The Warsaw conference saw greater interest than ever in the legal and other compliance topics which affect our industry and our individual businesses. These topics are diverse, as demonstrated by the Immigration Symposium and sessions on data protection and financial compliance. I have picked out some highlights below.
The challenge of very lengthy Relocation Service Agreements, which can impose challenging obligations on DSPs, has become a real concern for many businesses. I suggest below some areas to watch out for and how to minimise your exposure to unknown liabilities.
Finally, with IT hacking becoming an everyday occurrence, I am sharing some tips on how to improve your e-mail security.
Enjoy your Summer!
Gordon
Gordon Kerr
Employee Mobility Unit
Morton Fraser LLP
(gordon.kerr@morton-fraser.com)
Some Hot Topics from Warsaw!
1) Immigration
The Immigration Symposium contained a wealth of detail, with high levels of expertise shared on the challenges around "stealth expats" and a dive into African and Asian immigration issues.
Inevitably, the session on "Brexit and immigration" produced particularly strong views and a range of very different national perspectives. It seems certain that the UK/EU Brexit settlement will include the introduction of immigration controls for UK/EU movement, but we can only speculate on what these controls will look like - and what this will mean, in practice, for individuals and for businesses. It does seem clear, however, that not only will we see more business for immigration firms, but it is also highly likely that Brexit will produce at least a short-term boom in relocation activity.
Evidence for this projected relocation activity is already being seen in the UK financial sector, with companies such as HSBC and Lloyds Insurance already making announcements about switching some operations from London to Paris and Brussels, respectively. If UK headquartered banks and insurance companies lose their current EU "passporting" rights (i.e. the ability to operate across all EU countries), it is estimated that as many as 50,000 jobs will move from London to financial centres within the EU. Aside from Paris and Brussels, cities such as Amsterdam, Dublin and Frankfurt will be at the forefront of trying to attract these jobs.
An interesting perspective on this issue, highlighted at the conference, is that some cities, such as Dublin, already have such pressures on school places and housing availability, that it may be difficult to take full advantage of the potential opportunities for post-Brexit inward investment.
Away from the financial sector, it also seems highly likely that EU agencies, such as the London based European Medicines Agency, will move out of the UK. A wide range of cities, including Barcelona and Stockholm, are reported to be pitching to be the new hosts of these agencies.
There was general agreement at the Brexit session that the most pressing priority was to provide certainty around the rights of EU citizens working in the UK and vice versa. This is a major issue for employers across the EU and even more critical for the individuals and families who are directly affected. The next few months will hopefully bring clarity to this particular issue, but there is a growing view that Brexit negotiations, with a 2 year fixed timetable, are going to be very difficult. For relocation firms, it's a case of hoping that the stormy waters ahead will also create some real business opportunities!
2) Data Protection
The Data Protection session focused on what the EU's General Data Protection Regulation or GDPR, would mean for relocation businesses. The GDPR becomes law across all EU countries (including the UK) on 25th May 2018.
RMCs have already been tightening their data protection processes following the introduction, last year, of the EU-US Privacy Shield. This has implications for the whole relocation supply chain and we can expect to see further changes, including new contractual obligations, as RMCs and their corporate clients roll out their new, GDPR-compliant processes in advance of next year's deadline.
One reason why so much attention is being paid to the GDPR is the huge increase in the fines which will be imposed for non-compliance. These can now be as high as 4% of global turnover or 20 million Euros, whichever is greater.
Eye-watering penalties apart, the GDPR does not really alter, in a fundamental way, the basic legal obligations on businesses to protect personal data. In particular, the overriding requirement to take reasonable measures to keep personal data secure, whether that data is contained in electronic format or in a paper file, remains unchanged. And some new legal requirements, such as those relating to Data Protection Officers and Data Protection Impact Assessments, are aimed primarily at major data processing organisations and are unlikely to impact directly on relocation businesses.
So, what are the GDPR changes which are most likely to affect the relocation industry? I would highlight four areas:-
1. Individual consent: it will no longer be sufficient to rely on "implied consent" and all businesses will need to review the forms of consent currently relied upon to hold and use individuals' data;
2. Reporting security breaches: there will be stricter obligations on businesses to report, to the relevant data protection authority, any loss of personal data or unauthorised access to that data;
3. Handling enquiries from individuals: businesses must have processes in place to ensure that enquiries from individuals (e.g. to have their data deleted or corrected) are dealt with in a timely manner;
4. "Privacy by design": this is a responsibility to ensure that as new processes, software etc are rolled out in a business, key data protection principles, such as inserting a reasonable timetable for deletion of personal data, are built in to the new processes. With under a year to go to the implementation of GDPR, it is worth checking the practical guidelines now being issued by the various data protection authorities across the EU (e.g. the ICO for the UK). There will also be further information from EuRA on this topic over the coming months.
Service Agreements with RMCs
It seems that RMC service agreements get longer every year. To an extent, this is due to more complicated requirements in areas such as anti-bribery and data protection. The RMC clearly wants to ensure that its statutory legal obligations are replicated by contractual undertakings from its global suppliers.
But there can be no excuse for the huge ("kitchen sink") Agreements produced by some organisations, which are simply not fit for the purpose of governing the delivery of European destination services or whatever specific services are intended to be covered. For example, we sometimes see clauses in such Agreements which may be relevant to the delivery of US homesale services, but are simply not appropriate in the context of European homesearch.
The dilemma is that, having probably spent months trying to win the business, you will not want to allow contractual niceties to get in the way of a new source of income. So, do you accept a badly worded Agreement or do you (or your lawyer) try to make changes?
The practical problem here is that you could easily rack up substantial legal costs in "improving" the Agreement only to find that the new client insists on sticking to its "standard terms" and will not budge an inch. An alternative approach is to focus on the specific clauses of the Agreement which you believe could be harmful to your business. These may include:-
• Financial penalties related to your "performance" - are these fair? - can you also win bonuses for "high performance"
• Are you clear on the extent of your liabilities if things go wrong? - be very wary about clauses that require you to "indemnify" the client; are you fully insured against your potential liabilities under the Agreement?
• Payment terms - what currency are you required to invoice in? are you required to make any advance payments from your own funds? how quickly will your invoices be paid?
• Data security - what are the client's audit rights? are you liable for "penetration testing”costs?
• Choice of law - is the Agreement subject to foreign law and the jurisdiction of foreign courts?
These points are just illustrative of the clauses which can easily be overlooked in a long Service Agreement. They may appear to be technical, but they become very important when disputes arise.
It may be impractical to have a full pre-signing, external legal check of every Agreement, but it is important to have someone within your business who is able to spot the clauses which can come back to bite you later.
Tips for Improving Your Email Security
Email is fundamental to how we deliver relocation services. It has made all of us more efficient, but it can also give rise to security problems which can be very damaging to our businesses. Here are some tips to help you manage this risk:-
Choose a strong, unique password, that is:
Add a second layer of protection:
Do not send e-mails to the wrong person!
Do not click on suspicious links or attachments:
Be aware of the risks with public wi-fi:
Consider encrypting highly sensitive data:
The Legal & Tax Report is produced for The EuRApean by Gordon Kerr, the Employee Mobility Unit at UK law firm, Morton Fraser LLP.
Gordon Kerr
Employee Mobility Unit
Morton Fraser LLP