. if a business is incorporated provide its company registration number), VAT number, details of any regulatory body that regulates you, and any price indication on the website must be clear and unambiguous. The purpose of providing this information is to ensure that the consumer has a clear understanding of who they are dealing with and the costs to expect.

Further to these minimum requirements, the regulations require you to give the following information before orders are placed.

The buyer should be informed:

  • of the different technical steps to conclude the contract;
  • of the technical process for identifying and correcting errors before placing an order;
  • whether the final contract will be stored by you and whether the buyer will have access to it;
  • of the languages offered for the conclusion of the contract;
  • whether you are bound by any code of conduct and provide a link to view it.

Where you provide terms and conditions, buyers must be able to store and reproduce them.

If you intend to supply marketing emails, you will need to allow the opportunity for buyers to opt-out. The best time would be when buyers provide their contact details. It is also equally important to note that not all countries allow emails of this type and you should pay particular attention where, so you are not infringing local law.

Consumer Contracts Regulations – Selling At A Distance

More recently, regulations have come into place to govern selling at a distance, including online selling, which only applies when you do business with consumers. So if you contract with other businesses the following won’t apply.

In a previous blog, Strict Sanctions for Failing to Comply with Latest Distance Selling Regulations, we covered in brief some of the key changes.

The essence of the regulations is to ensure that you as an online seller provide the consumer with essential information so that they are able to identify you and how you trade.

Other than the information required under the ecommerce regulations there is a substantial amount of information you need to provide depending on the goods and services you sell on your online shopping website.

Examples include:

  • the need to provide the price of goods including taxes, or how these are calculated if a specific price cannot be given;
  • all additional charges must be calculated in advance;
  • the arrangement for payment, delivery, performance and the time by which you undertake to deliver goods or services;
  • and most importantly, where a right to cancel exists, the conditions, time limit and procedures for exercising that right. You must state whether the consumer is to bear the cost of returning goods in case of cancellation (otherwise you will be responsible for payment for returns).

The regulations also require specific information to be communicated at various points in the buying process. At the start of the ordering process, any delivery and payment restrictions that apply must be set. Ensuring that you provide this in your online shopping website’s terms of business will mean that consumers have the opportunity to see this information at any time before ordering.

At the stage of placing orders, consumers should be made aware that ordering involves an obligation to pay and any button to proceed beyond this point must state so clearly. This will include full price information including taxes, delivery charges and all other charges. Consumers would then understand that they will be required to pay for your product or service at that time and have all the information necessary to make that decision.

Once a purchase is made, confirmation of the purchase must be given within a reasonable time. The confirmation does not need to be acceptance of the purchase but an acknowledgment. In online selling, proper wording should be provided so that a legally binding contract is not created at this time, otherwise you may find yourself in a position where you must fulfill the contract and may be in a difficult situation if you do not have the means to complete the order.

The right of cancellation is a strong right for the consumer. For the majority of products and services, consumers must be given the right to cancel and withdraw without incurring liability within 14 days of placing the order. The consequences of breaching the notification requirements of the consumers’ cancellation rights will be that the cancellation period will be extended to 12 months.

However, it is worth noting that the regulations can reduce or limit your liability in certain situations.

For example:

  • where enhanced delivery is chosen by the consumer;
  • where the value of goods is diminished by consumer handling;
  • where goods are returned by the consumer; and
  • where consumer requests early supply of services.

There are also specific goods and services to which the right to cancel does not apply or may be lost, but the consumer has to be informed ahead of time. It is therefore important to understand whether any of the exceptions apply to you and how to make sure to properly inform the consumer.

The two regulations put a lot of pressure on online sellers to provide sufficient information to consumers and make sure their online shopping website also complies in order to ensure smooth business transactions.

The purpose of this article is to be an informative guide, providing you with the basics and raise your awareness of the issues to be in line with the regulations relating to online selling. If you need advice specific to your situation, we invite you to seek our legal advice.

For further information on how we can help, see our website for Website Terms and Conditions and E-commerce service.

Patents - Novelty or Reform?

Patent Registration – Does It Lead To Greater Innovation?

Patents - Novelty or Reform?Patent registration is the first form of IP many businesses want to explore when they have an idea for something new. A patent is defined in the dictionary as a sole right to make, use or sell an invention for a set period.

The key word here is ‘invention’ which presumes innovation.. Therefore, patents should lead to the spread of knowledge and greater novelty. However, arguably the patent system has the effect of setting innovation back according to a recent article by the Economist.

Problems with patents

The article suggests that stronger patent systems do not result in more private research or an increase in productivity. The broadening of the patent regime in the 1980s following the USA’s recognition of the potential of crop science failed to galvanise progress in agriculture, and the article  also highlights how patent litigation is on the rise.

As a popular article recently stated: “most of the wonders of the modern age, from mule-spinning to railways, steamships to gas lamps, seemed to have emerged without the help of patents. If the Industrial Revolution didn’t need them, why have them at all?”

What is worse, as we wrote in our previous post “Patent Troll Problems – The Good, The Bad, And The Ugly”, the system has created a ‘web’ of trolls and defensive patent-holders which exist solely to exploit rights in patents often obtained from another company to block innovation.

Too expensive

The patent system is extremely expensive and even if individuals can afford to register a patent, any litigation afterwards is likely too costly to fund. This is also noted by Rubin who points out how “most inventors barely have enough money to file for a patent application. Even if the inventor can afford to get the patent to grant, patent litigation is exorbitantly costly, frequently requiring millions of dollars to fund. Individual inventors, and even small or medium-sized companies, cannot afford such fees without another company to finance the litigation or at least to license or buy the patent…The inventor may never realise any benefit from his toils.”

If patents lead to innovation and are so expensive to uphold, then it turns out innovation is expensive – probably more expensive than it should be. As innovation “fuels” the knowledge economy, it is the engine of development, and perhaps what we need is a “clear, rough-and-ready patent system” – to  encourage novel and fresh ideas. One that does not set innovation back.

Read the full Economist article

Intellectual Property Reforms Prove Successful – From Zero To Hero

IP Reform is SuccessfulAn independent report commissioned by the IPO entitled Evaluation of the Reforms of the Intellectual Property Enterprise Court 2010-2013 was published very recently examining the effect of the recent reforms in the Intellectual Property Enterprise Court (IPEC), the former Patents County Court (PCC).

The primary objective of the recent changes were to improve the litigation procedures and reduce litigation costs and, as a result, to increase access to justice in IP matters with special focus on individual claimants and SMEs who struggled financially to fight IP cases. Yassine Lefouili, one of the co-authors of the report, affirms the positive developments following the changes resulting in qualitative and quantitative evidence that there has been large increase in the number of intellectual property cases.

Governmental support

Introducing the report, IP Minister Baroness Neville-Rolfe praised the changes and confirmed that small and medium sized businesses and entrepreneurs now have better chances to actually defend their IP rights. This is good news, especially following a recent FSB research we wrote about in our article “SMEs And IP – FSB Reports They Struggle To Protect Their Intellectual Property” which revealed the struggle of SMEs and start ups to protect their IP.

The improvements come as a result of the costs cap and the 2010 active case management process. These amendments speed up the litigation process and also serve as an awareness tool for litigants to understand better their exposure before filing a claim. What is more, as Chloe Smith underlines for the Law Gazette, changes have opened up IPEC for patent and trade mark attorneys who are now able to represent their clients in court more often.

This suggests that reforms have paid off and, as the PatLit suggests, with the introduction of the Small Claims track we might as well have even better news in a following report.

EU Wants iPlayer Access Extended Across Europe

The impact of the DSM on the EUThe Digital Single Market Aims to Make Copyrighted Works Available Across Europe.

With the self-imposed deadline for implementing the Digital Single Market (DSM) approaching, the EU Commission has set out some specific aims that it would like to achieve by the end of 2016. The BBC reports that EU officials are proponents of the DSM because they believe that a boost in the use of online goods will in turn help the EU’s economy.

Some of the main aims that the EU Commission has included are:

  1. ending geo-blocking (for cross-border purchases and using media);
  2. an enquiry into role of search engines, apps and social media in the DSM;
  3. an investigation into Google’s dominance of the internet and whether it was permissible for them to promote their own products for sale over others; and
  4. making it easier for businesses to calculate VAT.

The BBC itself will even investigate whether it would be possible to make their programs currently available through their iPlayer platform accessible to a wider audience without infringing upon copyrights.

The concern with the implementation of the DSM is that the over-arching goals of increasing freedoms and consistency while limiting infringement is that it will be difficult to strike a balance between these interests which can often be competing.

To read the article in full go here.

Data Protection Changes: How Will This Impact You After The General Election?

Digital Protection ReformWith the General Election looming, and the Conservative Party’s pledge to renegotiate Britain’s membership by holding a referendum to determine whether to remain in the EU, this could have far reaching implications in terms of emerging EU laws.

One area where it would have significant impact if the UK left the EU, is the European Commission’s comprehensive reform proposals for data protection.

Many have argued that the original data protection Directive in 1995 has not kept up with the technological developments and that change is now needed.

This change is fuelled by the desire to create a Digital Single Market because of the nature of digital technologies which move fluidly across borders. It follows that it doesn’t make sense for each member country to have its own set of laws for data protection if technologies can so easily transgress boundaries.

Back in 2011, the EU Commissioner said that the goal is for EU citizens to be protected regardless of where their data is processed. The idea is that when citizens trust e-services and feel comfortable using them there will be a growth in the market with a tangible fiscal return.

Benefits for Individuals and SMEs

The proposals currently being debated will have numerous benefits for individuals as well as SMEs if implemented.

The European Commission Fact Sheet on the data protection reforms highlights that for individuals the reform will help to strengthen their rights by giving them control of their data, and hopefully increase their trust.

The 5 main changes include: the introduction of the right to be forgotten, ease of access to your own data, a say in how your data is used, a right to know when your data has been hacked and the requirement that default settings for products be privacy-friendly.

For businesses, particularly SMEs, the benefits are considerable. The European Commission Fact Sheet notes that the reform is premised upon stimulating economic growth by cutting costs and alleviating the burden of regulatory requirements for businesses. This is achieved by having a unified body of law.

The implementing Regulations are expected to be passed at the end of 2015. Once enacted, the new law would take immediate effect in each member state. There would be no need for national implementing legislation.

According to the Fact Sheet, for some SMEs the reform will mean that they are exempted from appointing a data protection officer (unless data processing is their business), that they will no longer have to notify supervisory authorities, that where requests to access data are excessive they may charge for this and that they will not be obligated to conduct impact assessments unless there is a particular risk.

Impact of these changes

Proposed fines for breaches of the rules are significant, capped at 2% of turnover. For large commercial enterprises the maximum financial penalties for inadequate data protection measures could be staggering. For smaller businesses this is less of an issue.

The proposed reforms also require any loss of data to be notified within 24 hours. This requirement has been particularly controversial, as many businesses are ill-equipped to identify and address data losses quickly.

One hot topic is the proposed right to be forgotten, enabling people to require data processors to delete personal information, and also to identify how the information has been shared, if feasible. Some argue that increased administration arising from this right, combined with a greater burden to obtain explicit consent, and the training involved, could be very costly for businesses.

What does this mean for the UK?

It is clear that these reforms would be significant and quite beneficial to individuals and businesses.  However, depending on the outcome of the election, it is possible they will not apply in the UK. This possibility would satisfy digital rights groups such as the UK’s Open Rights Group, which has signed an open letter to the EC President stating that these reforms will have the negative impact of eroding data protection for individuals.

If the UK leaves the EU these reforms, which are so beneficial to businesses on many levels will not be applicable in the UK, to the detriment of digital business in the UK.

Will The African Union Convention On Cybercrime Be Effective And Protect Human Rights?

AU Convention on Cybercrime

With the rise in internet users across Africa cybercrime is a growing problem involving “gangs embracing more sophisticated ways to use technology, such as malware and botnets…” reports the BBC.

The high number of African users means an estimated “49 million cyber-attacks took place on the continent in the first quarter of last year”.

Experts agree that the best way to help counter this phenomenon is for individual countries to adopt cybersecurity policies and to enforce them. One of the mechanisms by which to do this most effectively is through a group of nations such as the African Union (AU).

The AU has drafted a convention that will mirror “the data protection framework and language developed by the European Union,” tentatively entitled the African Union Convention on the Establishment of a Legal Framework Conducive to Cyber Security in Africa.

In theory, the Convention will require signatory governments to uphold the African Charter on Human and Peoples’ Rights. Some scholars, including those at the Centre for Intellectual Property and Information Technology at Strathmore University in Kenya, believe that the Convention may both limit freedom of expression and allow interception of private data by authorities.

There is also concern that judges will take advantage of search and seizure warrants for data and computers and that harsh criminal convictions may result from laws that are not drafted using objective standards. Critics of the Convention charge that it will be in direct conflict with protecting human rights and that the best way to alleviate this is by encouraging other sectors to contribute to the legislative process, such as NGOs and ethical hackers.

For more about the Convention and cybercrime in Africa see: http://www.bbc.co.uk/news/business-32079748

New EPO Ruling On Conventional Plants Creates Controversy

EPO ruling on patent cases for conventional plants

At the end of March the EPO issued two decisions in the highly publicised Tomato II and Broccoli II cases. Both of these cases involved seeds for plants that were grown conventionally or through “biological breeding methods involving cross and selection.” The EPO’s highest court stated that such seeds were patentable.

Following the March decision in both cases, “civil society reacted quickly to say that the EPO is favouring giant argochemicial companies… to the detriment of small breeders and consumers”. The concern of such groups is that there will be little incentive for innovation and that the decision, which cannot be challenged, as it was made by the highest court, “will be used to bypass the current legislation in Europe, according to which conventional selection processes on plant and animals cannot be patented…”.

To learn more about these decisions, the significance of these cases and the reactions to the decisions, please see: http://www.ip-watch.org/2015/04/01/epo-backs-patents-on-conventional-plants-broccoli-tomato-cases-decided/