Tag Archives for " ICO "

GDPR – A Glossary of Terms You Should Know

I did a straw poll of some small businesses recently, and it was interesting to find that the majority did not use a Business Plan for planning and forecasting.

It might be the same for you. Maybe you don’t have anything formal; perhaps you jot down your goals and thoughts from month to month (or, week to week)?

If you run your own business, or department within a business, you may wonder if writing a Business Plan is worth the hassle. You understand that it’s important to plan, but you’re not sure you want to spend the time doing it.

If you’ve ever wondered what the point of a Business Plan is, here are 4 reasons you need one today:

It sets out your business intentions

More businesses than you’d think waste time and money pursuing white elephants that have no bearing on their goals and objectives.

With a Business Plan, you’ll get to clarify and specify what you aim to achieve in the coming weeks and months. You can always refer to it when the next shiny object comes along; it will serve as a good way tp keeo you on track!

It prompts you to think carefully about your what your customers need

Entrepreneurs are by nature creative, and left to their own devices, could easily dream up a warehouse full of cutting-edge products and services. But…

…is anyone out there asking for them?

A well-written Business Plan poses the questions of customer demand, and how your products and services meet that demand.

It helps you zero in on your target market

A good Business Plan poses will contain a section on your target market.

So apart from the obvious bit on just who your product or service is designed for, it will prompt you to analyse and detail things like the current state of the market, how it’s changing, trends and any gaps.

Researching and knowing these things will help you position your proposition, and make the most of any gaps that your competitors are not serving.

It forces you to plan for the money

This is the section of Business Plans that people struggle with most!

It’s also THE most important part.

How else will you know how much you should aim to make as a minimum to cover your costs, and how much cash you must have in the bank each month to keep the business running?

Ignore the finances, and you could end up in dire straits very soon.


And, don’t forget, a Business Plan is a living document! You will get clearer on some of the elements, and you can adjust these to be more specific or realistic as time goes on.

Most business owners and bosses I speak to agree on one thing: having a Business Plan is crucial for goal-setting and the success that comes with it.

When it comes to writing that plan however, I find that actions don’t match the rhetoric!

Writing a Business Plan can appear intimidating, but it isn’t as difficult as you might think. The fear of it can make the task into a monster it’s not!

So, have you ever made these excuses to NOT write a Business Plan?

“I don’t have time”

A common reason used to get out of doing just about anything!

But as the saying goes, if something is important you’ll make time for it.


Besides, this nut doesn’t have to be cracked all in one day. You can purpose to work on one section every 2 – 3 days and at the end of the month, you’ll have your Business Plan!

“I’m not good with numbers”

And my response to that is, who is?

Not many of us can be described as mathematical geniuses, but that doesn’t preclude us from running – and planning for – our successful businesses.

While section headings in the document like “Sales Forecast” and “Projected Cash Flow” may discourage the numerically challenged, taking the time to stop and think about what those words actually mean will remove the dread you feel deep in the pit of your stomach!

For example, “Projected Cash Flow” is simply a summary of how much cash you need to run your business day-to-day, and for your Sales Forecast, put in estimates for what you anticipate your best and worst case scenarios will be in terms of sales (be realistic!). Also, work out the minimum number of units you need to sell to cover your costs.

See? It’s not so scary when you break it down.

“It’s don’t want to pay someone to do it for me”

Yes, paying for a Business Planning service like ours requires a financial commitment.

You can certainly do it yourself, and my Business Plan template here breaks it down into manageable chunks designed to help and guide you.

But if you can’t dedicate the time or effort needed to do it yourself, is the cost really worth the risk of going from one day to the next without a plan?

“It will change as time goes on, so why bother?”

A Business Plan is a living document, so yes, you will need to keep updating it.

When you plan for months, a year or more in advance, there are conditions and elements that you will become more aware of, things that will happen and need to be finetuned in the plan.

That doesn’t mean it’s not a worthwhile exercise. I’ve written about why it’s something you need here.

Do have a read, and let me know if you have any queries.

(If you’re still wondering what the point of having a Business Plan is, have a quick look at this).

(I’ve put together a post explaining what the jargon in a Business Plan means; here it is. Start by reading that; it will help you with this part).

I know this sounds patronising. After all, who knows your business better than you?

I can assure you it isn’t meant to be. The point I’m making is that, as well as giving an overview of your business, you have to be able to articulate things like the main idea behind it, your mission and objectives, and who your main competitors are.

Think about what the market is like, and where it is going

So, what’s the current condition of the market?

Is it growing, fairly stable, or declining?

Are there any notable underlying trends?

What is the demand in the market, and how do your products or services meet that demand?

What’s your Unique Selling Proposition, and are there any gaps in the market which you intend to fill?

Know the audience you are selling to

Which segment of the market have you designed your products and services for?

Women, or men, or both?

Working women, or stay-at-home mothers?

People within a certain age range?

Are they based in cities, suburban or rural areas?

Are they early adopters or technophobes?

What are their problems, and which of these will you solve with your products and services?

These are some of the questions which will frame your offering. And they are crucial, because sometimes it’s easy to forget that our products and services are NOT for us.

They must meet the needs of your target market. Give the people what they want, as they say!

Brainstorm some ideas about how you will price, market and sell your products and services

Take some time to think about your pricing strategy.

Most of the time, people think this involves plucking a price out of the air, but there’s more to it than that!

How much does each unit cost to produce, and what margin will the market tolerate on top of that?

How does that then match your expectations for income and profit?

Then, you need to think about how you want to market and sell products and services. Social media makes advertising and marketing more accessible, but bear in mind that what works for a similar business may not work for yours.

So, do a bit of research, and have some intentions for how you will conduct your sales and marketing campaigns.

How will you measure your success?

“Measure your success” sounds boring, I know!

But if you don’t work out in advance how you’ll do this, how will you know what you’re working towards?

And more importantly, how will you know when it happens?

Take some time to think through the finances

This part is easy to skip, but is probably the most important of all.

You need a certain amount of cash to run your business every month. Sum up your expenses (and don’t forget to include your salary).

What does the total come to?

That’s what the amount you need to have available. Not invoiced and waiting to be paid; actual cash in the bank. Anything less, and you immediately have a cash flow problem.

Many a business has been successful on paper and in terms of invoiced amounts, but ended up filing for bankruptcy because it simply couldn’t meet its obligations when they were due.

Another key point to address is the length of time you think it will take to make a profit.

It’s not unusual for some businesses not to make a profit for some months, or even years. As long as you know that upfront and are prepared for it, that’s fine!

But if that’s the case, do you have an idea of what the losses will come to each month? How will this be funded, and how long can you sustain that?

In my experience, people either don’t plan for these scenarios, or are far too optimistic with their figures.

P.S. Where I’ve recommended doing research, please don’t think it has to be onerous.

Ask your family and friends. Use the internet. Create a poll using Surveymonkey or Google Polls. Some professional bodies – such as the Institute of Directors – offer research sessions which you can access as part of their membership. Check with your professional body and see if they can help you do some, maybe they’ve even done something similar already and have some statistics they can share with you!

The deadline to submit your self-assessment tax return is 31 January. With just over two weeks to go, it’s a good time to go over the 5 steps you need to follow to complete your self-assessment tax return.

The purpose of the return is to tell Her Majesty’s Revenue and Customs (HMRC) how much you earned in the last tax year and based on the information you provide, the appropriate income tax you need to pay is calculated.

If you are self-employed – so you don’t earn a salary from which your tax is automatically deducted – or have more than one source of income, this applies to you!

You can either do the return yourself, or hire an accountant to do it for you (check out the ICAEW or ACCA websites to find an accredited professional near you).

If you do decide to do it yourself, there are 5 steps I suggest you follow. Before I tell you what those are, there are a few things you need to know:

·        Tax years in the UK run from 6 April to 5 April, e.g. from 6 April 2016 to 5 April 2017.

·        The deadline to submit your return and pay the tax due is 31 January after the end of the tax year*. Using the example above, the deadline is 31 January 2018.

·        Act NOW if you haven’t already, because late payments attracts a penalty! If you suffered from a serious illness, family bereavement or a natural disaster you’ll be given a pass, but forgetting or being away on holiday do not count as reasonable excuses. So don’t put this off any longer!

Check to see if you qualify

You have to complete and submit a tax return if you were self-employed in the last tax year, or earned more than £2,500 in untaxed income.

For example, for landlords with rental properties, or people who rent out rooms in their homes, if the income after expenses is more than £2,500, a tax return must be submitted.

Some of the other criteria to consider are earned interest or dividends more than £10,000.

There’s a full list of these criteria here https://www.gov.uk/self-assessment-tax-returns/who-must-send-a-tax-return, and there’s also an online tool where you can confirm if you need to do this https://www.gov.uk/check-if-you-need-a-tax-return

Register with HMRC

If you haven’t filled in a self-assessment tax return before, you’ll need to register with HMRC before beginning the process of filling in the return.

You can do that here https://www.gov.uk/log-in-file-self-assessment-tax-return/register-if-youre-self-employed

HMRC will send you a Unique Taxpayer Reference – or UTR – which you’ll need when completing the return online.

Collate all the information you’ll need

Before you start filling in the return, I’d recommend you get all your records and information ready.

You’ll be asked to provide details for a whole raft of things which I’ve listed below:

·        The total of what you earned in the year. That includes income from your business and any employment.

·        Any income earned from dividends.

·        Any income earned from rent.

·        Any income earned from business interests you may have outside the UK.

·        Any interest earned on your savings.

·        Any interest you paid on borrowings.

·        Any contributions you made to a pension.

·        Any benefits you received, such as state pension, Child Benefit or unemployment benefit.

·        Any perks you received, such as private healthcare or a car allowance.

·        Any income earned from the sale of property or shares.

·        The sum of any valid business expenses.

Complete the return online

Now, you need to fill in all this information online.

Log into the HMRC system here, and input the relevant information when prompted https://www.gov.uk/log-in-file-self-assessment-tax-return/sign-in/prove-identity

You can fill sections in, save, and come back at a later time to complete it, if you need to.

Organise your records

Haven’t been that prepared this year? You can always start now to organise your records, so next year’s return isn’t so tedious! These are some of the documents I’d recommend you start filing.

·        Invoices

·        Payslips

·        Receipts

·        Bank statements

·        Pension statements

·        Benefit documentation

·        P11D expenses and benefits form.

HMRC requires that you keep records for up to 5 years after the deadline.

So even though you’ve completed this year’s return, it’s never too early to get your digital or physical filing in place for next year. I do both for a catch-all approach – you can never be too careful with the taxman!

There is a range of online accounting software you can use to keep track of all these items, and you can also file away hard copies.


And if you get stuck?

HMRC has lots of resources online https://www.gov.uk/topic/personal-tax/self-assessment which you can look through.

And remember, you can appoint a qualified accountant to do this for you.

*The 31 January deadline applies if you do your returns online. You can go old school with your returns if you prefer, but the deadline for paper returns is 3 months earlier in the October.

An effective headshot can give theviewer a sense of who you are more than words can say.

Here, you need to commit to some timelines.

So, remember those objectives you listed above? Break them down even further into tasks, and for each one put down a realistic completion date.

That will make sure your plans are firmly rooted and realistic, as opposed to being pie-in-the-sky aspirations that you have no chance of achieving.

The second Payment Services Directive – also known as PSD2 – becomes UK law on 13 january 2018.

From the name, it’s easy to think it only affects banks.

But hold on! It has implications for you too.

Here’s a summary of what it’s about, and the main ways it will affect you.

So, what’s PSD2?

The first Payment Services Directive (PSD) from 2009 put in place a legal framework for payments and related services across Europe.

It covered the rights and responsibilities of consumers, users and providers of payment services, and ensured that European countries implemented, and were held to, a uniform set of standards.

PSD2 builds on the success of PSD, and at its core wants to increase competition in the industry while reducing the dominance of banks.

Big banks have traditionally held all the aces when it comes to the business of payments, and when you consider the amount of information they hold on their customers – data is big business, just ask Facebook! – there’s been little incentive for them to innovate what they have on offer. Save for a few companies such as PayPal, Apple and Stripe, few have been able to make even the tiniest dent in the banks’ market share.

Why is this a problem, you ask? It means that you as a consumer don’t have much of a choice. When you look at the UK, there are 4 big banks, with VISA and MasterCard being the two dominant payment card schemes. So where do you go for a truly different sort of service?

Why was PSD2 introduced?

PSD2 is set to become law in the European Economic Area (comprising the 28 EU member states, as well as Norway, Iceland and Liechtenstein) on 13 January 2018, and here are some of the reasons the wheels were set in motion:

1.       To encourage new players, especially those that are NOT banks, to get into the business of payments.

2.       To encourage the introduction of new, cutting-edge technology which will revolutionise the way payments happen in Europe.

3.       As a result of increased competition and technology, the expectation is that the cost of payments will fall. A bonus for consumers!

4.       To improve security around payment processes, and the way consumer data is handled.

Who is responsible for PSD2?

PSD2 is a directive issued by the European Commission, which becomes national law on 13 January.


How does PSD2 affect you?

You already have many rights when it comes to protection against misuse of your data, and any potential fraud.

PSD2 takes these even further, by mandating that banks and businesses that process payments use what is referred to as strong customer authentication (SCA) for payments.

This means they have to take significant steps to make sure any payment you make is actually coming from – and authorised by – you.

So if you find you’re asked to verify your identity or payment in a different way, don’t be alarmed. It’s all PSD2-related.

Talking about your data though, in a bid to promote competition and open it up to new organisations, banks could potentially share what they know about you with these new players to the market, who will fall into 2 categories:

Payment Initiation Service Providers, and Account Information Service Providers.

Agreeing to use these services could make your online payments simpler and more seamless, and you’ll be better placed to compare what’s available in the marketplace. It also means you could make a payment directly from your bank account without using a debit or credit card, which could save you any card charges and fees.

Don’t worry, your data won’t be shared without your permission! Banks – who as well as being dominant forces in the landscape, are also the largest repositories of consumer data – are required by PSD2 to share this data when you give your permission, as a way of levelling the playing field.

In preparation for PSD2, your bank will have sent the last few years developing technical integrations to make the data sharing process easier. There’s a whole initiative around this within UK banking called Open Banking, and your bank will have already sent you something that looks like this:


PSD2 is also meant to end a practice that’s been a pain for consumers for a long time.

You know when you go into a shop, or book theatre tickets online, and you’re charged an additional percentage for using your credit card?

That practice – known as surcharging – ends with PSD2.

That’s not to say that shops and retailers will take this lying down; it’s hard to know how they will respond. They might swallow the costs, put their prices up across the board (which would affect ALL buyers, not just those using cards), or offer shoppers an incentive to use different ways to pay.

The jury is still out on this one, so keep your eyes peeled to see what happen when you shop after 13 January!


How does PSD2 affect your business?

PSD2 only affects payment institutions, credit institutions, and electronic money institutions.

If this is not your core business, there is no impact.

The only thing to note is that, if you add a surcharge for credit cards when collecting payments, this practice will no longer be allowed.


Will Brexit affect PSD2?

The UK government has confirmed that PSD2 implementation will not be affected by the process of leaving the European Union.

Since that only takes effect in 2019, PSD2 will be fully implemented and transposed into UK law.

So much content has been produced about GDPR, it can be difficult for readers to make out the wood from the trees.

One of the things about legislation like this, is that it isn’t written in a way that’s clear and easy to understand.

I sometimes wonder if that’s deliberate; the language is intentionally ambiguous, businesses interpret it how they see fit, and then the regulator claims the interpretation isn’t the right one!

There are several terms relating to GDPR which regularly appear whenever it is discussed. To support your understanding of the subject, it helps to get familiar with these terms and what they mean.

To help you do that, here’s a glossary of GDPR terms you should know:


This occurs when Personal Data (see definition below) is changed so that individuals cannot be identified.

That makes it safer for the Data Subject (see definition below)and means the information can be used more widely since the risk of a breach has been reduced.


This refers to the permission which must be sought – and given– to collect and process data.

With GDPR, there must be clear proof of consent provided by a Data Subject.

Data Breach

The common misconception is that data breaches involve the loss of data only.

In reality data breaches happen when a failure in security results in the unintentional or deliberate destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Under GDPR, Data Processors have to report the breach to their Data Controller as soon as they find out about it, and Data Controllers then have obligations to report this to the Lead Supervisory Authority (see definition below)no later than 72 hours after becoming aware.

Data Controller

This is the organisation that determines the purpose and means for processing Personal Data (see definition below). So if your business collects any sort of data, you’re a Data Controller.

It means you will have to instruct any third party you ask to process data on your behalf, such as a cloud computing provider, and you need to ensure that your contractual arrangements with that third party cover how they process data in a manner that is compliant.

Note that a Data Controller can also be a Data Processor.

Data Processor

This is the organisation responsible for processing data on behalf of a controller.

For example if you use an application like Stripe to accept credit card payments, that application is functioning as a Data Processor on your behalf.

Data Processors have to maintain records of the personal data they hold, and how it is processed.

Data Subject

A Data Subject is the individual or customer whose Personal Data has been collected and processed.

The Data Subject has to provide consent for this to happen, and has Individual Rights pertaining to how his / her data is handled and kept.

Extraterritorial Applicability

You may hear this mentioned about the wider reach of the new regulations.

It refers to the fact that the GDPR is not restricted to businesses which operate within the borders of EU.

As well as all businesses in the EU, it applies to any businesses that serve or monitor customers resident in the EU, regardless of where those businesses are headquartered or located in the world.

For example, GDPR will apply to companies like Facebook, Amazon Web Services, Microsoft, Salesforce, Trello, Twitter and InfusionSoft, as long as they have EU residents as customers and hold their data.

Supervisory Authority

Each EU country has a regulator overseeing the new GDPR.

In the UK, that is the Information Commissioner’s Office (ICO).

Individual Rights

Data Subjects have 8 Individual Rights, which are:

1. Right to be Informed

Refers to the processing information to be provided by businesses as part of their privacy notification. Encourages Data Controllers to be transparent about how they use the data in their care, and here are details of the information that must be supplied.

2. Right of Access

Refers to the rights individuals have to access their personal data.

This will be requested via a Subject Access Request, and the data is to be provided free of charge.

The data must be provided within a month of receiving the request; there is scope to extend this by a further two months if the requests are many and complex.

3. Right to Rectification

Where personal data is wrong or incomplete, individuals can ask for them to be rectified.

The data must be rectified within a month of receiving the request; there is scope to extend this by a further two months if the request is complex.

4. Right to Erasure

Also known as the Right to be Forgotten, this refers to an individual’s right to ask for their personal data to be deleted.

5. Right to Restrict Processing

Refers to an individual’s right to stop their personal data being processed.

There could be a number of reasons for such a request, such as when the accuracy of the data is in question.

6. Right to Data Portability

Refers to an individual’s right to have their data moved, copied or transferred, typically from one technical system or environment to another.

7. Right to Object

Refers to an individual’s right to object to their personal data being processed and used for direct marketing or research.

Data processing must be stopped once such an objection is received.

8. Rights related to Automated Decision Making

Refers to the provisions for profiling and automated decision-making, such as in the case of loan and credit card applications.

Personal Data

Any data that can be used to identify a Data Subject.

Includes – and is not limited to – information about name, date of birth, address, email address, bank details, medical information, social media posts, and IP addresses.

Privacy by Design

This is an approach that puts data privacy and protection front and centre of a business’s projects, systems and processes. Instead of being an afterthought, which is usually the case, Privacy by Design means organisations make data privacy and protection a priority when designing and planning projects, products, systems and processes.

Special Category Data

This includes details of race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation.

Special Category Data contains details which are more sensitive than Personal Data, and can only be requested in certain circumstances since they present significant risks to fundamental rights and freedoms.

*Please note that this blog post does not constitute advice on the legalities of GDPR or data protection. It is for awareness and information purposes only; you remain responsible for getting independent advice and ensuring your business complies with the regulation.

  • February 24, 2018
  • GDPR

What To Do When There’s Trouble At Work

Some of the things we put up with in the workplace are truly incredible.

One would have thought that in this day and age, tales of bullying, unfair practices, discrimination and other displays of malevolence would be few and far between.

Unfortunately, that is not the case.

I have witnessed a lot of inappropriate and unprofessional behaviour over the years. I have even had some of it actively and intentionally directed at me.

While I can look back and say those experiences made me stronger and are a part of my story, no one should have to go through that.

I was younger then, and remember feeling powerless to change my situation. I did in the end – by walking out! – but I’ve never forgotten the distinct feeling of not having any options, and seething at how organisations often get away with treating employees with contempt.

Before I go further let me make this public declaration: My politics isn’t left-leaning.

While I can look back and say those experiences made me stronger, no one should have to go through any of that

Click to Tweet

I believe in a responsible capitalism. One where people are rewarded for their gifts and efforts, but those who need assistance are not left behind.

One where risk-takers and leaders reap the fruits of their labour, but those who work for them are paid a fair wage, and are treated with kindness and fairness.

One where management and staff alike communicate clearly and openly, both sides acting with integrity.

I think of it as compassionate capitalism. Am I being naïve? I know many in the business and corporate worlds who think so!

I’m also really struck by how employees appear not to have much recourse.

I must admit I’ve never been a supporter of trade unions: my feeling is that, certainly here in the UK, US and Europe, the war for workers’ rights has been won and modern-day unions are obsolete; symbols of a bygone era and a barrier to free enterprise.

Could it be time for me to revisit that view?

It would appear that the government had a similar perspective, and as part of a cost-rationalisation exercise in the public sector in 2013, introduced fees for employment tribunal cases. This meant that anyone making a claim for unfair dismissal, discrimination and other issues at work had to pay as much as £1,200!

As well as the cost implications, I imagine the government considered the majority of cases being brought to be frivolous and unnecessary; many of those that hit the headlines certainly appeared to be opportunities for people to cash in and make a quick buck.

Taking on an employer requires unshakeable resolve, and commitment of time and money. My interactions with lawyers – which have been very limited! – confirm the stereotype of eyewatering hourly fees, which deter many from taking things further.

Two recent incidents within a client organisation have made the subject of accessibility to the legal system for conflict resolution relating to employment matters very topical for me. They actually precipitated this article, which strictly speaking, has nothing to do with my business offering beyond a sense of having a personal obligation to speak up and make a positive contribution.

So here’s the first incident: New Boss starts in a business, and is keen to bring in his own team. As a result, Person A is made redundant. As you would expect, Person A starts jobhunting. Only thing is, he does so using his work email address. Person A receives a job offer and reference request to said email address. Boss INTERCEPTS email, and sends what I can only describe as an unfavourable reference to Person A’s potential new employer, who promptly rescinds the job offer.

The second incident: Company-wide cost pressures mean there has to be a reduction in headcount. Consequently, all areas are asked to review their operations and come up with efficiencies. The Boss in a particular department concludes that Person X’s role can be done at another location for less. Boss hires Person Y at that location, and asks Person X to train Person Y.

Boss also makes it known to everyone that Person X’s role will soon cease to exist.

Everyone that is, except Person X!

Person X, hears rumours and finally realises what is happening. Person X asks for clarification on the future of his role. For the first time, Boss advises Person X of impending redundancy.

I won’t detail my thoughts about how both situations were handled, except to say that I am appalled that a member of a company’s Senior Management Team could behave in this manner.

More instructive, is the fact that he has not been held accountable for it!

I was not able to directly influence these events, but this article is about raising my voice to declare these two things:

1. This sort of behaviour is NOT acceptable

2. You do NOT have to put up with it.

This article is to share my limited knowledge of how to handle such scenarios. If I help just ONE person who has been treated this way, I will have achieved my goal.

I hope this encourages you NOT to suffer in silence, and you know what to do if you are treated unfairly at work

Click to Tweet

But before I go further, please note this: I AM NOT AN EXPERT IN EMPLOYMENT LAW. This is NOT what I do for a living, and I strongly recommend that you seek independent legal advice (it may surprise you to find that this doesn’t always have to cost an arm and a leg, as I explain below).

These are the thoughts of a passionate lay(wo)man only; my contribution to making the world a better place…

…great! Let’s have a general review of what to do if you are facing trouble at work.

Keep a Record

I hope it doesn’t come to it, but if you need to get lawyers or a third party involved, it would be beneficial to have a written record of what has transpired.

Keep a diary (preferably NOT at work where it could be interfered with), relevant emails, proof of the times you have raised concerns.

Speak to Human Resources

Even as I recommend this, I know that this is a necessary, but time-wasting step.

Just my personal bias, I’m afraid.

I wish I could sugar-coat it, but I’ve never seen an effective HR Department (maybe that’s a business opportunity for someone right there…)

Perhaps you haven’t either, but don’t let that deter you from completing this necessary part of the process.

If you have to escalate, one of the first things you will be asked is if you brought your grievance to your employer’s attention formally. The employer could then claim they had no knowledge of the issue and were not given an opportunity to fix it, which would not work in your favour.

So go through the motions; get your complaint or query on record.

And of course, record the date and time of any meetings, and summarise what was discussed.

Have you heard of the ICO?

Here in the United Kingdom, the Information Commissioner’s Office is the independent authority set up to uphold information rights in the public interest.

While it could be argued that a work email address belongs to your employer, the employee may also be able to lay a personal claim to it, to some extent.

If a report to your HR Department does not lead to a data breach investigation, do report it to the Information Commissioner.

Start with Citizens Advice

An oft-ignored – but brilliant – resource here in the UK is Citizens Advice, a service charity that provide free, independent, confidential and impartial advice to everyone on their rights and responsibilities, on a wide range of legal issues ranging from work, debt, housing and consumer law to immigration and family law.

If you are being treated unfairly at work, I suggest reaching out to Citizens Advice as a starting point.

Last resort: Employment Tribunal

Again, no one wants things to get this far.

But it’s useful to know what your options are.

You may be aware of the Supreme Court ruling this July that the introduction of tribunal fees had detrimental consequences on access to justice, and employees’ ability to uphold their rights at work.

This re-balances the playing field, and empowers employees by removing the financial hurdles.

Just to remind you again, that I am NOT in the legal profession, and you MUST seek your own independent legal advice.

But I hope this piece encourages you not to suffer in silence, and goes some way to make you aware of what to do if you are treated unfairly at work.

Thanks for reading.