In today’s increasingly challenging economic environment, many business owners must juggle several balls at once. One area that is all too often neglected is legal compliance. Caught up with day-to-day operations, many business enterprises have no idea they’re even breaking the law.
The law is an ever-changing entity. So it’s not surprising that some SMEs fail to keep up with every new piece of legislation. However, the legal system isn’t as forgiving, and ignorance of the law can bring crippling fines which frequently put a painful dent into a business’s finances and reputation.
Two areas in particular are worth keeping abreast of: proportionality and data protection.
Fiona Mahon is head of Company Secretarial, Corporate & Commercial at Eversheds Sutherland. Having been advising companies for two decades, compliance with the basics of company law, particularly in terms of proportionality, has always been challenging for SMEs, she says.
“Business owners must recognise that a company is a legal entity in its own right and its directors and shareholders are required to comply with certain rules and regulations in return for the benefit of limited liability,” she says. “Sometimes directors and shareholders forget this, which is usually when, in my experience, problems begin.”
According to Mahon, directors need greater understanding as to what a company is, what the duties of the directors are, and also the responsibilities of the shareholders. “The duties of directors are now helpfully set out in The Companies Act 2014, an act which sought to simplify company law for smaller private companies,” she says. “Still, it is not an easy read. The Companies Registration Office and Office of the Director of Corporate Enforcement have issued booklets on the subject, but generally most directors and shareholders do not read and understand these. If the directors and shareholders are the same, while this can simplify matters, the lines between both can become blurred and again this can cause some confusion and difficulties in ensuring compliance.”
Simply put, the role of the director is to manage the company, protect its assets and be mindful of its creditors and employees in discharging their duties. “While they own the company, the shareholders generally don’t – or shouldn’t – get involved in the day-to-day activities of the company,” she adds. “They are there to monitor their investment and the directors and do this through general meetings, most notably the annual general meeting.
“The Companies Act 2014 attempted to address some of the challenges SMEs faced by simplifying company law for smaller private companies,” she continues. “They did this by reducing the number of directors from two to one, removing an objects clause for the new form of limited liability company, thus removing ‘ultra vires’ which limited the capacity of a company and allowing for a simplified one-document constitution which replaced the memorandum and articles of association, amongst others.”
Data protection is an increasingly important consideration. Every business deals with personal data, whether of its customers, service providers or employees. However, new legislation, known as the General Data Protection Regulation (GDPR) – coming into force in just over a year – will result in a significant overhaul of the existing European data-protection regime.
Most importantly, it will create more rights that protect individual data subjects, meaning more legal obligations on businesses. "Without doubt, the single biggest concern that my clients have when I first discuss GDPR is the question of the type of consent they hold from an individual and whether that consent is valid," explains Ronan Daly Jermyn partner Bryan McCarthy. "As with the current law, before data can be processed by controllers they must first ensure that they are permitted to do so."
In McCarthy’s experience, many clients have been reviewing out-of-date consents or consents that did not specify the use that data is being put to today. “Following a surge in cloud-based storage, we are also seeing the problem of consents which did not envisage personal data being the subject of international transfers,” he adds.
The new administrative fining structures under GDPR, for those who fail to comply, are hefty. “Under GDPR, breach of the higher-tier provisions can result in a maximum fine of up to 4 per cent of the business’s preceding year’s global worldwide turnover or €20 million, whichever is greater,” says McCarthy. “Compare that to under the existing data protection law, where the maximum penalty applicable to most companies is €100,000.”
These are just two of the areas where companies may unwittingly fall foul of the law. Health and safety, labour legislation and much else besides make professional advice an absolute necessity rather than an option when it comes to matters legal.