SlideShare a Scribd company logo

Comply Winter

S
sarahwhittock

The document summarizes recent developments related to corporate manslaughter legislation in the UK and provides guidance on data protection and dealing with hospitality following the UK Bribery Act. It notes that three companies have been successfully prosecuted under the corporate manslaughter legislation, with fines ranging from £187,500 to £480,000. It warns businesses to be vigilant and implement proper safety practices to avoid similar prosecutions. Regarding data protection, it outlines the key principles businesses must follow when collecting and storing personal information. It also advises that hospitality is allowed if reasonable and for legitimate business purposes, but businesses should implement internal policies and risk assessments to prevent allegations under the Bribery Act.

1 of 2
Download to read offline
Comply Davies and Partners Solicitors Winter 2012/13 · www.daviesandpartners.com “ Welcome to this Winter 2012 edition of Comply. The Compliance and Regulatory Law Unit has, since the last edition, been involved in very complex cases including cases with the Office of Fair Trading, one of which went to the European Court. In this edition we look at the development of the case law involving Corporate Manslaughter as well as Data Protection and also how to deal with hospitality following the Bribery Act 2010. If you would like to discuss any of the issues covered in this edition or any matters relating to Regulation and Compliance, please feel free to contact me or any of the team. Greg Tay-Lodge, Partner ” Corporate Manslaughter – legislation starting to bite The Corporate Manslaughter and Corporate and struck Mr Wilson who died from fatal head Homicide Act came into force four years ago injuries. Here the company pleaded guilty to and since its inception only three companies breaching the Act and was ordered to pay a fine have been successfully prosecuted under it of £187,500. namely Cotswold Geotechnical Holdings, JMW Both of these companies were relatively Farms Ltd and Lion Steel Limited. small but still faced fairly hefty fines. It should In the Cotswold Geotechnical Holdings case also be noted that the Court was told (in the Mr Wright had been left working alone in a 3.5m Geotech case) that the company would be unable deep trench. A short time after he was left on to pay such a high fine and the imposition of his own to ‘finish up’ the trench collapsed on such a fine would probably mean the liquidation Now although there are only three completed Mr Wright and buried him. The managing of the company and loss of livelihood, however cases to have hit the headlines, apparently director Peter Eaton had initially faced charges this was not seen as particularly relevant to the there are in the region of 50 cases under referral of manslaughter by gross negligence and health Judge. to the Special Crime and Counter Terrorism and safety offences in a personal capacity but In the third case of Lion Steel Limited an Division where corporate manslaughter is these were dropped due to his ill health. employee suffered fatal injuries when he fell considered. It is therefore quite likely that more The company was charged with corporate through a fragile roof panel at the company’s companies will be facing prosecution in the manslaughter and was found guilty. It was factory. The company admitted the charge of near future. ordered by Winchester Crown Court to pay a corporate manslaughter and was subsequently The message is clear, the authorities are £385,000 penalty. fined £480,000 and ordered to pay £84,000 not afraid to use this legislation. Therefore In the JMW Farm Ltd case Mr Wilson (who toward the prosecutions costs. This is by far the businesses need to be on guard or face being had been working in the company’s meal-mixing biggest fine to date and was in fact reduced by in a similar situation to the companies above. farm in County Armagh) was struck when a 20% due to the guilty plea of the company and The impact on a business could be cata- metal bin fell from the raised forks of a forklift the judge being concerned about the future of strophic in itself but don’t forget the personal truck. The bin had not been attached properly the company’s 142 employees. impact of facing charges as an individual. CONTACT US BRISTOL 135 Aztec West, Almondsbury, THE COMPLIANCE TEAM Bristol BS32 4UB Tel 01454 619619 · Fax 01454 619696 BIRMINGHAM Latham House, 33–34 Paradise Street, Birmingham B1 2AJ Tel 0121 616 4450 · Fax 0121 643 3928 GLOUCESTER Rowan House, Barnett Way, Barnwood, Gloucester GL4 3RT Tel 01452 612345 · Fax 01452 611922 LONDON 35 Harley Street, London W1G 9QU Tel 020 7487 4361/020 3214 4055 Fax 020 7637 0211 Greg Tay-Lodge Nigel Tillott Sarah Whittock Diana Eames
www.daviesandpartners.com A summer full of events – Can we still entertain? This summer we have seen a host of spectacular events to watch including the Olympics. We are now heading towards Christmas and businesses may be thinking about gifts or invites to other events. Yet there Data Protection – brief guidance is still concern amongst businesses of the impact of the Bribery Act 2010 which came Headlines regarding data protection are still must be followed. In summary these principles into force last year. appearing on a fairly regular basis. Businesses state that data must be: The question many are asking is should a are still in some ways struggling with the 1. Fairly and lawfully processed. company take up a corporate hospitality package actual requirements of the Data Protection and send out those invitations. Despite the 2. Processed for limited purposes, i.e. only Act. So what is it all about? possible social and economic perception of a obtained for one or more specified and lawful The Data Protection Act 1998 is the current ‘jolly’ provided proper procedures are followed purposes and must not be processed further governing legislation. The aim of the legislation there is no reason why companies should not in any manner incompatible with that is to protect the individual and harmonise UK be able to make use of these events to promote purpose law with other member states. The scheme of their business. 3. Adequate, relevant and not excessive in The two offences under the Act which the Act is to require a ‘data controller’ to be relation to the purpose or purposes for which particularly relate to corporate hospitality are registered before he can lawfully process the they are processed i.e. an employer should section 1 which is offering, promising or making personal data about a data subject. only hold the personal data it actually needs a bribe to an individual; or Section 6 which A data controller is any business which uses and processes data – pretty much anyone who 4. Accurate and where necessary kept up to relates to bribing a foreign official. has a customer or employee! The data subject date Both offences refer to the provision of a is the individual about whom information is 5. Not kept longer than necessary for that financial or other advantage which could easily processed or used. Personal data is the purpose catch the invitation to a sporting event. What individual’s name combined with information will be the distinguishing factor is the intent 6. Processed in accordance with the data such as address, telephone number and behind the invitation. Was it an invitation to subject’s rights hobbies but not a name on its own or incidental promote a business to a prospective client or 7. Secure. A business should take appropriate was it an attempt to curry favour with an mention of a name in business minutes. technical and organisational measures individual who is for example key to a decision In other words before anyone can obtain or against unauthorised or unlawful processing making process on a tendering application. deal with any personal information about an of personal data and against accidental loss However companies must note that when identifiable individual in a systematic way that or destruction of or damage to personal data. dealing with foreign officials the bar for being data controller must be on a publicly accessible So for example if you use third parties to court is even lower. Here it is sufficient for the register. Once on the register and in a position process information for you, you should have official to be merely influenced for the act to be to deal with the data the data controller may in place written contracts to ensure that they caught under the Act. deal with the data only for the purposes and will abide by the data protection principles on So what is the risk to your business? within the limits imposed by the Act and even your behalf Provided the hospitality is commensurate with then some sensitive personal data will require 8. Not transferred to countries without the reasonable and proportionate norms of the further special treatment and protection. adequate protection. industry sector then it is unlikely to be seen as When personal information is collected, an issue. You may have seen headlines about used or stored by a business it has an obligation There are exemptions but don’t rely on them!! ‘lavish’ corporate packages being provided to to protect that information from being They mainly relate to matters of public interest individuals in relation to the Olympics. improperly used or distributed. So if you give such as national security, crime, taxation, social Lavishness is not in itself the test as to whether your information to a bank or gas supplier there work, examination marks, legal professional there was an unlawful intention but it will be an will be certain information you might not want privilege etc. indicator as to whether they give rise to an them to disclose to another business without The DPA is overseen by the Information increase in adverse inference on the individual your consent. Commissioner (‘IC’) who enforces the DPA benefiting from the hospitality. Key questions The individual whose details are being held provisions. They are an independent super- to ask are: or used also has a right to know exactly what visory authority reporting directly to Parliament. information is being held and the reasons why, Their duties include the promotion of good 1. Is the gift or hospitality reasonable and so they can access that data, for example information handling and the encouragement proportionate? information held by credit reference agencies of codes of practice for data controllers. They 2. Is there a legitimate business purpose? may be incorrect and clearly you would want to also publish legal guidance notes. If the IC 3. What are the companies in the same sector resolve this. posts an enforcement order and this is not met doing? Information can be processed manually or by then criminal sanctions against the company 4. Does the gift or hospitality confirm with your automated systems. Both methods are caught and in certain circumstances directors and/or own internal policies? by the Act. It affects all businesses no matter officers of the company could be imposed Remember if you have not already done so, you how big. together with unlimited fines. It could also lead should carry out a risk assessment to ascertain There are 8 data protection principles which to serious reputational damage of the company. what procedures need to be put in place.

Recommended

Second Year Company Law Essay
Second Year Company Law EssaySecond Year Company Law Essay
Second Year Company Law Essay
Laura Staunton
 
Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Judge & Priestley Legal Update For Commercial Clients (Summer 17) Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Merdy Khonde
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04
Jan Dhont
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
E-commerce Course of Boğaziçi University
 
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
throwaw4y
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to email
Lance Michalson
 
ETH 321 Entire Course NEW
ETH 321 Entire Course NEWETH 321 Entire Course NEW
ETH 321 Entire Course NEW
shyamuopseven
 
Global Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
Global Cyber-Laws and E-Commerce & Strategic Implication for E-CommerceGlobal Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
Global Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
welcometofacebook
 

Recommended

Second Year Company Law Essay
Second Year Company Law EssaySecond Year Company Law Essay
Second Year Company Law Essay
Laura Staunton
 
Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Judge & Priestley Legal Update For Commercial Clients (Summer 17) Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Judge & Priestley Legal Update For Commercial Clients (Summer 17)
Merdy Khonde
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04
Jan Dhont
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
E-commerce Course of Boğaziçi University
 
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
LAWS1100 Nickolas James Business law 4_e_----_(chapter_12_dealing_with_compet...
throwaw4y
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to email
Lance Michalson
 
ETH 321 Entire Course NEW
ETH 321 Entire Course NEWETH 321 Entire Course NEW
ETH 321 Entire Course NEW
shyamuopseven
 
Global Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
Global Cyber-Laws and E-Commerce & Strategic Implication for E-CommerceGlobal Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
Global Cyber-Laws and E-Commerce & Strategic Implication for E-Commerce
welcometofacebook
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
paynetawnya
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)
Ashish vishal
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
James '​-- Mckinlay
 
Issues in international business
Issues in international businessIssues in international business
Issues in international business
Biswa Mall
 
art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1
Marlon Moodley
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
Steven Salter
 
Forensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law PowerpointForensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law Powerpoint
Steve Bishop
 
Annual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfAnnual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdf
DaviesParker
 
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docxTroy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
turveycharlyn
 
Liability of company under criminal law
Liability of company under criminal lawLiability of company under criminal law
Liability of company under criminal law
Ashok Kumar Sharma
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
Symantec
 
In house lawyers forum, September 2018, London
In house lawyers forum, September 2018, LondonIn house lawyers forum, September 2018, London
In house lawyers forum, September 2018, London
Browne Jacobson LLP
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
Laurence
 
Bribery Act checklist
Bribery Act checklistBribery Act checklist
Bribery Act checklist
Wragge Lawrence Graham & Co
 
Spokeo v Robins
Spokeo v RobinsSpokeo v Robins
Spokeo v Robins
Tumi Atolagbe, CIPP/E, MBCS
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
NationalUnderwriter
 
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
Jessica Pattison
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
Tom Haynes
 

More Related Content

Similar to Comply Winter

GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
paynetawnya
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)
Ashish vishal
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
James '​-- Mckinlay
 
Issues in international business
Issues in international businessIssues in international business
Issues in international business
Biswa Mall
 
art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1
Marlon Moodley
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
Steven Salter
 
Forensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law PowerpointForensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law Powerpoint
Steve Bishop
 
Annual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfAnnual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdf
DaviesParker
 
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docxTroy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
turveycharlyn
 
Liability of company under criminal law
Liability of company under criminal lawLiability of company under criminal law
Liability of company under criminal law
Ashok Kumar Sharma
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
Symantec
 
In house lawyers forum, September 2018, London
In house lawyers forum, September 2018, LondonIn house lawyers forum, September 2018, London
In house lawyers forum, September 2018, London
Browne Jacobson LLP
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
Laurence
 
Bribery Act checklist
Bribery Act checklistBribery Act checklist
Bribery Act checklist
Wragge Lawrence Graham & Co
 
Spokeo v Robins
Spokeo v RobinsSpokeo v Robins
Spokeo v Robins
Tumi Atolagbe, CIPP/E, MBCS
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
NationalUnderwriter
 
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
Jessica Pattison
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
Tom Haynes
 

Similar to Comply Winter (20)

GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
110 CHAPTER FOURLegal, Regulatory, and Political Iss.docx
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
Issues in international business
Issues in international businessIssues in international business
Issues in international business
 
art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1
 
GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.GDPR: A Threat or Opportunity? www.normanbroadbent.
GDPR: A Threat or Opportunity? www.normanbroadbent.
 
Forensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law PowerpointForensic Science Informatics Computers & The Law Powerpoint
Forensic Science Informatics Computers & The Law Powerpoint
 
Annual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdfAnnual-Report-on-Privacy-Fines-2022.pdf
Annual-Report-on-Privacy-Fines-2022.pdf
 
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docxTroy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
Troy NealWednesdayMar 14 at 852pmManage Discussion EntryJRN41.docx
 
Liability of company under criminal law
Liability of company under criminal lawLiability of company under criminal law
Liability of company under criminal law
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
In house lawyers forum, September 2018, London
In house lawyers forum, September 2018, LondonIn house lawyers forum, September 2018, London
In house lawyers forum, September 2018, London
 
Marketing data management | The new way to think about your data
Marketing data management | The new way to think about your dataMarketing data management | The new way to think about your data
Marketing data management | The new way to think about your data
 
Bribery Act checklist
Bribery Act checklistBribery Act checklist
Bribery Act checklist
 
Spokeo v Robins
Spokeo v RobinsSpokeo v Robins
Spokeo v Robins
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
GDPR: A ticking time bomb is approaching - Another Millennium Bug or is this ...
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
 

Comply Winter

  • 1. Comply Davies and Partners Solicitors Winter 2012/13 · www.daviesandpartners.com “ Welcome to this Winter 2012 edition of Comply. The Compliance and Regulatory Law Unit has, since the last edition, been involved in very complex cases including cases with the Office of Fair Trading, one of which went to the European Court. In this edition we look at the development of the case law involving Corporate Manslaughter as well as Data Protection and also how to deal with hospitality following the Bribery Act 2010. If you would like to discuss any of the issues covered in this edition or any matters relating to Regulation and Compliance, please feel free to contact me or any of the team. Greg Tay-Lodge, Partner ” Corporate Manslaughter – legislation starting to bite The Corporate Manslaughter and Corporate and struck Mr Wilson who died from fatal head Homicide Act came into force four years ago injuries. Here the company pleaded guilty to and since its inception only three companies breaching the Act and was ordered to pay a fine have been successfully prosecuted under it of £187,500. namely Cotswold Geotechnical Holdings, JMW Both of these companies were relatively Farms Ltd and Lion Steel Limited. small but still faced fairly hefty fines. It should In the Cotswold Geotechnical Holdings case also be noted that the Court was told (in the Mr Wright had been left working alone in a 3.5m Geotech case) that the company would be unable deep trench. A short time after he was left on to pay such a high fine and the imposition of his own to ‘finish up’ the trench collapsed on such a fine would probably mean the liquidation Now although there are only three completed Mr Wright and buried him. The managing of the company and loss of livelihood, however cases to have hit the headlines, apparently director Peter Eaton had initially faced charges this was not seen as particularly relevant to the there are in the region of 50 cases under referral of manslaughter by gross negligence and health Judge. to the Special Crime and Counter Terrorism and safety offences in a personal capacity but In the third case of Lion Steel Limited an Division where corporate manslaughter is these were dropped due to his ill health. employee suffered fatal injuries when he fell considered. It is therefore quite likely that more The company was charged with corporate through a fragile roof panel at the company’s companies will be facing prosecution in the manslaughter and was found guilty. It was factory. The company admitted the charge of near future. ordered by Winchester Crown Court to pay a corporate manslaughter and was subsequently The message is clear, the authorities are £385,000 penalty. fined £480,000 and ordered to pay £84,000 not afraid to use this legislation. Therefore In the JMW Farm Ltd case Mr Wilson (who toward the prosecutions costs. This is by far the businesses need to be on guard or face being had been working in the company’s meal-mixing biggest fine to date and was in fact reduced by in a similar situation to the companies above. farm in County Armagh) was struck when a 20% due to the guilty plea of the company and The impact on a business could be cata- metal bin fell from the raised forks of a forklift the judge being concerned about the future of strophic in itself but don’t forget the personal truck. The bin had not been attached properly the company’s 142 employees. impact of facing charges as an individual. CONTACT US BRISTOL 135 Aztec West, Almondsbury, THE COMPLIANCE TEAM Bristol BS32 4UB Tel 01454 619619 · Fax 01454 619696 BIRMINGHAM Latham House, 33–34 Paradise Street, Birmingham B1 2AJ Tel 0121 616 4450 · Fax 0121 643 3928 GLOUCESTER Rowan House, Barnett Way, Barnwood, Gloucester GL4 3RT Tel 01452 612345 · Fax 01452 611922 LONDON 35 Harley Street, London W1G 9QU Tel 020 7487 4361/020 3214 4055 Fax 020 7637 0211 Greg Tay-Lodge Nigel Tillott Sarah Whittock Diana Eames
  • 2. www.daviesandpartners.com A summer full of events – Can we still entertain? This summer we have seen a host of spectacular events to watch including the Olympics. We are now heading towards Christmas and businesses may be thinking about gifts or invites to other events. Yet there Data Protection – brief guidance is still concern amongst businesses of the impact of the Bribery Act 2010 which came Headlines regarding data protection are still must be followed. In summary these principles into force last year. appearing on a fairly regular basis. Businesses state that data must be: The question many are asking is should a are still in some ways struggling with the 1. Fairly and lawfully processed. company take up a corporate hospitality package actual requirements of the Data Protection and send out those invitations. Despite the 2. Processed for limited purposes, i.e. only Act. So what is it all about? possible social and economic perception of a obtained for one or more specified and lawful The Data Protection Act 1998 is the current ‘jolly’ provided proper procedures are followed purposes and must not be processed further governing legislation. The aim of the legislation there is no reason why companies should not in any manner incompatible with that is to protect the individual and harmonise UK be able to make use of these events to promote purpose law with other member states. The scheme of their business. 3. Adequate, relevant and not excessive in The two offences under the Act which the Act is to require a ‘data controller’ to be relation to the purpose or purposes for which particularly relate to corporate hospitality are registered before he can lawfully process the they are processed i.e. an employer should section 1 which is offering, promising or making personal data about a data subject. only hold the personal data it actually needs a bribe to an individual; or Section 6 which A data controller is any business which uses and processes data – pretty much anyone who 4. Accurate and where necessary kept up to relates to bribing a foreign official. has a customer or employee! The data subject date Both offences refer to the provision of a is the individual about whom information is 5. Not kept longer than necessary for that financial or other advantage which could easily processed or used. Personal data is the purpose catch the invitation to a sporting event. What individual’s name combined with information will be the distinguishing factor is the intent 6. Processed in accordance with the data such as address, telephone number and behind the invitation. Was it an invitation to subject’s rights hobbies but not a name on its own or incidental promote a business to a prospective client or 7. Secure. A business should take appropriate was it an attempt to curry favour with an mention of a name in business minutes. technical and organisational measures individual who is for example key to a decision In other words before anyone can obtain or against unauthorised or unlawful processing making process on a tendering application. deal with any personal information about an of personal data and against accidental loss However companies must note that when identifiable individual in a systematic way that or destruction of or damage to personal data. dealing with foreign officials the bar for being data controller must be on a publicly accessible So for example if you use third parties to court is even lower. Here it is sufficient for the register. Once on the register and in a position process information for you, you should have official to be merely influenced for the act to be to deal with the data the data controller may in place written contracts to ensure that they caught under the Act. deal with the data only for the purposes and will abide by the data protection principles on So what is the risk to your business? within the limits imposed by the Act and even your behalf Provided the hospitality is commensurate with then some sensitive personal data will require 8. Not transferred to countries without the reasonable and proportionate norms of the further special treatment and protection. adequate protection. industry sector then it is unlikely to be seen as When personal information is collected, an issue. You may have seen headlines about used or stored by a business it has an obligation There are exemptions but don’t rely on them!! ‘lavish’ corporate packages being provided to to protect that information from being They mainly relate to matters of public interest individuals in relation to the Olympics. improperly used or distributed. So if you give such as national security, crime, taxation, social Lavishness is not in itself the test as to whether your information to a bank or gas supplier there work, examination marks, legal professional there was an unlawful intention but it will be an will be certain information you might not want privilege etc. indicator as to whether they give rise to an them to disclose to another business without The DPA is overseen by the Information increase in adverse inference on the individual your consent. Commissioner (‘IC’) who enforces the DPA benefiting from the hospitality. Key questions The individual whose details are being held provisions. They are an independent super- to ask are: or used also has a right to know exactly what visory authority reporting directly to Parliament. information is being held and the reasons why, Their duties include the promotion of good 1. Is the gift or hospitality reasonable and so they can access that data, for example information handling and the encouragement proportionate? information held by credit reference agencies of codes of practice for data controllers. They 2. Is there a legitimate business purpose? may be incorrect and clearly you would want to also publish legal guidance notes. If the IC 3. What are the companies in the same sector resolve this. posts an enforcement order and this is not met doing? Information can be processed manually or by then criminal sanctions against the company 4. Does the gift or hospitality confirm with your automated systems. Both methods are caught and in certain circumstances directors and/or own internal policies? by the Act. It affects all businesses no matter officers of the company could be imposed Remember if you have not already done so, you how big. together with unlimited fines. It could also lead should carry out a risk assessment to ascertain There are 8 data protection principles which to serious reputational damage of the company. what procedures need to be put in place.