Getting prepared for the General Data Protection Regulation

From 25th May 2018, the new General Data Protection Regulation (GDPR) will come into force. It will affect any businesses which hold personal data on customers or employees based within the EU. The fines for non-compliance with the new law are up to €20m or 4% of your global annual turnover. Although that sounds scary, don’t panic! The information in this blog will help you in your preparations for GDPR compliance.

Holding Information

A good place to start is to document the following:

• What data you hold
• The reason why you hold it
• Who is responsible for it
• Where and how it is stored

Think about the data you wouldn’t want to be disclosed. The use of encryption will reduce the risk of data breaches. If the proper standards of encryption are used, it will for the most part render the data useless to an attacker.

Communicating Information

You will need to review your current privacy notices. With GDPR, when obtaining personal data you must give the following:

• Your identity
• Your intended use of their information
• Your lawful basis for processing the information
• Your data retention periods
• The individual has the right to complain to the ICO if they think there is a problem with how you are handling their data
All of this is usually expressed in a privacy notice.

Business-to-business emails should be targeted toweards a person’s role, not at the specific person.

Business-to-consumer emails however should be targeted to the individual providing you have consent prior to contacting them.

You musn’t email people who have been asked not to be contacted, unsubscribed or opted-out in some way.


Consent to process data must meet the GDPR standards of being ‘specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn’.

Consent cannot be assumed from silence.

Access Requests

You will have a month to comply with access requests as opposed to the current 40 days.

For most requests, you cannot charge for complying with the request unless it is thought to be excessive.

If you refuse a request, you must tell the individual why and that they have the right to complain.

You should plan how you are going to deal with access requests and the right to be forgtten within the timescale.

Data Breaches

You will only need to notify the ICO of a breach if it is likely to result in a risk to the rights and freedoms of individuals; for example damage to reputation, financial loss or discrimination. In high risk situations, those directly involved must also be notified.

To reduce the impact of breaches, as well as the use of encryption, you should be prepared. Rehearse and have contingency plans in place for a worst case scenario.

Most importantly, inform everyone in your business of your new data protection policy.

Data Protection Officers

Your business needs a designated person to take responsibility for data protection compliance. They must have the knowledge, support and authority to carry out their role.

If you would like to contact us, please use the contact form below, call us on 01254 583515 or visit our website

How can you value your business?

There are various different ways to value a business. Each method will give a different figure from floor to ceiling values. This blog outlines a selection of valuation methods and in what circumstances they are most useful.

Asset basis

This is the value of the net assets of the business and is seen to be a ‘floor’ value. It is quick and easy to calculate however there are some drawbacks.
If your business uses historical costing as opposed to revaluation, historical depreciated costs do not necessarily reflect what the assets are really worth in their market. Also, this method doesn’t take into account the value of any intangible assets such as brands.

Dividend basis

This basis is useful for valuing minority shareholdings. The value of one share is calculated as the present value of future dividends being generated by the existing management team.
A cost of equity and estimated growth rate are required for the calculation so it is not as simple as the asset basis. Growth can be estimated based on historical dividend patterns or by calculating profit retention divided by reinvestment.

Cash flow basis

The cash flow method is more useful for majority shareholdings and will give a ‘ceiling’ value. The value calculated is the discounted value of the future free cash flows. Two different methods can be applied; free cash flows or free cash flows to equity.
Free cash flows is the after-tax operating (pre-interest) cash flows less net investments in assets. Whereas free cash flows to equity is the free cash flows less net interest paid.
The discounted value is to calculate what the future cash is worth in today’s terms.

Earnings basis

This method creates a market value using a price/earnings (P/E) ratio multiplied by the business’ earnings. Again, this method is useful for valuing majority shareholdings.
However, P/E ratios are only available for quoted companies. If you business is unquoted you would need to use a ‘proxy’ ratio i.e. an industry average or a ratio from a similar business to yours which is quoted. If you choose to do this, the ratio should be discounted as appropriate to reflect the fact that your business does not have the advantages of being on the stock market.

Hedging Foreign Currency Risk

Are you concerned about your exposure to foreign currency risk? This blog discusses the different derivatives available to reduce the risk of adverse currency movements.

Forward Contract

This is a bespoke contract to buy or sell foreign currency at a future date but at a fixed exchange rate. A forward contract will eliminate all downside risk and they are fairly easy to obtain.
These contracts are used to limit potential losses however this does also mean that no exchange gain would be made if the currency rates actually moved in your favour.
The other point to note is that everything about a forward contract is fixed being the date, the currency, the amount and the exchange rate. So if you find you no longer require it or want it for a different date, the original contract must still be adhered to.

Money Market Hedging

A money market hedge fixes the cost of a foreign payment by making a deposit in the spot market now; and fixes the revenue from a foreign receipt by borrowing in the spot market now. By depositing or borrowing prior to the payment or receipt, you are essentially fixing your own exchange rate.
This type of hedging may be useful if you are an importer with a cash surplus or an exporter with a cash shortage. However, money market hedges can be quite complicated and time-consuming to control so experience in this area would be advantageous.

Futures Contract

Similar to the forward contract where the future date and exchange rate are fixed. However unlike the forward, futures contracts are standardised amounts so you may have to under or over hedge.
A futures contract would require an initial margin deposit and also maintenance margin deposits.


An option is the only derivative that gives you the right but not the obligation meaning if the markets move in your favour and you would have an exchange gain, you can decide not to exercise the option and take advantage of that gain.
This upside potential does come at a cost being a non-refundable premium, payable upfront whether or not you exercise the option.

Currency Swap

A currency swap uses interest rates with cash flows in different currencies. So you would make a loan in one currency and receive a loan in another currency.
This type of hedge involves another party as you are ‘swapping’ interest rate payments over the life of the agreement. However you are still liable for the principle amount of debt you have borrowed and are therefore exposed to counterparty risk if the other party does not complete the interest swap payments.