“People to have more control over their personal data and be better protected in the digital age” under new measures announced by Digital Minister Matt Hancock. You would have to be from another planet to not, at least, have heard the phrase GDPR (General Data Protection Regulation). But what is it and how does it affect you? We’re all busy so, using the government guidelines, we have put together the bare bones of GDPR and what you need to have in place to ensure you don’t fall foul of the new laws as fines for non-compliance can be as high as €20M or 4% of annual revenue. Also, GDPR is still relevant, despite Brexit. It is a UK government backed regulation and furthermore, compliancy is vital if your business works outside of the UK. Laws aside, GDPR makes excellent business practice. Where is your company’s data? Understand what data you store and where it is located. This extends to any contact information you hold on anyone, anywhere in your business from central servers to databases on individual computers. Make sure the data you hold is compliant This means making sure that the data you hold is compliant, i.e. that it falls within all of the government guidelines for GDPR and data collection and also that you have gained permission to keep this information. Permission must have come directly from everyone on any list you maintain. Secure your data It is vital that you have taken steps to prevent the data being breached, lost or damaged. This is probably one of the most important areas of GDPR and is intended to prevent the careless leakage of people’s personal information. Show accountability As part of a GDPR check, you will need to show how you manage your data with all of the relevant audit trails and monitors in place. As we said at the start, this all makes for excellent business practice and it’s something we’ve inbuilt into docSAFE with layers of security and a deep understanding of how it needs to work to show your company is compliant and, just as importantly, professional and efficient. Talk to us and we can steer you through the challenges of GDPR.
It’s worth a quick recap on the many virtues of docSAFE and the reasons behind why thousands of UK professionals have been using it for over 15 years. So what is it? docSAFE is an online client portal. A safe place where you and your clients can store, exchange and collaborate on important, sensitive or regular documents. Why would you need it? There are many uses for docSAFE but the key ones are: security (and with GDPR on the horizon, this has never been so important), professional communications, online signing and professionalism. It replaces email, streamlines your processes and provides a legal audit trail (see who has read things, signed documents and make a quick list of any items that are outstanding, for example). How do you sign up? It’s quick, low cost and you’ll wonder how you managed without it. Speak to Mike for a quick demo and information on the next steps. It really is easy. Email firstname.lastname@example.org or call 0121 794 0685. Or you could watch our 2-minute, quirky video that tells you more.
When we first developed docSAFE, our secure client portal for professional firms, we were definitely thinking about addressing the issue of exchanging sensitive data in the most effective way – in a way that can’t be compromised and leave our professional clients open to hackers and human errors. How this has become interesting is that it has evolved in recent years to include secure messaging. In the way you might have text, email or Skype styles exchanges, so you can converse through the portal. In all instances – whether you are exchanging files or having a message exchange, the crucial thing is that the content never leaves the portal. The recipient of the file or message is notified of its existence and goes to the portal for retrieval. We’ve found that this is a really exciting concept for our clients as it adds yet another layer of security on top of the many we’ve already included such as 2-factor authentication and encryption. It also impresses their clients in turn as it shows how important they considers client confidentiality. We have a dedicated following of accountants and, it seems, we are attracting cautious, technophobe solicitors too! Ask us if you need to know more.
What a long way we’ve come in the past few years. From websites that invested heavily in words and told the visitor EVERYTHING to a more sophisticated, image-led approach that tempts the user into finding out more. This is a broad overview of how websites have changed but of course there is so much more and, importantly, much more to come… Design You’ll know an older website design as soon as you see it – boxy, contained, no scrolling and lots and lots of pages. The new trend is for image heavy sites that have a wonderfully long home page with lots of access points to key places on your site. It will be fluid and not restricted to a box template and, importantly (but still not adopted everywhere), websites that work on every type of device. Accessibility Older sites are clunky and hard to navigate. The user experience can be frustrating but equally so for the website owner – you should be able to get in to your own website and make at least basic changes without incurring costs from your web provider. There will be probably always be a need for support at a higher level but the ability to change opening hours, typos and update crucial information should be at your fingertips. Images versus words We were crazy for telling the user everything – now you should hold back, create a breadcrumb trail to tempt your visitor to find out more (and preferably by picking up the phone and talking – the basis of all good professional relationships). Images include real photos (avoid stock if you can) and video if you have the resources. Videos are perfectly acceptable at phone video standard and the rawness of an unprofessional film can be charming and honest. Google’s role Increasingly Google has started to shape the way we choose websites. It favours websites with fresh, changing content. It likes https to indicate the security level of your site. And it likes websites to have good content, relevant and informative. This doesn’t mean it should be long and unwieldy – just enough to make sense and satisfy a Google search. Also don’t try and outwit Google, we promise they are cleverer than all of us! Duplicated pages, hidden pages or even association with some SEO providers can result in your site being banned from their index. Websites are amazing, they achieve so much for the businesses they represent but it’s easy to get left behind. Talk to us – we can help with security, visibility and functionality with our client portal and online signing functions.
What even is http, let alone https? Well, http – the prefix to your web address stands for “Hypertext Transfer Protocol” and with the additional s? “Hypertext Transfer Protocol Secure”. The s actually stands for Secure Socket Layer Secure and that extra s makes all the difference for 3 key reasons. Reason 1: Https helps with SEO – when it comes to a competing Google search, you’ll always outrank any other business with the additional security layer provided by the s in https. Google favours security conscious companies, it’s that simple. Reason 2: Https adds an additional layer of security so what’s not to love about that? Anyone who is keen to protect their clients’ sensitive data should consider https as essential. Reason 3: Improved AMP (sorry another acronym). AMP is Google’s way of loading mobile pages quickly – Accelerated Mobile Pages. It needs https to work. If these 3 reasons aren’t enough – SEO, security and mobile-responsiveness – talk to us and we’ll explain more.
Email just isn’t safe and, when your business depends on it, you need to consider other ways of communicating. Emails can end up in the wrong hands – by human error or more sinister means. We’ve all sent emails by mistake (‘Sorry, that wasn’t meant for you’) and we also know of companies who have had their systems hacked. Both of these scenarios are commonplace. They also smack of incompetence and unprofessionalism – both bad news for any professional firm. So what’s the alternative? We believe it’s all about building layers of security, making it harder to access or make mistakes. docSAFE allows you to send an encrypted message to a secure portal. The recipient is notified and then visits the portal to collect it. The email, its contents and any attachments STAY IN THE SECURE PORTAL. You can also see who reads it (or not). It’s really inexpensive, simple and it works – please ask us for more details or a free trial.
We traditionally provide docSAFE to the professions who demand top security and client confidentiality (among other things). However we are seeing docSAFE rise in popularity with other sectors, almost by accident but with very good reason. You may have seen a mailer we sent out recently that illustrated how the NHS had suffered a huge breach of data of its junior doctors in the north-east. We researched this and found that the NHS staff use of WhatsApp is also widespread which is really worrying. Organisations that hold any personal data, especially publicly accountable organisations, should be using systems to communicate that are extremely secure. docSAFE has been designed to be secure on a number of key levels – secure login (using 2-factor authentication), secure portal in which to exchange messages and documents, online signing, to be GDPR compliant, offer automatic backups to secure EU based servers and much more. By using a portal instead of email, for example, the message sit in the cloud until the recipient accesses it. By return, the responses sit in the cloud until the sender accesses it. Both are notified and know the information is there – but it’s locked away safely, staying put, not flying through the ether. We are expecting more uptake of docSAFE by schools, colleges, universities, doctors and hospitals and similar organisations where security simply cannot be the weak link. Talk to us if you think we can help with your secure communications.
Making Tax Digital (MTD) presents a significant change for British tax payers and is a massive undertaking for HMRC who has ambitious plans for its tax administration. Quite simply, if you are a business that is VAT registered, under the new MTD scheme, your annual return will become a thing of the past. The new system is intended to help everyone keep on top of their tax affairs more effectively by bringing together all of an individual’s or organisation’s tax affairs and monitoring all the information on a monthly basis. “HMRC’s ambition is to become one of the most digitally advanced tax administrations in the world, modernising the tax system to make it more effective, more efficient and easier for customers to comply.” (HMRC) It would seem that one of HMRC’s key motivators is the many billions of pounds it loses through incorrect returns. “In 2014 to 2015 over £3.5 billion of revenue was lost due to these mistakes in VAT returns alone” (source: gov.uk). The key points to note: Every business and individual will have their own digital tax account, enabling them to see payments in and out, as well as their ‘balance’ – just like online banking It comes into effect April 2019 Businesses under the VAT threshold (currently £85,000) can choose to opt in or out of the new system, as preferred It is expected that all businesses will have to use MTD by April 2020 Information that can HMRC can obtain from employers, banks and government departments won’t be required to be provided The new system should create ‘tax in real time’ showing what is owing as close to real time as possible Better communications are proposed, allowing secure messaging “ICAEW welcomed the announcements. The institute’s position on MTD has been supportive of the move to digital in principle, but that MTD should not be mandatory or impose unreasonable admin burdens, and its introduction should allow enough time to ensure the system works. Removing mandation for the smallest businesses is a welcome step forward and one less regulatory burden for SMEs to worry about.” (ICAEW) This is a useful overview, provided by ICAEW: https://www.icaew.com/technical/tax/making-tax-digital
It really doesn’t matter how good your systems are if they are open to all. By having a portal that is as secure as it is possible to be, you are safeguarding your data, your clients’ data and your reputation. No one likes to work with a business that is flaky or relaxed about the security of their business, and this is especially true of the professions. We build in layers and layers of security which we believe is the safest approach. It would be a very confident organisation that claims they are impenetrable as hackers are increasingly sophisticated. However you should be working with a business that is ahead of the game, adding new elements of security and constantly active in developing its security. You might be forgiven for thinking that hackers aren’t interested in Joe Bloggs high street firm – but they are, for many reasons. They can add hidden links in the content of your website, diverting visitors away to another place. They can access data, information and your most sensitive files. This, as well as being highly alarming, also means your systems are non-compliant and the new GDPR data protection rules could mean your business faces huge fines if caught in breach. We could go on and on (and yes we have little bit) but we can’t stress enough how important security is. We can help if you think you could (or should) improve.
Yes we do go on about this quite a lot but with good reason! If you can offer an online signing facility, you speed things up no end, avoid unnecessary meeting time (save that valuable time for things that matter), no waiting on the post and you look incredibly cutting edge (and ahead of the game) at the same time. For us, online signing is safe, secure and complete no-brainer.