The pain of GDPR compliance and the long term effects

GDPR has no exemptions that organisations I work with can rely on, perhaps for the first time with data, we are all in it together.

The challenges facing organisations trying to comply are magnified by the amount of “fake news” surrounding it. I haven’t been surprised by the feeding frenzy from those trying to cash in yet I am somewhat alarmed by the number of “experts” on this untried legislation. I understood that it took 10,000 hours to become an expert in something and I’m wondering how the experts managed that. C’est la vie.

What truly concerns me is that this is a massive cultural change and I fear that the policies being written and disseminated are not going to empower the people that need to deal with data on a daily basis. During my 29 years in the field of risk, insurance and business continuity I have seen many issues that could have been avoided by educating people. Yet it seems that policies are written to ensure employment or contracts can be terminated rather than actually encouraging people to comply. I realise that this is partly due to legal precedent yet motivating people by fear is far weaker than motivating them by other means.

Having listened to many people and taking in copious amounts of information, I think that the feeding frenzy has prevented people from understanding the “mission” of the data regulators. They want organisations to be careful with data and respect the wishes and privacy of people like you and I.  It is not a lot to ask yet achieving that aim is undoubtedly awkward. It is a lot less awkward if the culture of an organisation recognises this.

I have this awful nagging doubt that people will not be motivated to do the right data thing if they are told off or, disciplined when they make mistakes. I’ve seen many policies that tell people what to do yet they are rarely allied with the cultural piece. Even rarer is the right level of education and reinforcement that motivates.

The deadline will come and go yet the mission of the regulator is not going to be achieved if the culture of blame continues to be the most pervasive in organisations. One issue that no-one seems to have thought about is the way salespeople treat data. Arguments over who owns it are regular, especially with the advance of online networks. Roughly 50% of people take data with them when they leave one organisation for another. There are at least two companies in breach when this happens and the individual has broken the law. It is theft after all.

The existing regulations state that this shouldn’t happen yet half of the population think it’s OK to take it when they really know that they shouldn’t. It could be argued that the policies that discipline people have worked because they have stopped the other half from doing this. Yet half is not enough. It should be a single digit number, at the very worst.

So policies and procedures are not working now. New ones will not change that if they don’t address the cultural side of human behaviour.

What can be done?

A new type of policy is required. Naturally, it should start at the top of an organisation. It should motivate people to change the way they think about data. It should be readable, not shrouded in jargon. It should reward people for doing the right thing. It should be something that everyone is reminded about. But not “beaten up” over.

Jason Cobine is an Insurance broker in London who works with businesses and charities. He has built a business from scratch, without pilfering data so he knows how hard it is. Yet it was a cultural decision that has been proved to be correct.

The GDPR is coming. Time to sit down, relax and take stock

This article is about the feeding frenzy taking place, how to avoid it and what to look out for in the run up to GDPR lift off.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

The vultures have been circling for some time now.

Plenty of people are putting the frighteners on good people that just want to survive the supposed relentlessness of heavily armed Data Commissioners issuing fines aplenty. Which will not actually happen. The ICO simply haven’t got enough resources to do that. Much like other agencies that are not for profit.

Speaking of which, it is those that are for profit that we need to be wary of. I’ve received several updated contracts from insurance companies dictating how data issues need to be resolved. My first piece of advice is to establish what your partners expect of you because, whilst the data commissioner might give you 72 hours to report certain types of breach, I am now contractually bound to give others 24 hours notice. Probably because they want the lions share of the deadline to get themselves ready. They also insist on certain types of data security and issue tight deadlines on “data subject access requests”. Cheeky but true.

So have you read all your contracts recently?

At least some of our partners are decent enough to tell us they’re being updated. Other contracts, like insurance policies, already cater for the change with clever wording. Where it states that they expect you to be complying with the law it actually means that as soon as the law changes, you have to be compliant with the new one. They don’t need to wait for the renewal of a contract to make you keep up with legislation. They’ve already taken care of it.

Are you going to read all your supplier or partner contracts? Probably not. Who has the time? I hear you sigh! Keep these in mind when you are changing your policies that are affected by GDPR. There might be a clash. You might want to notify them with 72 hours, yet they might stipulate immediately. Forewarned is forearmed and I don’t think fines are going to cause the biggest headache. I think it will be interruptions to business and loss of reputation and/or clients.

Government crack the whip

I have a feeling that the government announcement last week, that it would try and reduce the compensation culture by cracking down (again) on so called “whiplash” claims, might fuel the class action culture that Morrisons supermarkets find themselves subject to. There are a lot of companies that rely on that revenue stream (it’s in the billions) and they will switch to the next as quick as they went from PPI to holiday sickness claims. And PPI is coming to an end.

Wrap Up: We’re not overly concerned about the deadlines imposed by our supply chain because we have the resources to cope with them. Yet we’re very pleased we know what they are because a data breach causes enough confusion on it’s own.

Top Tip: Once you’ve assessed your position, review your contracts to see what else you might need to weave in. This is a once in 20 year opportunity to engage with your stakeholders. Done well, it will build trust regarding data and how you want to keep it safe. That trust is gold dust in the current climate.

How to protect risks to cashflow with insurance

This blog is about protecting cash flow, especially if those that owe money go bust.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation

What if a buyer goes bust?

With the global recession and Brexit, business owners are having to consider the impact this could potentially have on their business.  What if a client goes bust?  If a company is owed significant amounts of money from clients, it is a major risk to cash flow.

Gareth came to us with these questions and more.  He knew exactly what he wanted from an insurance.   Dealing with imports he needed peace of mind that he had cover if stock went missing.  He also needed to know that his invoices were covered if products didn’t reach the consumer. We took time to completely understand Gareth’s business to a granular level.

What if they don’t want to pay?

Business Owners need confidence that they are going to get cover that matched their needs and not be sold an off the peg insurance that doesn’t quite do the job.  After negotiating with underwriters we carefully selected the options that matched Gareth’s broad requirements.

One option included protection against protracted debts or liquidations relating to companies that had been invoiced. It often helps with obtaining quicker payments, from companies that are happy to share the debt, when the risk of a default is backed by credible protection.

What are the risks when reducing risks?

Following up with a meeting to go through the small print and fully explain terms, conditions and exclusions is a must.  We tell it like it is, the good and the bad so our clients can make informed decisions.

The devil is in the detail and it is often a surprise to everyone, including us, when it is interpreted based on a particular business. It’s our duty to actually recommend protection that fits each client and the most appropriate has to meet their needs, rather than provide the dreaded false sense of security.

Wrap up; Small print can be seen as an enemy yet there’s a lot that can be learned from it. Read our blogs on the different types of policies available. I used to be surprised at the number of people that told me that they had already covered everything, then sent me documents riddled with exclusions. I now know it is a common occurrence in our sector.

Top tip; Some people find out when it’s too late.Review your debtors regulary and watch out for slow payers and avoid companies that are shown as risks on credit checks

No-one will sue me or blame me

Business is easier to do when people are getting on yet it pays to keep everyone happy when relationships start to falter. This article is about money, the fact that it talks when opinions differ and why it is a foreign language for some.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

I’ve had an idea…..but I can’t do it on my own

Inventors are not just stuck in sheds. Some of them are hugely creative and have big idea after big idea. I am contacted by inventors when they want to protect an idea they’ve created. Most of them are in “start-up” mode and it takes time for the income to pour in.

However, they still need services to help them lift off and it is not uncommon to reach bartering agreements or agree profit or equity shares with those that help them out. Wonderful isn’t it? In an ideal World, yes, in the real World it depends. Recently, I’ve been contacted by two different companies who both had similar issues with such agreements . They were both being taken to court when such “contracts” had gone sour, they were very loose unwritten agreements.

We can’t agree about everything

But it pays to sit down and agree the basics. The first indication that something was going wrong was the receipt of a legal document outlining a case of a service provided that hadn’t been paid for. In each case the inventor thought they had “come to an agreement” yet the complainant asserted that nothing had been written down and they expected a prompt realisation of profits, which is rare. Both inventors were upset as well as being annoyed. One was being asked for £40,000 in fees for work they had “ordered”. The other was being invoiced for £18,000 fees for time spent “assisting” the start-uo.

Even after the first legal notice was issued, the inventor contacted the person that was “owed” the £40,000 and came to another agreement. They were somewhat surprised to learn, soon after, that the complainant had obtained a judgement against them and bailiffs were chasing them for money they didn’t have. Sometimes, the courts do odd things. Launching an appeal has proved fruitless for at lease one company facing a wind up order. Their business was closed down by a judge before the appeal date arrived. It is beyond belief.

You owe me, I sue you

Eventually, the money was found yet it had been earmarked for marketing so the launch had to be delayed in one case. The debts were paid when they may not have been legally liable to pay them. They were forced to settle because they didn’t have the resources to defend themselves.

Defending yourself doesn’t have to be ridiculously costly but it does take up time. High quality legal resources have to be paid for. It’s not only about what you sign, it’s about what you agree.  Verbal agreements are often considered binding by one party and failure to defend a corner means louder voices are likely to be heard. The balance between defending and paying up doesn’t always leave defendants between a rock and a hard place. I have plenty of clients who have successfully defended  spurious allegations.

Wrap up; Contracts aren’t always big documents and verbal agreements are often taken seriously. It’s really difficult to juggle all the tasks when unexpected legal issues arise. Not to mention the upset if you don’t know where to turn.

Top tip; Do not ignore issues that are on the “too difficult list”. They have a habit of resurfacing  and investor shareholders hate that too. It is not fair but the deepest pockets usually win.

Advisers “advice” drops client in it

This article about how insurances with the same “brand name” can look the same to the untrained eye, how pressure to provide quotations often stresses brokers, how lucrative industries carry the highest risks, and how you can reduce them.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

No two businesses are the same

Recently I was asked for “professional insurance” by two distinctly different businesses. One business advised multinationals on which businesses they should merge or acquire, and the other helped people in the UK to buy a business by finding them and introducing the investor to the current business owner. Both thought they were in mergers and acquisitions. This is seen as a very high risk industry by underwriters, and very few insurance providers will provide cover for such a high risk area.

The first business specialised in Anglo-Chinese business relations and was introduced to me by an accountant who understood exactly what I did. The introduction was made after the business had received a quotation that amounted to 18% of their annual turnover. You might think that is ridiculous, and it is, yet I have seen solicitors charged 38% of their turnover for insurance because of the ridiculous way solicitors are made to buy insurance.

Pressure cooker environment?

In each case, there was pressure to provide documentation to 3rd parties who wanted to work with these companies, yet insisted that they had appropriate insurance cover first. This is not at all unusual, in fact, about 50% of my clients have insurance requirements imposed on them by third parties. Yet they were all able to explain why they needed it and when the deadline was. So we make time to provide real advice.

Some of those I have been able to help were initially tempted to get the first insurance they could find that “ticked the box” of those demanding evidence that they were insured. Lot’s of people tell others “my insurance costs less than yours”. Giving in to the cost saving temptation means that businesses have ticked “a box” yet not actually protected their assets, income or reputation. Insurance that isn’t fit for purpose rarely pays out. Unless you are very lucky.

It actually takes as much as 30 days to arrange some insurances, because the insurance underwriters that understand emerging risks are in such short supply. After all, it is not car insurance, which has been commoditised and is available at the click of a finger 24/7, 365 – if you have a debit card.

Why are rates so high?

When talking to business owners looking for protection we first assess their requirements and then provide them with some ballpark estimates of the annual cost of protections. We do this because we are experienced enough to have a good idea of the rates achievable, and we know that some business owners haven’t budgeted for bespoke insurance. Some are shocked at the scale of the investment and we are often explaining that the situation is nothing to do with them. So who’s fault is it?

Some sectors have suffered from enormous losses because of the lack of care, skill, or diligence of the people operating in those sectors. Once insurance companies have “taken a hiding” from a particular sector, they might withdraw. You’ve probably read about how flood insurance is in such short supply. It actually isn’t, we have plenty of underwriters who will provide cover in reputed “flood zones”. Yet the media paint a different picture, and people believe what they hear often enough.

What the media don’t report is the high earning sectors that have suffered huge losses do not have many underwriters vying for their business, even if it is unique. This means that their rates will increase because there is demand, yet not much supply. Insurers need to come clean about the issues they resolve in a sector if they are to build trust and reduce risk.

Wrap up: Even if you are in a sector that has suffered losses there is plenty you can do to achieve the most competitive rates available. The first thing is to investigate losses that have happened in the sector in the past, and then work out exactly how to reduce them, using risk management. If you are unsure how to do this contact us and we will help where we can, or point you in the right direction.

Top Tip: When thinking of diving into a new sector, always speak to a set of good advisers first because solicitors, accountants, business advisers, perhaps even insurance brokers, may have experience in the sector or, at least, are able to point you in the direction of those that do. By asking the right questions you will find out more than your challengers know. The tax predicament, propensity to litigate and insurance rates will have a bearing on the profits you are able to make in any particular line of business.

Tailor-made insurance

This article highlights why it makes sense to review the risks a business faces, check that insurance policies are fit for purpose and what can happen if this is not undertaken regularly.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

I have this cover – what is it for?

After successfully covering something that the incumbent broker couldn’t, without too much trouble, I was invited to visit their premises, take a look around, and undertake a review. A reasonable way to reduce the time it takes to undertake a business risk assessment is to look at current insurance documentation.

Having collected the information, there was one piece missing, and I received an email to say it would be forwarded on to me as soon as it was received from the broker. At the same time the gentleman said it includes “x cover, and I don’t know what that is”. This is not unusual in my industry. A lot of people build relationships with their brokers and then buy what they recommend. Yet it appeared that the broker had recommended this particular cover, but had failed to remind the client what, or how, it actually protected them.

Does a review mean rates will increase?

When the document arrived it was pretty standard. After discussing various cover with underwriters, we got some options. The next step on such a large insurance programme (we are talking about a company who export £1.7million of high quality product to America), is to sit down again and discuss the terms and conditions of the options available to us. The rates we had obtained were 25% less than they were used to so it made sense for the Finance Director to invite us back to discuss in detail.

During this meeting I asked about previous incidents. It had previously been declared that there hadn’t been any in 5 years, apart from a mobile phone being lost. Whilst I collected information about staff, including health and safety arrangements, the Director sighed “staff, our biggest expense and liability.” I enquired how they proved to be a liability if no claims had been made and he said “we don’t have to tell them about things that aren’t insured, do we?” I ventured that they may not have to, yet insurance companies were not that kind. Insurance company requirements often mean that every issue has to be disclosed, no matter how trivial or whether it related to the cover they were providing or not. So the client regaled me with the tale of the dissatisfied employee who had threatened starting a tribunal alleging stress they were suffering was related to their work, and they had settled for £15,000 on the recommendation of their Human Resources consultant.

What do you mean we are covered?

I asked the client if they had discussed the stress related claim with their broker. “No” he replied, “we are not covered for this.” I felt it would be cruel to tell him that one of the policies he had in place would have provided him with advice on how to reduce the cost and time spent on such issues. Another may have provided cover for a legal defence and paying compensation if it were awarded. If only it had been explained to the client before the incident happened. This is because some policies only pay out if an issue is reported to an insurer as soon as it crops up.

As I said before, this is not unusual in my industry. Whenever someone tells me that they have insurance, but are unsure of what it covers, I realise that their broker has been order-taking, rather than providing an assessment of risk or any advice. What really sticks in my craw is that the previous broker had sold them a policy which wasn’t much use to them, yet by taking one of the optional extensions they would not have had to pay this £15,000 themselves So, with their current broker they invested over £100,000 and still had to fund a £15,000 claim from their own pocket.

At the last minute, the incumbent broker did try and persuade the FD that he should stay with them, and even resorted to the underhand tactic of trying to approach the insurance company I had recommended so that they could copy the work I had undertaken, and pull the rug from under us. Luckily they were not successful because we have strong relationships with underwriters and they give us exclusive terms and conditions, that order taking brokers cannot access.

The most alarming thing about this rather typical scenario is that the broker could have prevented his client from obtaining the cover he actually desired by trying this underhand tactic. The broker would have known this was the case, but was far more concerned with keeping the business than helping the client protect his.

Wrap Up: At the beginning of the process I had explained that his incumbent broker would probably try underhand tactics and it was best he didn’t tell them that we were involved in a review because it may prejudice his position if he did. He agreed that that was the case, yet when put under pressure by the incumbent, who begged for one more chance, he nearly shot himself in the foot. It happens, regrettably, all too often – yet not to us.

Top Tip: When seeking an assessment of risk, it’s important to request assistance from someone who has a reputation for looking after their clients rather than being an excellent salesperson. The hard sell is all too evident in this industry and masks the underhand tactics that too many brokers participate in, to protect their not so hard earned income.