Does Your Business Have to Comply with GDPR?

On May 25, 2018, a major rules change that impacts millions of businesses took effect. The European Union’s General Data Protection Regulation (GDPR) is the most significant change to European data security standards in two decades.

While the regulation has a direct impact on enterprises located or doing business directly in EU countries, it can also apply to U.S.-based businesses. GDPR gives consumers more control over how companies use their personal data. In particular, European consumers now have the right to:

  • Be informed about when companies are collecting their information.
  • Access the information companies possess about them, via a “subject access request.” Companies must provide the requested information within one month and correct any inaccuracies.
  • Have their information erased (this is known as “the right to be forgotten”).
  • Ask for restrictions on the use of their data.
  • Move or copy their data from one source to another (this is known as “data portability”).
  • Object to how companies use their data, including for direct marketing and when companies make automated assumptions about what an individual might want to buy.

Companies outside the EU are subject to GDPR if they collect personal data or behavioral information on individuals located in an EU country, even if no financial transaction takes place. A simple survey can trigger compliance requirements. Any businesses with websites that target-market to international customers may also have to comply.
A business is bound by the requirements if it specifically targets consumers in an EU country. For example, if the web pages use the particular country’s language and refer to users and customers in that or other EU countries, the EU regulators would consider that target marketing. Target marketing does not include a web page written in English that makes no such references, but that a European consumer could possibly access.
Any company selling goods and services via the Internet, and that targets EU customers, may have to comply. If your company fits the bill, you should:

  • Obtain clear and explicit customer consent for collection and use of their data for each type of processing done on the data. For example, one permission is required for sending e-mail marketing messages, another for sharing with third parties, and others for additional types of processing.
  • Protect collected customer data. The protection requirements are similar to standards in place in the U.S.
  • Notify the EU or other supervising authority within 72 hours of some data breaches. A breach must be reported if it involves “accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed” that can cause “risk to the rights and freedoms” of EU customers.
  • Notify the individuals within the EU when a breach presents a “high risk” to basic property and privacy rights, such as when account passwords are compromised

The EU can fine a company 2% of its global revenue for failing to report a breach on time. Other penalties can be up to the larger of 4% of revenue or €20 million (about $24.4 million.)

Prioritize your compliance efforts
Experts advise companies that are just starting their compliance efforts to identify the most important thing they need to do, and tackle that first. Lesser priorities follow from that.
As Chris Combemale of the Direct Marketing Association said, compliance is an ongoing process: “GDPR is a way of thinking about your customer, a way of thinking about your business that is permanent and long term.”

 

 

 

 

 

 

 

Preventing Heat Illness as Temperatures Soar

With temperatures rising, employers with outdoor workers need to take steps to protect them from heat illness.

California employers need to be especially mindful as Cal/OSHA has workplace safety regulations governing the prevention of heat illness. The heat illness standard came into effect about seven years ago as the number of deaths due to heat illness started climbing, particularly among, agricultural, construction and landscape workers, among others.

Heat illness occurs when the body’s temperature control system cannot maintain an acceptable level. Under normal circumstances, the body cools itself by sweating. However, when high temperatures and high humidity prevent the body from releasing heat efficiently, a person’s body temperature can rise quickly.

Progression to serious illness can be rapid. If left untreated, very high body temperatures might damage the brain and other vital organs – and ultimately cause a person’s death

You should take immediate action to seek treatment for a worker if they start exhibiting one or more of the following signs:

  • Headache
  • Fatigue
  • Dizziness
  • Confusion
  • Cramps
  • Exhaustion

 

Workers with existing health problems or medical conditions – such as diabetes – that reduce tolerance to heat, need to be extra vigilant. Some high blood pressure and anti-inflammatory medications can also increase a person’s risk for heat illness.

To ensure you are in compliance with California workplace safety regulations, you need to ensure the following:

 

Access to water

Staying hydrated is probably the single-most important step in heat-illness prevention. Water must be “fresh, pure, suitably cool” and located as close as practicable to where employees are working (and enough to provide at least one quart per employee per hour for the entire shift).

Employers should encourage workers to stay hydrated and drink water.

 

Access to shade

When temperatures reach 80 degrees, you must have and maintain one or more areas of shade at all times, when employees are present. Locate the shade as close as practical to the area where employees are working and provide enough to accommodate the number of employees on meal, recovery or rest periods.

Even if temperatures are less than 80 degrees, you must permit access to shade for workers to rest.

 

Preventative cool-downs

If an employee starts feeling unwell, they must be allowed to take a “preventative cool-down rest,” during which they must be monitored for symptoms of heat illness.

They should be encouraged to remain in the shade and not ordered back to work until symptoms are gone. Employees with heat illness symptoms must be provided appropriate first aid or emergency response.

 

Weather monitoring and acclimatization

Instruct supervisors on-site to monitor the weather so they can institute the correct procedures (like erecting shade at 80 degrees).

Acclimation procedures include close observation of all employees during a heat wave —defined as at least 80 degrees. New employees must be closely observed for their first two weeks on the job.

 

High-heat procedures

High-heat procedures (which are triggered at 95 degrees) must include:

  1. “Effective” observation and monitoring of employees, including a mandatory buddy system.
  2. Regular communication with employees working by themselves.
  3. Designating one or more employees to call for emergency services, if needed.
  4. Giving more frequent reminders to drink plenty of water.
  5. Holding pre-shift meetings on prevention.
  6. During high heat, agricultural employees must be provided with a minimum 10-minute cool-down period every two hours.

 

Employee and supervisory training

Ensure appropriate training of both your workers as well as supervisors. Nobody should be working outside in heat if they have not been trained in heat illness prevention and emergency procedures.

Employee training should cover:

  • The company’s heat illness prevention procedures.
  • Their rights to take regular water and rest breaks.
  • Importance of frequent consumption of small quantities of water.
  • Signs and symptoms.
  • Appropriate first aid or emergency response.
  • Importance and methods of acclimatization.
  • Importance of immediately reporting signs or symptoms of heat illness to a supervisor.
  • Procedures for responding to possible heat illness.
  • Procedures to follow when contacting emergency medical services, providing first aid.

 

Supervisors must be trained on the following:

  • The heat standard requirements.
  • The procedures they must follow to implement the requirements.
  • Procedures to follow when a worker exhibits or reports symptoms consistent with possible heat illness, including emergency response procedures and first aid.
  • How to monitor weather reports and how to respond to hot-weather advisories.

 

Emergency response and written procedures

Emergency response procedures include:

  • Effective communication.
  • How to respond to signs and symptoms of heat illness.
  • Instructions on what to do when employees exhibit severe heat symptoms.
  • Procedures for contacting emergency responders to help stricken workers.

 

Written procedures form part of an effective heat illness prevention plan that should include, but not be limited to your responsibility to provide:

  • Water
  • Shade
  • Cool-down rests.
  • Access to first aid.
  • The employees’ right to exercise their rights under this standard without retaliation.

 

 

How to Retain Your Fleet Coverage

As insurers continue tightening their underwriting for commercial auto insurance, they are inquiring about companies’ fleet management programs.

If a company lacks a program, some insurers are asking them to implement one if they want coverage. With this trend likely to continue as the number of traffic accidents and injuries continues to rise, it’s imperative for any company with a fleet – or even just a few vehicles – to identify opportunities for improvement and take any appropriate remedial action.

Areas to focus a fleet management program on include:

 

Driver training

One key element that’s often overlooked is senior leadership support, the lack of which can manifest itself in a variety of ways, including getting mixed messages from what is emphasized in training and performance feedback provided to drivers from supervisors. You should also:

  • Continually reinforce safety priorities in regular driver feedback.
  • Use annual performance reviews as training opportunities.
  • Have employees sign off on areas targeted for improvement or development.

 

Focus on distracted driving

If you have a fleet or any individuals driving for you, it’s of utmost importance that you have a strict policy for avoiding distracted driving. In your fleet manual, you should document that you continually reinforce rules on avoiding distracted driving.Focus on the use of hand-held mobile devices, the use of which increases the potential for accidents by 23%, according to the National Highway Traffic Safety Administration.

You have a choice to make:

  • Use technology-based measures, such as those used to prevent vehicles from starting when mobile devices are in use, or
  • Establish strict protocols on the use of mobile phones or other hand-held devices.

 

The latter may be sufficient in your case.

Tracking systems and litigation defense

Enhanced tracking systems, including video and telemetry, can help strengthen litigation defense, improve outcomes and reinforce training. Companies implementing telemetry systems with dash cams can verify what caused an accident. By using these systems, some operators have reduced litigation costs and court awards by 90%.

Logistics software

Logistics software can be used to enhance safety and improve efficiency in routing and job distribution. Even field vehicles can be equipped with shock sensors, operator requirements to complete inspections prior to movement, tracking and other features.

Review your coverage

On an annual basis, you should talk to us to ensure your insurance levels for drivers are adequate and appropriate.For contractors with fleet operations, commercial automobile insurance policies should have a minimum of $1 million in liability limits. Higher limits of $3 million to $5 million are typically required for transporting passengers or hazardous materials.

Driver screening and safety

Screen and monitor drivers by:

  • Obtaining an annual motor vehicle record for each driver with a points qualification system.
  • Administering DOT 7- or 10-panel drug tests with standard cut-off levels for pre-employment, random, reasonable suspicion and incidents that warrant testing.
  • Requiring that drivers complete online or in-person driving courses annually.
  • Requiring that drivers wear high-visibility reflective vests when outside the vehicle.
  • Identifying personal protective equipment for drivers in the right situation (plan for rain, snow, footing, etc.).
  • Supplying polarized sun/safety glasses to reduce glare.

Generally, from a risk management perspective, candidates applying for driver positions that have DUI offenses, reckless operations and suspended licenses are considered unacceptable, as are those with two tickets and one accident in a five-year period. Many firms try to keep drivers to below three minor tickets in a five-year period.

Incident management

All fleet drivers must be trained on what do after an accident. The top priority is to ensure all people are safe and taken care of. The next aspect is to collect all necessary information and take as many photographs of the accident as possible.

Subsequently, there should be follow-up to ensure everyone is safe and the incident report is completed correctly. Require that all incidents must be reported by the end of the shift, and set a 24-hour deadline for getting the claim into your system.

Inspections

Inspect vehicles prior to each usage. Pre-trip inspections typically include visual checks of tires and lug nuts, windshield, windows, wipers, lights and mileage.

Oil levels and tire pressure should be inspected weekly or more often, depending on weather conditions and vehicle utilization.

 

Don’t Get Caught without a Business Succession Plan

Many business owners may be good at running their companies, but the majority of them are failing to address essential long-term planning that is critical to sustaining their businesses.

The one area that the majority of business owners often neglect is planning for business continuity if they die or become disabled, according to the “2015 MassMutual Business Owner Perspectives Study”.

While the question of your death or disablement is not one that’s fun to ponder, it makes good sense for business owners to put plans in place in case the worst happens. One of the key ways to ensure that is to have in place a buy-sell agreement, which would essentially sell your company in the event that you are unable to run it any longer.

Business owners in the survey identified these concerns:

  • The effect on the business of the death or disability of the owner or key employee.
  • Protecting the business from disability and death of an owner or key employee had the second and third highest levels of importance (44% versus 42%, respectively). However, these two pillars were not very top of respondents’ minds, with 55% saying they rarely or never think about the effect of disability and 59% saying they rarely or never think about the effect of death.
  • Of those with a buy-sell agreement in place, just over half said it was funded with life insurance, but only 5% said it was funded with disability buy-out insurance. The rest were either funded with cash flow from the business or not funded at all.

 

What’s a buy-sell agreement?

A buy–sell agreement, also known as a buyout agreement, is a legally binding agreement between co-owners of a business that governs the situation if a co-owner dies or is otherwise forced to leave the business, or chooses to leave the business. If the business has just one owner, then the agreement should specify who would be buying the company and continue its operation.

A buy-sell agreement should be designed to protect the business from the five D’s – death, disability, divorce, departure and disqualification.

When properly executed, a buy-sell agreement can help ensure the continuity of the business when ownership needs to change hands for any reason. It is a legally binding agreement that requires one party to sell and another party to buy ownership interest in a business when a triggering event occurs, such as the death, disability or retirement of an owner.

This agreement structures the method and manner in which the business will continue in the event of the owner’s death.

In a 2003 article for Franchising World magazine, Patrick Olearcek explains: “The proprietor and one or more key employees [or partners] enter into an agreement which provides that the proprietor’s estate will sell the business to the employee at death.”

By agreeing to buy the company, the key partner, employee or associate relieves the owner’s family of the responsibility, and instead provides them with a lump-sum payment. A key employee, as opposed to the owner’s family, is in a much better position to continue the business operations properly.

 

Funding the agreement

The majority of buy-sell agreements are funded with life insurance. In the case of a sole proprietorship, a policy covering the life of the owner is typically bought and paid for by the key employee who has agreed to purchase the business.

The employee is also the beneficiary of the policy, which has a death benefit equal to the pre-determined purchase price of the business. Upon the death of the owner, the employee would receive the proceeds of the life insurance policy, then transfer that money to the owner’s heirs in exchange for all interest in and assets of the business.