The Legal Vulnerabilities that you NEED to be aware of

Well, here we are in the second quarter of 2021 already – where has the time gone?

Q2 has brought loads of excitement for us all already – the UK has started easing its lockdown restrictions, meaning many businesses are finally starting to be able to open their doors again (albeit slowly).

If the last year has taught us anything as business owners, it’s that your business needs to be covered from a legal perspective. I can’t think of a better time for business owners to really buckle down and make sure that they’re fully protected, so that they can grow and thrive in the best and safest way possible.

One of the most important aspects to think about from a legalities point of view is the vulnerabilities that could be hiding in the tiny cracks of your business. Let’s chat about what you need to be aware of, and give you some actionable steps to add to your to-do list:

Brand Protection

Brand protection is paramount for a flourishing business – you wouldn’t want to spend all of your time, energy AND money to grow your business for it not to be properly protected, right? Not protecting your brand opens your business up to significant risk. When you weigh the cost of brand protection against the cost of dealing with a brand dispute, it’s a no brainer.

This mostly comes down to trademarking and protecting your copyrightable works – so what vulnerabilities surround this, and what do you need to be doing?

If your business name hasn’t already been trademarked, you could accidentally be infringing on someone else’s mark. If there are trademarked names similar/the same to your business name, particularly within the same industry, you could be forced to rebrand at some stage in the future. It’s a ticking timebomb!
Check the UK trademark register to find this out ASAP, you can do it here – https://www.gov.uk/search-for-trademark
If there aren’t any similar marks, add trademarking to your to-do list. Nothing is stopping someone else coming along and trademarking your business name, and forcing you to spend loads of time (and money) on a rebrand
So, copyright exists as soon as you create a piece of copyrightable works – whether it be a design, marketing material or photographs. But there is a catch – you essentially need to ‘tell the world’ that you own that copyright. So how do you do that? Well, it all comes down to disclaimers – having the right disclaimers on your website, your contracts and any other important documents ensures your copyright is safeguarded
Check that your important documents and website contains these disclaimers. If not, get them in place!

Website Compliance

Having a website for your business is a brilliant asset. It can essentially act as your ‘shop window’. But remember, it’s also essential that it’s legally compliant – there are certain things that your website must have, otherwise you’re susceptible to risk, damaged reputation and maybe even fines.

Your website must have a privacy policy in place. This details what personal information your business collects, why you need that information and how you use it, pertinent particularly from a data protection perspective
If you don’t have one of these in place – get one as soon as possible
This ones about cookies – and not the kind you eat. Your website has to have a cookies policy in place too – this can actually be intertwined with your privacy policy as a ‘privacy and cookies policy. It outlines how your business uses cookies on your website
To go alongside your cookies policy, your website needs to have a cookies banner that users agree to when entering your site. This has to pop up EVERY time someone logs on your website
Another legal document your website must have in place – website terms and conditions. This states the terms users can actually use your website, and it protects the copyright in your website content (i.e., stops others pinching it and pretending it’s their own!)

Contracts

Now we know how important contracts are, every solicitor could go on about this until the sun comes up. What are some of the vulnerabilities you could be facing?

From a base level, just not having the right contracts in place to fit, cover AND protect your business opens you up to loads of risk
Look at your business from a birds-eye view, from a legal perspective – research and figure out which contracts you need to have in place. Some of the basics – customer terms and conditions and employment contracts
You need to have client contracts implemented for a number of reasons – receiving payment, refunds (particularly important for bridal boutiques) and setting out obligations to name a few. Make sure you have one in place that covers these points (at least):
What you’re specifically providing, how much you’re charging, what happens if a client doesn’t pay and liability (SUPER important – this covers what and how much you can be sued for if something goes wrong)
Do you have employees? It’s actually a legal requirement for you to give them a written statement of work the day they begin (aka an employment contract) – if you don’t have these contracts in place, get this drafted and signed swiftly

Data Protection and GDPR

This is a biggie, and you need to be aware of your business’s obligations surrounding this. Non-compliance with data protection regulations could land you hefty fines through the door. Here’s what to be aware of:

Does your business process personal data? Most do – if so, you need to register with the Information Commissioner’s Office (ICO). This is a fee you pay annually
If you don’t do this, you could be fined. If you haven’t done so already, register as soon as you can
Do you process large amounts of EU citizens personal data?
If you do, look into appointing an EU GDPR representative. Add researching and finding out if this is right for you (and your business) to your tasks
A Brexit one had to be here! So GDPR is an EU law that the UK did comply with. Following Brexit, the UK are waiting for an ‘adequacy’ decision’ from the EU to recognise the UK as having an adequate data protection regime (I know, boring jargon – it essentially means we’re waiting to see if we meet EU GDPR standards)
Keep your eyes peeled for this decision. You may need to make some changes to ensure flow of personal data is lawful, including putting in standard contractual clauses
For the time being, don’t make any changes
To make sure you aren’t opening yourself up to any data protection weaknesses or vulnerabilities, add reviewing and updating your data protection policies to your to-do list. Doing this quarterly is a great idea – and remember, you MAY need to change these following the EU GDPR decision

Keeping on top of your legals is extremely important to reduce business risk as you scale and grow. If after reading this you feel like you could benefit from some one-to-one advice, please take advantage of our free 15-minute legal advice calls, where you can ask any legal questions relating to your business. You can book a slot by clicking here!

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_5BT81T4ZMN	2 years	This cookie is installed by Google Analytics.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_p_hfp_client_id	past	Elfsight sets this cookie to implement social platforms on the website and enables the social platforms to track the users by assigning them a specific ID.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
G-5BT81T4ZMN	2 years	This cookie is installed by Google Analytics.
gtag.js ( Global Site Tag )		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
m	2 years	No description available.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
thrivecart_v2	session	No description
tk_ai	5 years	JetPack sets this cookie to store a randomly-generated anonymous ID which is used only within the admin area and for general analytics tracking.
tk_lr	1 year	The tk_lr is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_or	5 years	The tk_or is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_qs	30 minutes	JetPack sets this cookie to store a randomly-generated anonymous ID which is used only within the admin area and for general analytics tracking.
tk_r3d	3 days	JetPack installs this cookie to collect internal metrics for user activity and in turn improve user experience.
tk_tc	session	JetPack sets this cookie to record details on how user's use the website.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
m	2 years	No description available.
thrivecart_v2	session	No description

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_5BT81T4ZMN	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
G-5BT81T4ZMN	2 years	This cookie is installed by Google Analytics.
gtag.js ( Global Site Tag )		Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
tk_ai	5 years	JetPack sets this cookie to store a randomly-generated anonymous ID which is used only within the admin area and for general analytics tracking.
tk_lr	1 year	The tk_lr is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_or	5 years	The tk_or is a referral cookie set by the JetPack plugin on sites using WooCommerce, which analyzes referrer behaviour for Jetpack.
tk_qs	30 minutes	JetPack sets this cookie to store a randomly-generated anonymous ID which is used only within the admin area and for general analytics tracking.
tk_r3d	3 days	JetPack installs this cookie to collect internal metrics for user activity and in turn improve user experience.
tk_tc	session	JetPack sets this cookie to record details on how user's use the website.