18 minutes | Apr 25, 2019

BSS11 – I do, I do, I do, I do, I do – Business Regulation

Timings 00:20 - Scene 11.1 Should have got that 'I Do' 03:54 - Scene 11.2 A little R E S P E C T 07:00 - Discussion between Russell & Mike 07:28 - Why can Emails be blocked? 08:30 - Ignorance is no excuse 09:56 - Where to start with Data Protection 11:00 - Role of the decision makers in protecting data 11:23 - Showing Professionalism 12:20 - Information Technology's role in data protection 13:38 - Reviewing the R.E.S.P.E.C.T. acronym (see below) 16:45 - What's next? Useful Information Basic landscape of business regulation (@00:00) The Agency Workers Regulations, 2010 Agriculture (Safety, Health and Welfare Provisions) Act 1956 Children and Families Act 2014 Companies Act 2006 The Companies (Model Articles) Regulations 2008 Companies (Audit, Investigations and Community Enterprise) Act 2004 Computer Misuse Act 1990 Copyright Act 1956 The Copyright (Amendment) Regulations 2016 Corporation Tax Act 2010 Digital Economy Act, 2017 Data Protection (Charges and Information) Regulations 2018 Data Protection Act 2018 Electronic Communications Act 2000 Employment Act, 2008 Employers’ Liability (Compulsory Insurance) Act 1969 Employment Medical Advisory Service Act 1972 Employment Relations Act, 2004 Employment Rights Act, 1999 Enterprise Act 2016 Environmental Information Regulations 2004 Environment and Safety Information Act 1988 Equality Act, 2010 Factories Act 1961 Freedom of Information Act, 2000 Fraud Act 2006 General Data Protection Regulation, 2016 Control of Asbestos Regulations 2012  Health and Safety (Display Screen Equipment) Regulations 1992 Electricity at Work Regulations 1989 Control of Electromagnetic Fields at Work Regulations 2016 Health and Safety Information for Employees Regulations 1989 Provision and Use of Work Equipment Regulations 1998  Health and Safety (First- Aid) Regulations 1981 Control of Substances Hazardous to Health Regulations 2002  Work at Height Regulations 2005  Control of Lead at Work Regulations 2002  Management of Health and Safety at Work Regulations 1999 Manual Handling Operations Regulations 1992 Control of Noise at Work Regulations 2005  Health and Safety (Offences) Act 2008 Employers’ Health and Safety Policy Statements (Exception) Regulations 1975 Personal Protective Equipment at Work Regulations 1992 Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 Health and Safety (Training for Employment) Regulations 1990 Control of Vibration at Work Regulations 2005 Health and Safety at Work etc Act 1974 Workplace (Health, Safety and Welfare) Regulations 1992  Income and Corporation Taxes Act 1988 Income Tax Act 2007 Income Tax (Earnings and Pensions) Act 2003 Income Tax (Trading and Other Income) Act 2005 Mental Health (Discrimination) Act 2013 National Minimum Wage Act 1998 Modern Slavery Act 2015 National Insurance Act 1974 National Insurance Contributions Act 2015 Payment Card Industry Data Security Standard The Privacy and Electronic Communications (EC Directive) Regulations 2003 Pension Schemes Act 2017 Pensions Act, 2014 Offices, Shops and Railway Premises Act 1963 Private Security Industry Act 2001 Safeguarding Vulnerable Groups Act, 2006 Small Business, Enterprise and Employment Act 2015 Trade Union Act 2016 Transfer of Undertakings (Protection of Employment) Regulations, 2006 Value Added Tax Act 1994 The Value Added Tax (Amendment) Regulations 2018 Work and Family Act, 2006 Working Time Regulations, 1998 Working Time (Amendment) Regulations, 2007 Show R.E.S.P.E.C.T. (@00:00) R - Roles - Who does what E - Education - Raising understanding S - Standards - Know the rules P - Policy/Process/Procedure - Define the rules, route and instructions E - Enforcement - Make sure it's done C - Communication - Open discussion T - Testing - Does it work, prove it! Episode script Should have got that I do A Little R E S P E C T Should have got that I do CONTINUITY: Jakob and Zelda are having their weekly meeting to catchup.  It’s Monday morning and the email debacle continues. JAKOB: So, 18 leads for all that effort, poor Michaela ZELDA: She’s fine, but we are now having problems with our email service JAKOB: Problems? ZELDA: Well since Thursday we’ve be unable to send emails and we’re still getting the abusive ones coming in JAKOB: No emails? ZELDA: We were blocked by our internet provider for sending spam email.  Garth is looking into it.  Shall we get an update from him now? JAKOB: Had better. (Knock, knock, knock) ZELDA: Oh, Come in Bryock, great timing. (Bryock enters) BRYOCK: Felicitations to you both! JAKOB: Morning Bryock (rolling eyes) ZELDA: Bryock, could you get Garth to pop in and see us please BRYOCK: Yes Ms Zero and whilst I’m gone I thought you should have early sight of this (passing a letter to Zelda) ZELDA: Thanks JAKOB: What is it? ZELDA: A letter from the Information Commissioners Office JAKOB: Oh right, what’s that about ZELDA: Err, they’ve opened a case on Sydeline following 53 separate concerns being lodged with them. JAKOB: What? Let’s have a look.  It says here that they have been unable to ascertain who is accountable for protecting personal data in the organisation from our website and that they are unable to find a Data Controller Register entry for us. ZELDA: Data Controller Register? (Knock, knock, knock – tuneful) ZELDA: Uh, come in? GARTH: Morning Zelda, Jakob, you asked for me to pop in ZELDA: Oh yes, yes we did.  Sorry, bit flummoxed by a letter we’ve just received GARTH: Ahhh, the ICO I see… Probably raising concerns about our actions last week on email JAKOB: Yes… yes it is. How did you know? GARTH: Oh, well, when Michaela told me what has happened I guessed it would come to their attention.  Did you report it? ZELDA: Report what GARTH: The breach of 30,000 natural person’s privacy ZELDA: By who GARTH: By us JAKOB: (irritated) What are you talking about Garth? GARTH: Ok, sorry, thought you realised.  I was focusing in resolving our relationship with B 2 B 4 E Mail to get our email service reauthorised.  My assumption was that you understood that you had purchased a poor quality email list which didn’t have the appropriate consent secured and that the horrendous backlash we had already suffered had forced you to bring the incident to the attention of the ICO JAKOB: (flustered) Why on earth (calming down) Why didn’t you tell us? GARTH: (matter of fact) Email service was down! ZELDA: Thing is… We didn’t know about.. You know… About what you just said GARTH: Oh yikes! So, the ICO are following up on concerns reported to them by members of the public? ZELDA/JAKOB: YES! GARTH: Ahh, that’s not good.  Well it may be alright if you can show them that you’re on the road to being compliant with latest regulations ZELDA: Which are…? GARTH: Oh the General Data Protection Regulation and, probably more applicably, the Data Protection Act 2018, or DPA18, which is what I like to call the little beauty. JAKOB: Little beauty! You seem to know a lot about it GARTH: Only what I’ve read ZELDA: Clearly more than we know GARTH: Well, I wouldn’t like to say that JAKOB: We would.  Sit down. We need to put a plan together GARTH: But email… ZELDA: Good grief!  This has priority over running the “Death Star” Garth A Little R E S P E C T CONTINUITY: It’s two days into the information breach and the investigation from the ICO. Zelda and Jakob escape the office and convene to the Dog and Bone ZELDA: God! That has to have been the worst start to a week… EVER! JAKOB: It’s not good.  We’ve got a way to go with this DPA18 compliance stuff too.  I’m not sure our efforts will be rewarded by avoiding a fine ZELDA: A fine – oh that could bring us to our knees, no matter what size it is. JAKOB: Don’t worry, I can keep us going through this, just don’t tell your dad… Oh and here he is, (sarcastic) great! NERO: And how are my two favourite people?  Looking a tad frazzled! ZELDA: It’s been a tough week, we’ve… JAKOB: (interrupting) had a lot of good leads in and sales are going well NERO: Really, what about the ICO investigation? JAKOB: (surprised) What? ZELDA: How did you know? NERO: The ICO announce their actions on Twitter and their other feeds ZELDA: Oh no NERO: Don’t worry, I’m sure it’s just a formality.  You’ve got your compliance arrangements in place haven’t you? JAKOB: Starting to hate that word ZELDA: What compliance? JAKOB: Yeah, sounds so oppressive NERO: I like to think of it as Respect ZELDA: Respect? NERO: Yes sweetie, Respect for the health and safety of your people, respect for the laws of the land, respect for the requirement to pay tax and report to the proper bodies.  In fact, R E S P E C T is an acronym too… Hold on (looking on phone), where is it… Ah, here you go ZELDA: Roles, Education, Standards, Process, Enforcement, Communication and Testing – what’s that then? NERO: The things you need to consider in becoming compliant.  Who does stuff, teaching people. Setting the rules and procedures… etc JAKOB: So that’s what we need to do to get on top of Data Protection NERO: Yeah… And Health and Safety, VAT, Corporation Tax, Employment Law, Cyber Security and any number of the manufacturing standards that you MUST be applying in the factory. ZELDA: Oh, yes, yes of course JAKOB: Are we? ZELDA: (hard stare and clipped) Yes, we have robust standards in place in the factory. NERO: Funny thing.  You know that problem we had in the factory before you left? ZELDA: Yeah? NERO: Well, Chris’s top notch procedures and record keeping saved our skin to be honest.  The auditors that came in found only minor non-conformities and took only advisory action JAKOB: Thanks Nero, a great pointers there NERO: Always happy to help if I can – drinks? ZELDA/JAKOB: YES PLEASE! Business Regulation Discussion Transcript Transcript of business regulation discussion to follow soon
Play Next