The compliance landscape is constantly changing. Reviewing those changes and understanding how they affect your engagement letters is a huge task. As an OverSuite subscriber, we do that for you formally on a quarterly basis and ad-hoc as changes arise.
What did we review?
This quarter we have reviewed…
- Changes to the professional body regulations to understand their impact on terms and conditions
- The scopes and service schedules to ensure no changes to legislations
- The impact of Brexit on data protection, legislation and specifically the Privacy Notice
What has changed?
Data Protection and Brexit
1. As the UK are no longer a part of the EU, we have added a new section to the Privacy Notice to clarify whether or not you transfer your clients data outside of the UK. Where data is transferred outside of the UK, a list of those countries must be provided in your Privacy Notice.
We have made some changes to the OverSuite wizard so you can provide this list automatically, but you must follow the below steps:
1. Relaunch your OverSuite wizard and open up the data protection tab.
2. Review your answers to the question ‘Do you transfer data outside of the UK?‘ and answer YES or NO.
3. Where you have said yes please provide a list of those countries separated by commas.
Once you have saved your progress, the privacy notice will have updated automatically.
For any countries outside of the UK who may hold your clients data, you must ensure that there are adequacy regulations under the Data Protection Act 2018 which ensures that their regulations will be deemed to provide an adequate level of protection for your personal information for the purpose of the UK Data Protection Legislation.
Where there are no adequacy regulations, you will want to ensure you have a binding contractual agreement with the relevant third parties to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the UK Data Protection Legislation.
We will not transfer the personal data we collect about you outside of the UK.
We may transfer personal data we collect about you to the following [insert countries] in order to perform our contract with you.
Before agreeing to transfer data outside the UK we check to ensure that there are adequacy regulations under the Data Protection Act 2018 in relation to each country which ensures that their regulations will be deemed to provide an adequate level of protection for your personal information for the purpose of the UK Data Protection Legislation.
Where there are no adequacy regulations we have binding contractual agreement with the relevant third parties to ensure that your personal data is treated by those third parties in a way that is consistent with and which respects the UK Data Protection Legislation.
2. Minor change to the Data Protection section to update the legislation reference within your Terms and Conditions.
[I/We] will comply with the General Data Protection Regulations and the Data Protection Act 2018 as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 which merge the previous requirements of the Data Protection Act with the requirements of the General Data Protection Regulation ((EU) 2016/679) when dealing with your personal data.
Changes Requested by You
Here are some other changes we have made after discussions with you:
1. The Terms and Conditions have been updated to incorporate situations where you conduct regular fee reviews based on the volume of transactions, for example number of invoices or payroll numbers.
Where the quote for the work is dependent on the volume of transactions, for example employee numbers or number of invoices, a regular review will be undertaken for any changes and the fee will be updated accordingly.
NEW Service Schedules!
We have some new service schedules coming soon. Check back for updates.
What do you need to do?
Changes to the Terms and Conditions have been updated automatically for you, however Privacy Notice changes are dependent on you revisiting the OverSuite wizard and reviewing your answers to the question “Do you transfer data outside of the UK?”
Where you do transfer your clients data outside of the UK, you should issue the updated Privacy Notice to your current clients. You can do this by copying and pasting the content across into an e-mail and sending this as an addendum.
What if I’ve previously amended the content?
Where you have made direct amendments to any statements that were updated within your Terms and Conditions or Privacy Notice, you can opt to retain your version or revert to the update.
Discover more about OverSuite
Learn how to reduce your risk and meet the highest compliance standards with our suite of Smart Engagement Letters that evolve with regulatory changes & auto-update in GoProposal for you.Discover More