New Statutory Figures

The annual increase in compensation limits have been confirmed.  The limits apply to dismissals (redundancies or detriments etc.) occurring on or after 6th April 2018.

  • £508.00 – the maximum amount of a week’s pay for calculating statutory redundancy pay and the basic award; (up from £489.00)
  • £15,240.00 – the maximum statutory redundancy payment or basic award, i.e. 30 weeks (up from £14,670.00);
  • £83,682.00 – the maximum compensatory award which can be made for unfair dismissal (up from £80,541.00)  or one year’s gross pay whichever is the lower

These increases mean that the maximum total unfair dismissal award is now £98,922.00, although uplifts can add a further 25%.

Employees may be entitled to receive guarantee payments for up to five days of lay-off in any three-month period. The maximum amount of such a statutory guarantee payment will increase to £28.00 (from £27.00) for any one day.

The new rates take effect where the ‘appropriate date’ for the cause of action (such as the date of termination in an unfair dismissal claim) falls on or after 6th April 2018. If the appropriate date falls before 6th April, the old limits will still apply, irrespective of the date on which compensation is awarded.

Fit for Work – No more

From 15th December 2017, ‘Fit for Work’ has no longer been running its referral and assessment service. Free, professional advice is available in a number of ways. All of the advice and guidance elements of ‘Fit for Work’ remain in place, as the website (the most highly used aspect of the service) and helpline remain open.

The service was part of the Government’s efforts to find solutions to keep people in work (and off benefits). Reforms to Statutory Sick Pay (SSP) will be set out in a separate consultation paper, to include proposals designed to allow greater flexibility in the payment of SSP (for example, to support phased returns to work).

The ‘Fit for Work’ service was meant to aid employees who have been absent for more than four weeks, and to plug the gap in access to Occupational Health services. It was conceived just over two years ago as a way to boost medical interventions, by allowing employees to be targeted by GPs by referring them for ‘specialist help’. The scheme never really took off and has now been scrapped due to low take-up rates. Given that a survey in August showed that 65% of GPs had not referred a single patient and of those that had, only 40% had seen someone return to work.

We were never fans as we doubted whether the Government could attract and retain good quality staff that would actually see people, and make considered individually tailored recommendations that were reasonably practicable. We would nearly always recommend to employers that they use a reputable professional OH service to review the health and work of sick employees. We always advise clients that asking employee’s GPs for a report is unlikely to be too helpful, as the quality of response is often poor, reflecting their lack of knowledge about the employer’s jobs/environment.

Actions:

  • There is no need to have a retained OH provider but it is useful to know of one (or know someone who does)
  • Conduct return to work interviews which should pick up if people are returning to work when not fully fit
  • Do not let people drift once they have gone beyond four weeks of absence; get them referred to a reputable OH provider
  • Ensure that you give an OH provider a clear and realistic brief.

We would be pleased to recommend a good quality OH provider to employers who need this assistance.

Looking Ahead – Payslips

Arising from the Taylor Review into modern working practices, the Employment Rights Act 1996 (Itemised Pay Statement) (Amendment) Order 2018 has been laid before Parliament. This is a small but important amendment, which will require employers to set out on payslips the number of hours that an employee is being paid for; and where different hourly rates apply for different hours, to specify this. Where an employee’s pay varies as a consequence of the time worked, their itemised pay statement must contain information about the number of hours worked. This should make it easier for employees to understand what they have been paid for – and whether they have been underpaid.

We believe this is because the current legislation focuses on deductions, but for many people with variable hours, the difficulty lies in calculating gross figures.

The Order doesn’t come into force until 6th April 2019 so employers have plenty of time to prepare.

Our Consultants would be pleased to answer questions on any of the above, or you can find much of the data on our website, by clicking on Frequently Asked Questions.

The General Date Protection Regulations (GDPR) will apply in all EU Member States from 25th May 2018. It is important to stress that the GDPR is about much more than employee data. It is becoming increasingly clear to us that our extensive range of clients have a wide range of data protections issues, far beyond the employee information which they hold, and many do not meet the current Data Protection Act, let alone the even more onerous GDPR, so they are just not prepared. Our previous newsletter focussed on employee data. This newsletter will concentrate on broader issues which you need to thinking about with regard to what personal data as an organisation you process, store and dispose of.

One of the first things to consider is whether the organisation is processing personal data as a controller or a processor. A processor just acts on the instructions of the controller.

Countdown to 2018

The GDPR will harmonise data privacy practice across Europe. The emphasis is on protecting citizens and their data, and giving users more information about, and control over, how it’s used. There are a large number of national derogations. It is also likely there will be differences in the way the Regulation is interpreted and enforced in different Member States. It is believed that the British Data Protection Bill will not be ‘gold-plated’, i.e. not made more onerous than the EU Directive, on its way to becoming an Act of Parliament. The new law gives individuals more say over what organisations can do with their personal data (which can be anything from physical, physiological, mental, economic or cultural data and more).

The new law retains the same core rules as the Data Protection Act 1998 (DPA), and continues to regulate the processing of personal data, but there are some significant changes. These include the right to be forgotten, the right to request the porting of one’s personal data to a new organisation, the right to object to certain processing activities and to decisions taken by automated processes.

The concept of sensitive personal data has been retained and expanded to include genetic and biometric data. The actual term ‘sensitive personal data’ has been dropped, but is now re-termed as falling into ‘special categories’, i.e. information concerning a data subject’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences.

Board or Senior Management Issues

Data protection needs to become a boardroom issue, as the law is designed to put data protection at the top of the agenda for all organisations. This is done by creating a culture where everyone contributes to maintaining data privacy standards, ensuring compliance, thinking about how their own personal information to be processed, as well as handling the personal data of others, i.e. the people they deal with, such as customers/clients, patients, guests, residents, other stakeholders, members of the public etc.

Also, it’s not just about the threat of financial penalties. Individuals need to trust the organisations they are providing their personal information to, and have confidence that their information will be handled appropriately and securely, as without that trust there will be huge organisational challenges to overcome.

The GDPR introduces the principle of accountability which runs through the core of the legislation. Accountability needs to be entrenched in an organisation, requiring a change in mind-set and for organisations to take a proactive, methodical and accountable approach toward compliance. The Senior Management Team need to understand the potential exposure to fines, and other sanctions under the GDPR, and must get buy-in for compliance at all levels across the organisation.

Compliance

Organisations must be able to demonstrate their compliance with the GDPR’s principles, which will include adopting certain “data protection by design” measures, staff training programmes, and having suitable data protection policies and procedures.

You will need to identify means to “demonstrate compliance” – e.g. adherence to approved codes of conduct, “paper trails” of decisions relating to data processing and, where appropriate, privacy impact assessments.

Your internal governance processes will need to demonstrate how decisions to use data for further processing purposes have been reached and, that relevant factors have been considered.

Consent and Legitimate Interests

You need to ensure you are clear about the grounds for lawful processing relied on by your organisation, and check these grounds will still be applicable under the legal requirements. Consent is not the only mechanism for justifying the processing of personal data.

The processing of personal data will only be lawful if it satisfies at least one of the following conditions:

  • Consent of the data subject – this is broadly the same as under the DPA, but the GDPR has a narrower view of what constitutes consent, meaning that it will become harder to obtain consent. In practice, this means that data controllers will have to fall back on other processing conditions.
  • Necessary for compliance with a legal obligation – this is broadly the same as under the DPA. However, under the GDPR, the legal obligation must be an obligation of Member State or EU law to which the controller is subject.
  • Necessary for the performance of a contract with the data subject, or to take steps preparatory to such a contract – again, no change from current law.
  • Necessary to protect the vital interests of a data subject, or another person where the data subject is incapable of giving consent – this should only be relied on when there is no other ground available, e.g. medical emergencies.
  • Necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller.
  • Necessary for the purposes of legitimate interests – this condition can no longer be relied on by public authorities, but is probably the most important for many other organisations.

If you are relying on “legitimate interests”, ensure that decision-making in relation to the balance between the interests of the controller (or relevant third party) and the rights of data subjects are documented, particularly where this affects children. Make sure also that data subjects would reasonably expect their data to be processed on the basis of the legitimate interests of the controller or relevant third party. You will also need to make sure that you advise people of this reason in the information that must be supplied to data subjects. A legitimate interest ‘must be real and not too vague’. For example, it may apply to an organisation’s data processing as part of fraud protection, security measures or transferring that data between different parts of an organisation.In some ways the best reason is that the individual has consented to you processing their data. The standard to obtain valid consent has, however, been tightened up. Consent must be specific, freely given, informed and unambiguous. The conditions for obtaining consent have become stricter. To justify consent from a legal perspective, ensure that:

  • consent is active, and does not rely on silence, inactivity or pre-ticked boxes;
  • consent to processing must be distinguishable, clear, and not “bundled” with other written agreements or declarations; there is a presumption that forced consent mechanisms will not be valid, so it must be clear exactly what people are assenting to;
  • consent requests are separate from other terms and conditions; organisations should avoid making consent a precondition of a service, unless necessary for that service, and must not be used as a vehicle to get consent to something else, e.g. receiving email;
  • the data subject must have the right to withdraw consent at any time, but this will not affect the lawfulness of consensual processing before its withdrawal;
  • there are simple methods for withdrawing consent, including methods using the same medium used to obtain consent in the first place;
  • separate consents are obtained for distinct processing operations; and
    • consent is not relied on where there is a clear imbalance of power between the data subject and the controller;

Further guidance is expected, but organisations will need to review existing consent mechanisms, to ensure they present genuine and granular choice. Granular means that you give a thorough explanation of options to consent to different types of processing wherever appropriate. You will need to determine whether any of your current processing is based on assumed consent and if so, this must be stopped, unless you can get consent, or have another legal basis for the processing. You must audit data privacy notices and policies to ensure that individuals are told about their right to object, clearly and separately, at the point of ‘first communication’. For online services, ensure there is an automated way for this to be effected.

Security

Controllers and processors are required to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The assessment of what might be appropriate involves considering the context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of individuals.

Appropriate measures are set out as possibly including:

  • pseudonymisation (separation of data from direct identifiers so that linkage to an identity is not possible without additional data to re-identify the person);
  • anonymisation irreversibly destroys any way of identifying the data subject;
  • encryption and other measures, such as firewalls, to prevent hacking;
  • ensuring confidentiality, integrity, availability and resilience of processing systems and services;
  • ability to restore availability and access to personal data in a timely manner in the event of an incident; and
  • the regular testing and evaluating of technical and organisational measures designed to ensure security of data processing;

The best way for organisations to deal with this is to minimise breaches, but also to have policies in place to enable staff to assess risk in order to show compliance. As with so much of the GDPR, being able to demonstrate that the proper precautions and steps were taken will be crucial. If your security measures are currently fit for purpose, you are unlikely to need to do much more. However, it would be worth reviewing these measures to ensure they are up to date with the latest technology and threats. However, many changes are not about technology it is simple stuff like not leaving files on photocopiers, or on desks or screens when we are not there.

In a recent case against Morrison Supermarkets, the High Court has held that an employer was vicariously liable for the actions of a disgruntled employee who disclosed the personal information of around 100,000 colleagues on the internet. Although the disclosure took place outside working hours, and from the employee’s personal computer, there was a sufficient connection between the employee’s employment and the wrongful conduct for it to be right to hold the employer liable. There is no suggestion that Morrison was negligent, but they are facing a potentially large amount in compensation. This highlights another warning about how the employer can be held responsible for the acts, lawful and unlawful, of its employees.

Subject Rights

Many existing rights are retained or enhanced in GDPR, and there are some new ones. Here is a selection:

Subject Access

The right is retained, but it will no longer be permissible to charge a fee, and the time limit is reduced from 40 days to a month.

Rectification

The Data Subject can have incorrect data corrected and incomplete data completed.

Erasure (“right to be forgotten”)

The Data Subject can tell you to erase their information and you must do so unless you have a good reason (from among the options set out in GDPR) to retain it.

Restriction of Processing

The Data Subject can restrict your processing of their data if there is an unresolved question of its accuracy, and in some other specified situations.

Portability

In certain cases (mainly where the Data Subject has signed up to online services), they can have their data transferred directly to another provider.

Direct Marketing

As now, the Data Subject has the right to stop you from sending them any direct marketing, and you must make sure they know about this right. If you currently send email campaigns, you need to make sure your audience has opted in to receive information, and that you have a record of when and where that person opted in. (To prove it was a person and not a ‘bot’, a ‘double opt-in’ is required). This may mean re-opting in all the people on your mailing list before May next year.

Profiling & Automated Decision-Making

There is a new right giving people the right, in some cases, to prevent “a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her’.

Complaints and Compensation

Data Subjects have the right to complain to the ‘supervisory authority’ – i.e. the Information Commissioner – and have the complaint investigated.

Data Sharing with Other Organisations

If you process personal data as part of work in collaboration with other organisations, then both or all organisations are likely to be joint Controllers. Under GDPR you can’t pass the buck between processor and controller. Each business is responsible for upholding the same standards, and you’ll want to work with businesses who are GDPR-compliant. You must set out ‘in a transparent manner’ your respective Data Protection responsibilities, and to make the ‘essence’ of the arrangement available to your Data Subjects. Data Subjects may exercise their rights against any of the joint Controllers.

Work with relevant partners who may collect data on your organisation’s behalf to assign responsibility for notice review, update and approval. You need to review all your collaborative projects and activities to ensure that, where applicable, your agreements are clear on each party’s Data Protection responsibilities.

Controllers and processors are also required to ensure anyone acting under their authority accessing the personal data, does so only in accordance with their instructions. Compliance may (but does not have to) be demonstrated by adherence to an approved code of conduct or certification mechanism.

Controllers and processors should agree to report to other controllers or processors that are involved in the same processing, any relevant compliance breaches and any complaints or claims received from relevant data subjects. They should agree on their respective obligations for data protection compliance, their respective liabilities for data protection breaches and mechanisms for resolving disputes regarding respective liabilities to settle compensation claims.

Action

Assign responsibility and budget for data protection compliance within your organisation. Whether or not you decide to appoint a Data Protection Officer (DPO), (or have to) the GDPR’s long list of data governance measures necessitates ownership for their adoption being allocated within an organisation.

Ensure that a full compliance programme is designed for your organisation, incorporating features such as: Privacy Impact Assessments (PIAs), and regular audits of data, data protection updates, and training/awareness raising programmes.

Monitor the publication of supervisory authorities/EU and industry published supplier terms and codes of practice to see if they are suitable for use by your organisation. If you are a supplier, consider the impact of the GDPR’s provisions on your cost structure and responsibility for signing off the legality of your customer’s activities.

Implement measures to prepare records of your organisation’s processing activities. If you are a supplier develop your strategy for dealing with customer requests for assisting with the development of such records.

Teamwork not just IT

You should establish a GDPR compliance team with the necessary skills and experience to develop; implement and coordinate a compliance plan. Initially this will mean analysing existing data processing activities across the organisation’s employment lifecycle to identify high-risk areas.

Develop a timeline to implement a GDPR compliance programme.

Next Steps

  1. Carry out a risk assessment (PIA) and then act on the results:
    1. Document all current processes and data flows
    2. Analyse any potential areas of weakness or vulnerability
  2. Document:
    1. What personal data you hold and why?
    2. Where it came from?
    3. Who you share it with?
    4. Business relationships with service providers, data providers and contractors and ensure they are GDPR compliant.
  3. Identify the lawful basis for your processing activity.
  4. Review/establish processes for seeking, recording and managing consent and refresh consents if they do not comply with GDPR.
  5. Document the procedure in place to detect report and investigate personal data breaches and audit them.
  6. Document and review procedures for communicating privacy; dealing with individuals rights re erasure, subject access requests, objections; transfer of data etc.

Checklist

  • Make someone responsible for managing GDPR and data strategy.
  • Add opt-ins to all your digital marketing, and ensure you get a double opt in.
  • Restrict access to personal data to only those who need to have access to it.
  • Ensure you have up to date security systems, such as firewalls, backups, encryption and authentication and test them on a regular basis.
  • Explain to users, in plain language, what data you’re holding, how long you’re holding it for, and how users can withdraw their consent. Your policy has to be simple, appropriate, and contain all the required information.
  • Develop a detailed breach response plan, including when to notify regulators and individuals, as well as how to handle data breaches from a media perspective.
  • Consider making financial provision to handle transitional costs, any data breaches and taking out insurance to cover data breaches.
  • Keep records of any data breaches, what data was compromised and how the breach was dealt with as well as what steps are being taken to ensure that type of breach does not re-occur.

We are not saying that this is all you need to know about Data Protection, but if you address these issues it is likely that you will have covered all the most important matters.

 

Please feel free to ask any questions of our Consultants who would be pleased to advise on any element of this newsletter.

Statutory Rates

The current weekly rate of Statutory Maternity Pay is £140.98 (or 90% of the employee’s average weekly earnings if this figure is less than the statutory rate). The rate of Statutory Maternity Pay is rising to £145.18 on the first Sunday in April, which in 2018 is 1st April.

Also on 1st April 2018, the rates of Statutory Paternity Pay and Statutory Shared Parental Pay will also increase from £140.98 to £145.18 (or 90% of the employee’s average weekly earnings if this figure is less than the statutory rate).

The rate of Statutory Adoption Pay also increases to £145.18. This means that, from 1st April 2018, Statutory Adoption Pay is payable at 90% of the employee’s average weekly earnings for the first six weeks, with the rest of the adoption pay period at the rate of £145.18, or 90% of average weekly earnings if this is less than £145.18.

Minimum Wages

The Government will increase the National Living wage (NLW), which applies to workers aged 25 and over, by 4.4% from £7.50 to £7.83 per hour.

At the same time, the National Minimum Wage (NMW) rates will be increased as follows:

  • from £7.05 to £7.38 per hour for 21 to 24 year olds;
  • from £5.60 to £5.90 per hour for 18 to 20 year olds;
  • from £4.05 to £4.20 per hour for 16 and 17 year olds; and
  • from £3.50 to £3.70 per hour for apprentices;

What you must do:

If you employ people on these rates, review what you can do to limit the impact.

If you employ people on just above the living wage, then consider whether your reward strategy will remain competitive, and what you are going to do about it.

Do not try to avoid payment; the financial and PR consequences are substantial.

If applicable, communicate with your staff the impact on their pay, and consult over ways to improve productivity.

Termination and Settlement Payments

From 6th April 2018, termination payments made ‘in lieu of notice’ will be taxed at the employee’s highest rate of income tax. The statutory element of a redundancy package – i.e.: the part that an employer is required to make by law – will remain tax-free. However, another common element of many termination payments, the payment in lieu of notice, will be hit with both income tax and National Insurance.

This is part of a HM Revenue and Customs (HMRC) drive to align tax and NI, so that whenever an income tax payment is made, NI will also be payable. For many employees, it is the payment in lieu of notice that makes up a big proportion of their termination package, and so this is an important change. The current position is that no NI contributions are paid on termination payments where £30k has been paid free of tax. This can amount to a significant cost saving, particularly for employers.

The legislation requires the employer to identify the amount of basic pay that the employee would have received if they had worked their notice period, even if the employee leaves the employment part way through their notice period, or do not work any of it. This amount will, in future, be treated as earnings and will no longer be subject to the £30,000 exemption. All other parts of the termination payment, e.g. compensation for loss of office, will be included within the scope of the £30,000 termination payments exemption. Employers will also be required to pay NICs on any part of a termination payment that exceeds the £30,000 threshold.

It is anticipated that this will be collected in ‘real-time’, as part of the employer’s standard weekly or monthly payroll returns and remittances to (HMRC). HMRC will add the redundancy payment to a worker’s annual earnings in order to calculate how much tax is payable. The worker will then pay tax at their highest rate. This means that redundancy payments will tip many lower paid workers into a higher tax bracket, meaning that they may be paying 40% or even 45% tax plus NICs at 13.8% on a payment that has historically been paid tax free.

According to the HMRC; this measure is intended to bring fairness and clarity to the taxation of termination payments by making it clear that all Pay in Lieu of Notice (PILON), rather than just contractual PILONs, are taxable earnings. All employees will pay tax and Class 1 NICs on the amount of basic pay that they would have received if they had worked their notice in full, even if they are not paid a contractual PILON. This means the tax and NICs consequences are the same for everyone and it is no longer dependent on how the employment contract is drafted, or whether payments are structured in some other form, such as damages.

The distinction between the different types of payments in lieu of notice will be removed. In broad terms, the basic pay that the employee would have received had they worked out their notice is subject to tax and NI in full, irrespective of whether there is a clause in the employment contract giving the employer the right to terminate the employee’s employment by making a payment in lieu of notice (PILON). Any payment that the HMRC deems to be in respect of notice must be taxed, so the old distinctions between contracts with and those without a PILON clause will go. Unless it is very clear that someone has been paid (and taxed etc.) during a period of notice then it is likely that the HMRC will expect payments, which reflect notice period, to be taxed. Hiding it within broad wording about payments being ex gratia, or all inclusive, are very unlikely to be effective. Basic pay for these purposes is the employee’s pay in the period immediately prior to the date on which notice is given or, if no notice is given, the date the employment terminates. Basic pay excludes overtime, bonus, commission, allowances, share and share option gains and benefits in kind.

Employers, but not employees, will have to start making NI contributions. The existing NIC exemption for employees will be retained, even if the payment exceeds £30,000. The Government has said that employees will continue to benefit from an unlimited employee NICs exemption to ensure that those who lose their job will be supported through the tax system.

The ‘disability exemption’ will expressly not apply to compensation for injured feelings, unless the injured feelings amount to a psychiatric injury. This provides a 100% tax exemption for termination payments made only on account of the employee’s disability or injury where it prevents them from carrying out their job. Given that we have never sought to apply this exemption, it is unlikely to be much of a loss to anyone.

Those employers whose employment contracts do not contain PILON clauses should now consider revising them, and inserting contractual PILONs. Paying notice monies in damages (compensation for loss of office or injury to feelings) will cease to be tax efficient and means that the employee stops being bound by on-going contractual obligations such as post-termination restrictive covenants. Dismissing with a contractual PILON clause means that there is no breach of contract so the employee cannot claim that the employer’s breach of contract releases them from any remaining obligations such as restraints on working for rivals, confidentiality, intellectual property protection or that the dismissal was wrongful as it has been lawfully terminated. Further, a contractual PILON payment can be limited to basic salary only, whereas a damages payment should include loss of benefits (including pension contributions, bonus payments, and the cost to the employee of replacing insurances, such as private medical insurance). Doing a payment with a contractual PILON clause will therefore save the employer money.

Employers will need to factor in these additional tax and NI costs in their settlement negotiations. Making all PILONs taxable (whether or not they are contractual) simplifies matters, but it will disadvantage employers who are negotiating termination packages. Employers who plan to make substantial termination payments in the first half of 2018 need to think carefully when those payments are made in order to beat the April date.

Unfortunately the Government has not announced what the new statutory redundancy payments will be post April 2018, but we thought it as well to communicate the above information as soon as we could.

Holiday Pay

We have written in the past about holiday pay, mainly from the perspective of how commission and regular holiday pay ought to reflect normal earnings, so that employees are not dissuaded from taking holidays. There is no April change on this issue, but something significant has changed which will worry some employers. In November 2017, the ECJ handed down their Judgment in the case of Mr C. King –v- The Sash Window Workshop Ltd.

The ECJ held that a worker must be able to carry over and accumulate unexercised rights to paid annual leave when an employer does not put that worker in a position in which he/she is able to exercise his/her right to paid annual leave. Whilst this case was predominantly about unpaid holiday, it has two potentially major impacts because of the way that it opens up the timescale for back payments.

  • Workers who employers might classify as self employed, or as contractors can now claim unpaid backdated holiday pay for an almost unlimited time, i.e. back to 1998. We have highlighted before the risks of not paying holiday pay to such people, but on the previous understanding that there would be a limited cap on how far back such people can go in recovering unpaid holiday pay.
  • The other ‘at risk’ group are employers who have chosen not to address the issue of payment for regular overtime or commission payments, despite the case law which has gone, and in some cases, is still going through the courts.

So why is this much bigger concern now? The ECJ have decided that preventing a worker from taking paid holiday is a breach of EU rights, and these rights should not be curtailed by a national law. An employer who seeks to prevent a worker from taking annual leave must bear the consequences of that, and should not benefit from a provision which limits carry over of holiday. Workers bringing such a claim can carry over and accumulate paid annual leave rights, without being subject to any cap. The previous understandings from case law said 15 -18 months in cases of long term sickness.

In the UK, we still have two protections:

  1. The Regulations which prevent workers looking back more than 2 years where holiday pay has been underpaid (rather than not paid at all); and
  2. The case law which indicates that a claim in respect of underpaid holiday pay will be time barred where there is a longer than 3 month gap between underpayments;

This judgment clearly opens the door to a legal challenge to both of these protections as being incompatible with EU law. Such a challenge is likely to succeed.

Organisations that use self-employed contractors should re-examine their arrangements to ensure that employment status risks are minimised, including considering reclassification to worker or employee status, and adopting alternative models of engaging consultants, e.g. outsourcing and use of agency workers. Employers should also be re-considering their approach to holiday pay, as the penalties for being wrong at some stage could be huge. The Government (with the tacit support of the TUC) sought to limit the potential for huge claims which might force people out of business, but this can no longer be relied upon.

The guidance provided in this article is just that – guidance. Before taking any action make sure that you know what you are doing, or call us for a free initial chat on 01480 677980.

After the Brexit vote and the fall in the value of sterling, it may become harder to entice EU migrants to work within the UK, so there may be even more focus on recruiting people from outside of the EU.

There is often great value to organisations in employing workers from overseas. This approach opens up a useful source of information and knowledge which can be beneficial to the creativity, innovation and productivity of an organisation.

Organisations may choose to employ overseas workers for various other reasons:

  • To perform jobs requiring specialist skills (for example, technical or language skills) that are not available in the UK.
  • To fill vacancies for hard to attract jobs which the government agrees are in designated ‘shortage occupations’.
  • To facilitate secondments or transfers from an overseas division, e.g. for developmental assignments.
  • To fill temporary vacancies requiring a pre-existing skill set.
  • To fill unskilled or low-skilled vacancies due to labour shortages.

The Law

It is, however, a criminal offence to knowingly employ a person who requires but lacks immigration permission, to be in that role. There is a maximum prison sentence of two years, and an unlimited fine for employers caught in breach. Immigration fines for employing illegal workers by way of the Civil Penalty regime have seen employer fines increase, both in number and value, since their introduction in 2008. Criminal sanctions are aimed at employers who deliberately flout the law in order to exploit vulnerable employees, and undercut legal competitors.  The merely careless or negligent will generally be dealt with through a civil penalty.  Immigration enforcement teams are carrying out more raids and unannounced visits. The Government’s message is a clear. They will not hesitate to take action against an employer who fails to carry out appropriate right to work checks. The complexity of the rules however, means that many employers are still uncertain of what is required of them.

Since 2016, it has not just been about “knowingly employing” an illegal worker: Employers who have “reasonable cause to believe that the employee is disqualified from employment by reason of the employee’s immigration status” are also in the authorities’ sights.

Employers have to pro-actively check and copy specific original documentation for any new employees. The Government issues guidance which sets out when checks must be made, what employers need to do, including tips on how to check authenticity, and what to photocopy and retain. Checks must be completed before employment begins, but re-checking is also required for employees with time-limited immigration status. These document checks should be carried out for all prospective employees regardless of nationality – UK or otherwise.

Checklist

Here are 10 useful tips to prevent your business from having a civil penalty imposed, or to assist you in challenging a decision made against you.

  1. Ensure that your right to work processes are updated.
  2. Complete your right to work check before employment. If a prospective employee fails to present their documents prior to, or on, their first day of employment, you should delay their start date until such evidence is provided.
  3. Check the original documents in the presence of the holder. Do not accept copy documents, and be cautious of delaying tactics by a prospective employee. If documents are not presented, employment should not commence.
  4. All documents produced, e.g. passports and visa copies, must be on the acceptable documents checklist, known as List A and List B, published on the Government website. Do not accept any other documentation. When you are completing a check, be certain that the prospective employee does have a right to work by checking their visa status. If you have any doubt, consult an immigration expert.
  5. Copy all visa pages in passports, plus the photographic page and/or both sides of the Biometric Residence Card that is presented to you. All Biometric Residence Cards should specify whether or not work is permitted. Be mindful of restrictions related to students.
  6. Sign and date the document to confirm when your right to work check is complete. If you do not specify a date on the document copy, you should record the date of your check in a form that can be clearly identifiable by the Home Office, if requested.
  7. Keep records of all documentation for the duration of the individual’s employment. This is what will give you a statutory excuse, and a defence to challenge if faced with a penalty.
  8. Track and monitor visa expiry dates, and request an employee’s updated document where there is a time limit. It is good practice to request an updated document at least three months before expiry to give you a head start on the process. If an employee cannot provide an updated document, you must not continue to employ them.
  9. Take advantage of the Home Office Employer Checking Service if your employee has a pending application or appeal against an immigration application decision. Be aware that you can only complete this process if you have a case identification number provided by the employee.
  10. If you suspect an employee is working illegally, or has provided you with a false document, or a genuine document that does not belong to them, you should contact the Sponsorship, Employer and Education Helpline to report the incident. If you do not employ the person and you report this incident, you will not be liable for a civil penalty.

Any checks that are made should be done in a non-discriminatory manner in accordance with Government guidance, which recommends that all job applicants should be treated in the same way. (See below).

Sponsorship

While it was not too difficult in the past for a highly skilled individual to immigrate to the UK without a job offer or sponsorship from an employer, the UK Border Agency (UKBA) has recently closed this route to overseas applicants.

The UK Government still allows employers to sponsor overseas workers via the Tier 2 (general) visa. The sponsorship process involves an employer being approved by the UK Border Agency to hire overseas workers by being granted a Sponsorship License. This grants the employer the ability to issues Certificates of Sponsorship to overseas workers that the employer wishes to hire.

An organisation must meet certain requirements to sponsor migrant workers, including but not limited to the following:

  • It must be a genuine corporate entity operating legally in the United Kingdom.
  • It must not be a threat to immigration control.
  • It must designate a contact person who is an authorising officer for the sponsorship management system.
  • It must have an HR infrastructure in place to deal with immigration control.
  • It must provide all relevant supporting documents when applying.

Prior to making any overseas appointment, first of all you need to prove that the vacancy cannot be filled by UK employees by advertising the job you’re offering. This is known as carrying out the ‘resident labour market test’. You must place at least 2 adverts, which must run in the UK for 28 days in most cases, either continuously or in 2 stages.

If you advertise in 2 stages, each advert still needs to run for a total of 28 days and neither stage can be less than 7 days. You have to show that you didn’t find a suitable worker.

All of the above requirements can be of particular concern for smaller organisations on a budget that may not have the resources to deal with all the requirements for sponsorship licensing. Alternatively, you can use specialist immigration solicitors, such as Birketts or Gross & Co., or there are specialist companies that will do all of this for you, albeit either outsourcing option comes with a financial cost, but with major savings in management time and stress!

Discrimination Law

The processes which employers are required to follow to protect themselves against an unfair dismissal or race discrimination claim, do not sit comfortably alongside an immigration regime which penalises employers who know, or should have known, that an employee did not have the right to work in the UK. To avoid claims of unlawful discrimination (and to ensure good recruitment selection), you should have:

  • A clear job description and person specification setting out the skills and experience you are looking for.
  • A standard set of interview questions, which are asked of all candidates, and you should document the answers given. This makes it easier to provide objective reasons why a candidate has been unsuccessful.
  • Training in recruitment and good interview techniques.
  • A very good reason to make a recruitment decision on the basis of an applicant’s race. Typically, this would occur where it is an occupational requirement of the specific role that the applicant is of a particular race, or speaks a certain language. Situations where such a decision can be lawful are very limited.

Expired Visas

Under the Immigration, Asylum and Nationality Act 2006, employers have a duty to conduct follow-up checks on employees whose employment began after February 2008 where, at the time of recruitment, the employees in question have been granted only limited leave to remain and work in the UK. A follow-up check is normally required when an employee’s permission to live and work in the UK expires.

In two recent cases, it was found that the employer was right to conclude that the requirement for employees to show that they have the right to work lawfully in the UK takes precedence over ‘normal’ employment laws. As this could not be shown the employer was entitled to terminate employment. In both cases, the careful process followed by the employer was scrutinised and held to be a key factor.

Practical Points

Offering roles to foreign nationals can be problematic so:

  • Offers of employment should be conditional on the employee being granted and maintaining the necessary permission to carry out the role for which they will be employed in the UK if they are not an EU citizen.
  • Employment should be conditional on the employee maintaining immigration permission and terminated summarily if the employee cannot do so (see below for more detail). Employees should also be required to report changes in their personal details, including immigration status.
  • Ensure that attention is paid to the induction and orientation of the overseas worker to allow that individual to become an effective part of the organisation.

Knowing how and when it is appropriate to treat foreign national employees differently from your UK national or EU employees is not always easy. Ideally, you should treat them in the same way. But remember that recruitment, TUPE transfers and termination of employment are three key areas where the visas that foreign national employees hold may give rise to particular issues that can affect business practice.

EEA Nationals

There has been a surge of EEA nationals applying for permanent residence cards. This means completing a long form and supplying supporting documentation. An online service for permanent residence applications became available from October 2016. Online applicants can make an appointment to submit their paperwork via certain local authorities (including Cambridgeshire). They cannot advise on draft applications, but after an application is submitted they will be able to copy and return the passport immediately.

See: https://www.gov.uk/government/collections/european-passport-return-service.

It is important to keep abreast of the regular changes to immigration policies that continue to make the channel for employing non-EEA workers more restrictive. The potential criminal liability, and negative publicity that come with negligent employment, is likely to be of a greater concern to employers than the risk of an unfair dismissal or discrimination claim but it ought to be possible to avoid both.

The Future

Recent figures suggest that the number of EU migrants coming to work in the UK is falling, which may be bad for UK productivity if employers cannot fill vacancies. In a tight labour market, it will remain important to find capable and motivated staff. The desire to fill vacancies must not lead employers to take short-cuts or risks. Finding the right people is important, but so is ensuring that they can legally work here. Beyond that it is essential to retain staff of all nationalities by providing a good working environment with good pay and conditions of employment.

Current immigration rules have received great criticism from employers for being too inflexible to meet real-world business needs. The Government has pledged to seek independent consultation to improve the current visa system, and its alignment with UK business. In time, this may result in changes to existing entry routes, or the emergence of new types of visa route that support specific needs. The Conservative manifesto pledged to double the recently-introduced Immigration Skills Charge on employers of skilled, non-EU workers who earn more than £30,000. It may choose to do so, but their most recent commitment to listen to business concerns about Brexit and the need for appropriate immigration may change that commitment. Whatever the future, employers should expect additional costs and administration around hiring EU nationals following the impending removal of freedom of movement.

We hope that these decisions come sooner rather than later to enable businesses to move ahead confidently. However, at the time of writing this article it would not appear that Brexit negotiations have got anywhere close to dealing with the free movement of EU nationals, or not, so the future is still far from clear.

 

Clients are welcome to raise concerns with their Consultant who will be pleased to advise you on any element of the issues arising from this newsletter.

There have been recent cases on the subject of holidays and the need to comply with EU law, specifically the Working Time Directive.

Overtime

In Dudley Metropolitan Borough Council v Willetts, the Employment Appeal Tribunal (EAT) held that voluntary overtime that is normally worked should be included when calculating an employee’s holiday pay.

In recent years, there have been several high-profile cases that have considered how employers should calculate statutory holiday pay for their workers, and to what extent employers should take account of variable payments, such as commission and overtime. The extent to which overtime should be included has been particularly problematic, with Tribunals drawing distinctions between different types of overtime.

According to EU law, workers should take their full holiday entitlement; getting ‘normal remuneration’ while on paid leave to ensure that workers are not put off taking holidays by receiving less than their normal pay during this time.

Mr Willetts, on behalf of 56 employees who worked for the Council as tradespeople, brought claims for unlawful deduction of wages. The employees were contracted to work 37 hours per week, with many having an additional right to work overtime. The employees also performed additional voluntary duties, such as working out-of-hours, standby shifts, attending call-outs and working voluntary overtime, for which they received additional payments. Their earnings for this additional voluntary work could amount to around £6,000 a year on top of their basic salary.

The Employment Tribunal held that the payments were intrinsically linked to the performance of the employees’ duties, and that they performed the duties with sufficient regularity for the payments to be considered ‘normal remuneration’.

The EAT dismissed the Council’s appeal. It noted that the ECJ, in a previous case, had set down the overarching principle that holiday pay should correspond to ‘normal remuneration’, so as not to dissuade workers from taking leave; and that the division of pay into different elements cannot affect a worker’s right in this regard. For a payment to count as ‘normal’, it must have been paid over a sufficient period of time.

The question in every case, irrespective of the label put on the payment, is whether the payment forms part of the worker’s ‘normal remuneration’. Voluntary overtime that satisfies this test must be included in holiday pay.

Implications

The EAT’s reasoning provides helpful guidance on when voluntary overtime should be included in the calculation of holiday pay:

  • EU law requires that ‘normal’ (and not contractual) remuneration must be maintained in respect of the four week period of annual leave.
  • For a payment to count as ‘normal’ it must have been paid on a regular and/or recurring basis, which is a question of fact and degree in each case.
  • Items that are not usually paid, or are exceptional are not ‘normal pay’.

This is the first binding decision on the issue, providing clear guidance that regular voluntary overtime should be included within the payment for the first four weeks of statutory holiday. It does not have to be included in the holiday pay for the additional 1.6 weeks of holiday provided for under the Working Time Regulations, or any additional contractual holiday that an employer provides, unless this is stated in the contract.

The outcome is not surprising given the case law on other variable payments, such as commission.

In another recent judgment, an Employment Tribunal in Flowers & Others v East of England Ambulance Trust held that ambulance workers’ compulsory overtime in respect of “shift overruns” should be included in the calculation of their holiday pay, but that on the facts of this case purely, voluntary overtime did not have to be included. It is likely that their voluntary overtime was not that regular, so not comparable with the overtime worked by the tradespeople in the Willets case.

Employers, who pay voluntary overtime, as well as stand-by payments, call-out payments, or payments for other forms of voluntary work, should now consider how they will adjust their payroll systems to calculate holiday pay correctly. It remains to be seen, however, how frequently overtime has to be worked before it becomes “normally worked” and that is not likely to become clear until we have further case law.

Actions to now consider

  • Ask: What would the worker have earned if they had not taken leave?
  • Review the regularity with which workers receive these payments to see if there is a discernible pattern, as well as considering the total value of the additional payments over the course of the holiday year.
  • Where there is a discernible, regular pattern of payments, or where the total value of the payments is sufficient to materially impact the worker’s holiday pay over the course of the year, re-calculate average holiday pay.
  • Decide on which relevant timeframe will you use for such calculations, the last 12 weeks/3 months, or based on last year’s P60 earnings.
  • Consider if enhanced average holiday pay calculations will be applicable just on the first four weeks, or for all holidays (including Public Holidays), or all holidays. If the former, clearly express this in your contracts.

Commission

Much the same approach should be taken with commission, as the Supreme Court have refused permission to British Gas to challenge the Court of Appeal’s decision, that results-based commission payments must be included in the calculation of holiday pay for the basic four weeks’ annual leave provided by the Working Time Regulations (WTR). The Court was, however, unwilling to extend the principle to situations other than those involving contractual, results-based commission.

The Court decision in this case, therefore, clarifies the position only with regard to a specific type of commission – that is, contractual, results-based commission. Employees who earn other kinds of commission will, therefore, have to persuade their employers that their situation is really no different from that of the sales people at British Gas, or will have to bring proceedings of their own. This means continued uncertainty for employers over this long running problem. While most businesses won’t be affected, those that engage workers on a commission-only basis, or on other non-standard contracts, and do not provide for paid holiday, may be hit hard, but need to take action sooner rather than later. The limit on back pay claims to two years does at least mean that employers can assess their potential exposure, and make appropriate provision.

Finally, it is worth remembering that if an employee earns commission and/or bonuses regularly, i.e. every pay interval, regardless of whether payment is down to individual or team performance, it is likely to form part of the definition of ‘normal remuneration’, so will also need to be included in the average holiday pay calculations.

Holiday not taken

A British case is making its way through the European courts system as to whether workers are entitled to carry forward, from one year to the next, holiday that they have been unable to take for reasons beyond their control. The matter was referred to the CJEU, and the opinion given by Advocate General Tanchev said:

  1. Employers must provide adequate facilities for their workers to exercise their right to take holiday, and workers should not be compelled to take legal action in order to establish this right.
  2. If a worker does not take holiday because they will not be paid for it, then this is being ‘prevented’ from taking it and the right carries over until they are given a facility to take the paid holiday or leave, whichever is earliest.
  3. A worker prevented from taking leave can, on termination, claim backdated holiday pay for the whole of their employment.
  4. The worker does not have to take the leave first, before being able to establish whether they are entitled to be paid for it.

Opinion from the Advocate General is not binding, but is usually followed by the ECJ’s judges, who are now deliberating their decision, and will give their ruling later this year. After this, the case will return to the UK’s Court of Appeal, which will decide what should be done in this case, in light of what the ECJ has said.

It will impact those on long term sickness, and people who have been categorised as self-employed, but are later found to be workers or employees, who will be entitled to holiday pay for the duration of their engagement/employment (assuming the ECJ follows the Advocate General’s opinion). However, because it is a decision on EU law, it will only apply to the four weeks’ paid leave provided under the EU Working Time Directive, and not the additional eight days provided by the UK Working Time Regulations.

Whilst UK law limits such claims to two years, and assumes this will not be unbroken by more than three months – if the ECJ follows the Attorney General’s opinion, this restriction may not be incompatible with this decision. UK law states that a gap of over three months between deductions will break the chain of causation, and claims issued on or after 8 January 2015 are prevented from going back more than two years from the date of issue. If this opinion is followed by the ECJ, UK law may need to be changed.

In practical terms, clients should adopt a cautious but pragmatic approach to holiday carry over, after taking advice from their Consultant, on the particular case.

Employers can choose to continue to adopt a ‘wait and see’ approach to average holiday pay, but we would strongly advocate taking a more proactive approach to making changes, calculated in a way that suits their organisation.

 

Clients are welcome to raise concerns with their Consultant who will be pleased to advise you on any element of the issues arising from this newsletter.

HM Revenue and Customs have come up with something to help employers and workers to establish if someone is genuinely self-employed. It is an online tool to determine for tax purposes, whether an individual is an employee or self-employed. That is different, of course, to whether they have ‘worker’ status – something which the taxman does not recognise but employment tribunals do! The Tool is available at https://www.tax.service.gov.uk/check-employment-status-for-tax/setup.

Only a week later, HMRC had to vigorously deny claims that the tool was unreliable, inaccurate and leaves contractors unsure of their status.

Contractors, or those who engage them, can use the tool to answer a pre-programmed series of questions, which change depending on the user’s responses. HMRC was heavily criticised last year that both their Business Entity Tests and their Employment Status Indicator online tools were deemed to be not fit for purpose. HMRC had previously published a checklist as guidance for whether a person was self-employed for tax purposes. This was criticised, as it gave an indication of employment status, but no ‘definitive’ answer. Both of these HMRC tools were heavily biased towards indicating an employed status for the individual whose employment status was being determined.

One contractor portal, “ContractorCalculator”, claimed it had trialled the tool by inputting 21 historical court cases around employment status. More than a quarter of cases received an “unknown” result, while one-tenth “passed” the online test (meaning they would be categorised as self employed), despite a judge having decided otherwise. It also found that contractors who are “significantly controlled” and moved about frequently, tended to pass the online test, despite case law indicating this would not be the case.

It appears that the test is largely reliant on the issue of substitution. If the contractor does have the right to send a replacement, there is little prospect of the tool deeming the person to be a genuinely independent contractor, even if everything else points to self employment. There are big concerns that an “unknown” status could create uncertainty for all. Many of the questions failed to offer much direction on “mutuality of obligation”, which is one of the key factors in determining employment status.

The difficulty with the new online tool is that whilst it does give a definitive answer (albeit in some cases the answer is, definitively, ‘unknown’), it is wholly dependent on the prescribed boxes being ticked by the person using the tool. Given that a worker’s view of the working arrangement could be substantially different from that of the ‘employer’, this could feasibly lead to the same arrangement being classed by the tool as both self-employed and employed, depending on who is filling in the questions and how.

The difficulty with this test, and other online status tools, is that the law on employment status is nuanced and dependent on the facts in each case: it cannot simply be reduced to a box-ticking exercise. It is possible for HMRC and an Employment Tribunal to come to different conclusions in the same case. This is due to some differences in the tests applied, and the fact that under employment law, there are employees, workers and the self-employed, whereas the HMRC only recognises employees and the self-employed. Employment Tribunals will take into account HMRC’s view when deciding whether an individual is an employee, but there are reported cases in which the tribunal has found an individual to be an employee or worker, whereupon HMRC had concluded the same individual was self-employed.

There are many factors which may also be highly persuasive in deciding whether an individual is in business in their own right. The importance of each factor can only really be weighed up by taking a holistic view to business. Clearly, if the self employed person is a sole trader, and they have other clients they are supporting at the same time as you, then you are probably in a safer position to justify they are genuinely self employed than if they are exclusively working for your organisation.

In our experience, many organisations try to justify that people are self employed when it is clearly evident that they are not, and the reality is that one or both parties are really just trying to avoid making statutory payments. Therefore, if your self employed contractor looks likes they are integral to the organisation, they are playing an active role in core aspects of what you do, and they personally have been doing it for a long time, then as one employment judge made the memorable observation: “if it looks like a duck and quacks like a duck, then it is a duck.”

Clients are welcome to raise concerns with their Consultant who will be pleased to advise you on any element of the issues arising from this newsletter.

Despite Brexit, the UK will implement the General Data Protection Regulation (GDPR) when it comes into force on 25th May 2018. The GDPR harmonises the ‘patchwork quilt’ of 28 different EU Member States’ laws with a single, unifying data protection law.  It hugely increases penalties for non-compliance, and takes account of globalisation and the ever-changing technology landscape.

The purpose of the new Regulation is apparently twofold:

  1. To improve consumer confidence in organisations that hold and process their personal data, by reinforcing their privacy and security rights consistently across the EU; and
  2. To simplify the free flow of personal data in the EU through a coherent and consistent data protection framework across the member states.

The basic principles behind GDPR are essentially unchanged from those enacted in the UK via the Data Protection Act 1998 (DPA), but there are a number of new rights and obligations which will cause a significant rethink on how data is treated going forward.

It will apply not only to EU organisations, but to any organisation processing the personal data of individuals in the EU in relation to offering goods or services, or to monitoring their behaviour.

Significant penalties can be imposed on organisations that breach the GDPR, including fines of up to €20 million or 4% of annual worldwide turnover, whichever is greater. The current maximum fine that can be imposed by the Information Commissioner’s Office (ICO) is £500,000, so this is a significant increase. The level of fine will depend on the type of breach and any mitigating factors, but they are undoubtedly meant to penalise any disregard for the GDPR. It will also be much easier for individuals to bring private claims, with a right to claim compensation for distress and hurt feelings when no financial loss has been suffered.

The GDPR is much wider in its coverage than just employee issues, but we will focus only on such issues. Employers need to be aware of the following changes:

  • Organisations will need to implement “privacy by design and by default” into their processes and procedures. It means building data protection into all data processing activities. Doing so will lead to potential privacy issues being identified at an earlier, and less costly stage, and to an increasing awareness of privacy and data protection related matters throughout the organisation. By default means only personal data which is necessary for each specific purpose of the processing is processed. In particular, such measures need to ensure personal data is not automatically made available to third parties without the individual’s intervention.
  • There is an exemption for organisations of fewer than 250 employees, but only in respect of some of the record-keeping requirements for their data-processing activities, unless those data processing activities are high risk or regular.
  • It is intended to generate a shift from paper-based compliance to actual demonstrable compliance in practice, known as accountability. You must show not just written policies and processes, but also training and extensive records. Accountability needs to be entrenched in an organisation, requiring them to take a proactive, methodical and answerable approach toward compliance.
  • The term “personal sensitive data” is now any personal data under the GDPR which is much broader than before so, for example, a person’s email address will now be classed as personal data.

More Detailed Privacy Notices

These will need to be reviewed, as you will have to give people more information, e.g. your legal basis for processing the data, your data retention periods, if data will be transferred to other countries etc. Employers are required to provide employees and job applicants with a privacy notice setting out certain information such as:

  • Information on the right to make a subject access request free of charge (no more £10 administration charges), and the new shorter timescale of 30 days rather than 40 within which to respond.
  • The right to have personal data deleted or rectified in certain circumstances.
  • Under the new so-called “right to be forgotten”, employees will be entitled to require the employer to erase personal data about them in certain circumstances. This may be the case where the data is no longer necessary for the purpose for which they were originally collected, or where the employee has withdrawn their consent.

Restrictions on Consent

Most employers currently justify processing personal data on the basis of employee consent. This approach has been increasingly criticised because there is doubt as to whether or not consent is given freely in the subordinate employer-employee relationship.

There are more prescriptive requirements for obtaining consent under the GDPR. There will be a new requirement to specifically opt-in, so controllers will no longer be able to rely on generic or ‘bundled’ consent in the way that we have previously advised our clients. This will make it harder for employers to rely on consent to justify processing. Bear in mind that free consent implies that it may be revoked at any time. In most cases, employers will need to move to one of the other legal grounds to continue processing HR-related personal data. This could be the contractual necessity (e.g. for the processing of employee payment data), a legal obligation (e.g. for the processing of employee data in relation to social security) or the legitimate interest of the employer (e.g. in the context of employee monitoring).

New Breach Notification Requirement

The GDPR imposes a new mandatory breach reporting requirement. Where there has been a data breach (such as an accidental or unlawful loss, or disclosure of personal data), the employer will have to notify and provide certain information to the data protection authority within 72 hours. Where the breach poses a high risk to the rights and freedoms of the individuals, those individuals will also have to be notified.

Records not Notification

The current requirement for organisations to complete an annual notification registering their data processing activities with their supervising authority is replaced under the GDPR. Organisations will be required to maintain detailed internal records detailing what data processing they undertake.

Data Protection Officers

All public authorities and those private organisations involved in regular monitoring of large-scale processing of sensitive data will need to appoint a Data Protection Officer to:

  • advise on GDPR obligations; and
  • implement appropriate mechanisms: and
  • monitor compliance by verifying that these measures are in place and being followed; and
  • liaise with the Data Protection authority (ICO);

Even if a Data Protection Officer is not strictly required, it will be expected that the organisation has conducted an assessment of their risk to decide that such an appointment is not necessary, and can show the audit trail to prove that they are not large processors of personal data. The GDPR does away with focus on size of workforce, and puts the focus rather on what organisations do with personal information.

How to Prepare Now

All organisations should now be planning their compliance programme to identify how they may be affected, and what they need to do to prepare. While May 2018 still seems a long way off, you may find that in some areas the necessary steps need extensive and time-consuming preparation. Co-operation and understanding of the new GDPR obligations across the business is critical, and employers will need people from different disciplines to take a combined approach.

The most important steps to take in relation to employment include:

  • This is a boardroom issue, not a tick-box compliance task. Organisations need to change their mind-set and senior management need to lead by example.
  • The Board needs to appoint someone within their organisation to take the lead on assessing how GDPR will affect their organisation across all data processing aspects, not just employment matters.
  • Carry out a data audit. Carefully assess current HR data and related processing activities, and identify any gaps and identify high-risk areas with the GDPR.
  • Review current privacy notices and consider whether to update them sooner rather than later, to comply with the more detailed information requirements. All information provided must be easy for employees and job applicants to understand.
  • Assess the legal grounds for processing personal data. Where consent is currently relied on, check whether or not it meets GDPR requirements and remember that consent may be revoked at any time. Employers will generally need to rely on one of the other legal grounds to continue to process employee personal data.
  • Develop a data breach response programme to ensure prompt notification. Allocate responsibility to certain people to investigate and contain a breach, and make a report. Train employees to recognise and address data breaches, and put appropriate policies and procedures in place.
  • Determine whether or not a Data Protection Officer must be appointed and, if so, think about how best to recruit, train and resource one; albeit in most cases that will be an existing senior IT or Finance person.
  • Conducting a Privacy Impact Assessment (PIA) will be mandatory. Various aspects of HR activity, for example, recruitment and post-employment issues, would require a PIA to be conducted. This allows organisations to see the potential dangers with data processing activities from an early stage, and allows mechanisms to be created to mitigate this risk before it becomes a reality.
  • Review your guidance/policy so that it ensures sufficient management control of personal information accessed remotely, or via personal devices (BYOD).
  • Implement appropriate training and communication of staff at induction, annually and when changes occur.
  • The GDPR is about creating a data privacy culture where people think about how they would want their personal information to be processed.
  • Develop a timeline to implement a GDPR compliance program

Maintaining the balance between the protection of the privacy of the workers and the prerogatives of the employer can be tricky. There is likely to be a big increase in numbers of subject access requests, which will be more difficult to manage. Subject access requests will be an even more prevalent feature of litigation/disputes.

The ICO has commented that in many cases, GDPR only enhances rights and requirements that already apply under DPA, but it is working on a set of guidance on GDPR to help clarify where the balance should be.

To help understand the detail further, read the ICO initial guidance on preparing for the GDPR available at the ICO link below.

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Then go to the below ICO link, and work your way through the questions designed to help you get ready.

https://ico.org.uk/for-organisations/data-protection-reform/getting-ready-for-the-gdpr/

Also on the ICO website, there are checklists that you can go through to self assess your organisational compliance with data processing at the below link:

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment-toolkit/

We will be working on a suitable revised GDPR policy for our clients for 2018, along with some basic tools to help our clients to deal with the employment issues arising from these new regulations, but there is no need to delay reviewing your grounds for processing data, liaising with external data processors and making sure that your personnel files and systems are up to date.

 

Clients are welcome to raise concerns with their Consultant who will be pleased to advise you on any Employment/HR element of the issues arising from this newsletter.

Minimum Wage 2017

The draft National Minimum Wage (Amendment) Regulations 2017 (‘the regulations’), have been published and they will come into effect from 1st April 2017:

  • The National Living Wage for 25-year-olds and over will increase by 30p from £7.20 for to £7.50.
  • The Adult rate (21-24) will increase to £7.05 an hour, which is 10p more than the current rate of £6.95.
  • The Youth Development rate which affects 18-20-year-olds will increase to £5.60 per hour, which is 5p more than the current rate of £5.55.
  • The under 18-years-old rate will also see an increase up to £4.05 per hour, which is 5p more than the current rate of £4.00.
  • The Apprentice rate will receive an increase to £3.50 per hour which is 10p more than the current rate of £3.40

The fact that the Living Wage has increased by more than inflation is probably significant in terms of Government policy.

It is worth noting that the increase used to take effect on 1st October, but this change in review date was announced in the Chancellor’s Autumn Statement.

What you must do:

  • If you have people employed on the NMW, review what you can do to limit the impact.
  • If you employ people on just above the living wage, then consider whether you will remain competitive in your reward strategy, and what you are going to do about it.
  • Do not consider trying to avoid payment, as the financial and PR consequences can be substantial.
  • If applicable, communicate with your staff the impact on their pay, and consult over ways to improve productivity.

From April 2017

Statutory Adoption, Maternity, Paternity and Shared Parental Leave Pay, and Maternity Allowance, will increase to £140.98 per week, from £139.58.

Statutory Sick Pay (SSP) will increase to £89.35 per week, from £88.45.

The Lower Earning Limit (LEL) will increase from £112.00 to £113.00 per week, i.e. £5,876.00 per annum.

The Upper Earning Limit (UEL) has also increased from £827.00 to £866.00 per week, i.e. £45,032.00 per annum

New Statutory Figures

The Government has not yet announced what will be happening to compensatory payments in relation to unfair dismissal and redundancy pay, and is unlikely to do so until mid March.

Salary Sacrifice

As widely predicted, the Government has confirmed that it is to limit the benefits that attract tax and national insurance advantages, when provided as part of a salary sacrifice arrangement.

This will affect types of salary sacrifice schemes differently. The benefits that can continue to benefit from tax and NI relief, if provided through salary sacrifice, will be:

  • Enhanced employer pension contributions to registered pension schemes (and pensions advice)
  • Childcare (employer-supported childcare and provision of workplace nurseries)
  • Cycle to Work and ultra-low emission cars will also be exemptSchemes such as gym membership, phones and insurance will no longer be tax free.

All arrangements in place before April 2017 will be protected for up to a year, and arrangements in place before April 2017 for cars, accommodation and school fees will be protected for up to 4 years, i.e. until April 2021.

 

Please feel free to ask any questions of our Consultants who would be pleased to advise on any element of this newsletter.

The annual increase in compensation limits has just been announced. The limits apply to dismissals (redundancies or detriments etc.) occurring on, or after 6th April 2017:

  • £489.00 – the maximum amount of a week’s pay for calculating statutory redundancy pay, and the basic award; (up from £479.00)
  • £14,670.00 – the maximum statutory redundancy payment or basic award, i.e. 30 weeks; and
  • £80,541.00 – the maximum compensatory award which can be made for unfair dismissal (up from £78,962.00), or one year’s gross pay whichever is the lower

These increases mean that the maximum total unfair dismissal award is now £95,211.00, although uplifts can add a further 25%.

It is crucial to follow good practice in your HR procedures; considering carefully all dismissals, and ensure that the handling of appeals is conducted fairly and thoroughly. It is important to remember that there is no cap at all on the awards that can be made in many cases, including discrimination claims. Consequently, please seek advice from your HR Consultant, at the earliest opportunity, if you are considering terminating anyone’s employment, for whatever reason, and regardless of their length of service, so that they can ensure that you minimise any potential risks.

If you have started any redundancies, then you will need to update any calculations if the redundancy will take effect after 6th April 2017.

Employees may be entitled to receive guarantee payments for up to five days of lay-off, in any three-month period. The maximum amount of such a statutory guarantee payment will increase to £27.00 (from £26.00) for any one day.

The National Insurance employer threshold and employee threshold will be aligned from April 2017, meaning that both employees and employers will start paying National Insurance on earnings above £157.00 per week.

The personal allowance for tax will increase to £11,500 in April 2017, and will be £12,500 by 2020. The new threshold Upper Earnings Limit (UEL) for higher-rate tax will be £45,000.

 

Our Consultant would be pleased to answer questions on any of the above, or you can find much of the data on our website, by clicking on Frequently Asked Questions.

The apprenticeship levy, which the Government hopes will help create three million new apprentices by 2020, is due to come into force in April.

Introduction

There is no doubt that apprenticeships are a valuable part of the UK economy, with much of the business community initially welcoming a chance to develop this route into the workplace. It is worth noting:

  • Apprentices can be anyone over the age of 16 not in full time education.
  • Apprenticeships can be for school leavers, or those who are seeking to start a new career.
  • Many of the protections for young workers in the Working Time Regulations will apply to apprentices.

There are 3 levels of Apprenticeship:

  1. Intermediate Level Apprenticeships – apprentices work towards work-based learning qualifications, such as a Level 2 Competence Qualification; Functional Skills; and in most cases, a relevant knowledge-based qualification.
  2. Advanced Level Apprenticeships – apprentices work towards work-based learning, such as a Level 3 Competence Qualification; Functional Skills; and in most cases, a relevant knowledge-based qualification.
  3. Higher Apprenticeships – apprentices undertake a framework at Level 4 and above, which will include a Competence-based Qualification; Functional Skills; and in some cases, a broader vocationally related qualification, which could be a Foundation degree.

Recruiting apprentices means a commitment to train and guide an apprentice as they learn to do the job in your working environment. To do this, you need to provide them with planned, structured training that will help them learn on the job. The training should be practical, logical and reflect the level and content of their college work.

You also have a commitment to treat them fairly as an employee. This means paying them a fair wage in line with industry standards, the NMW, as well as giving them the same benefits and entitlements as your other employees.

Employers will be able to spend apprenticeship levy funding on apprenticeship training and end-point assessment (the assessment of apprentices by an independent organisation, required before they can complete the apprenticeship), either under an apprenticeship standard, or an apprenticeship framework. The funding can be spent only with an approved training provider, or an approved assessment organisation.

Employers will not be able to use the apprenticeship levy to fund other costs of apprenticeships, or other training costs. Government guidance states that the levy cannot be spent on:

  • wages;
  • statutory licences to practice;
  • travel and subsidiary costs;
  • managerial costs;
  • traineeships;
  • work placement programmes; or
  • the cost of setting up an apprenticeship programme;

Employers will not be able to use the levy to fund apprentices who have already been accepted onto an apprenticeship programme before the new system for apprenticeship funding in England comes into effect on 1 May 2017.

Employers looking to employ apprentices should note that, if they are in a sector which has an approved apprenticeship standard, they must use a prescribed form of “approved English Apprenticeship Agreement” which complies with the conditions set out in the Apprenticeships, Skills, Children and Learning Act 2009. We can supply such Agreements, so please contact us.

Levy

The levy, which will raise an estimated £3 billion by the end of this Parliament, could have serious consequences for employers, many of whom see it simply as an additional tax. Regardless of such views, employers have just less than two months to prepare for the levy coming into force, which is not helped by the fact that the Government is still consulting on the details.

The Government estimates that 2% of UK employers, approximately 22,000 organisations, will be required to pay the levy. It is worth noting that it is not just large employers who will be affected. Some smaller employers will be impacted, as a workforce of 100 people and an average salary of just over £30,000 will take businesses over the threshold. If businesses have an annual payroll cost of less than £3 million, then they will not be required to pay the levy. For employers that have more than this, however, there will be a 0.5% tax on the total pay bill, which will be paid through Pay As You Earn.

Employers in England that pay the levy will be able to access the funds they have paid in via a new online portal called the Digital Apprenticeship Service (DAS). They will also receive a 10% top-up from the Government to their total monthly contributions in England. Any training must be provided through an accredited provider. Only employers in England will be able to benefit from the DAS.

The Apprenticeship Levy will need to be reported each month on the Employer Payment Summary (known as the EPS) and should include the following:

  • the amount of the annual Apprenticeship Levy allowance which has been allocated to that PAYE scheme
  • the amount of Apprenticeship Levy you owe to date in the current tax year

HMRC have confirmed that it is not necessary to report Apprenticeship Levy if the employer has not had to pay it in the current tax year. The levy will not affect the way you fund training for apprentices who started an apprenticeship programme before 1 May 2017. You’ll need to carry on funding training for these apprentices under the terms and conditions that were in place at the time the apprenticeship started.

Calculations

The Government is introducing a ‘levy allowance’ of £15,000 per year. This means that the total amount you need to spend, if you qualify, is 0.5% of your pay bill, minus £15,000.

Work out what your total pay bill is. This is made up of the total amount of your employees’ earnings that are subject to Class 1 National Insurance contributions. Employees’ earnings include any money they make from employment, such as:

  • wages;
  • bonuses;
  • commissions;
  • pension contributions;

The levy is not charged on other payments to employees, such as benefits in kind. You should then work out what 0.5% of your total pay bill is, and then subtract the £15,000 allowance.

For example, an employer with an annual pay bill of £5,000,000 will need to spend £10,000 on the levy:

  • Levy sum: 0.5% x £5,000,000 = £25,000
  • Subtracting levy allowance: £25,000 – £15,000 = £10,000 annual levy payment

Preparations

Although some aspects of the changes to apprenticeships remain unclear, there are steps employers can take to prepare themselves for the introduction of the Levy. Employers who do not currently use apprentices, but who are likely to be net contributors to the Levy, should consider how best to use their Levy allowance so:

  • Check the likely Levy contribution, and try to work out how much you will have to pay;
  • If appropriate, consider how the Levy payment will be split across any Group companies, and how the funds will be allocated where the Group has multiple employers;
  • For employers with operations in Northern Ireland, Scotland and Wales, consider what your ‘English fraction’ will be;
  • Establish what apprenticeship funding you will receive from April 2017, including the value of any top-ups, and consider what your training obligations will be against funding and Levy spend;
  • Decide who in the business will be responsible for managing the access to the DAS;
  • For Levy paying employers, you can register with DAS from January 2017 to get used to the new system before the Levy is introduced in May 2017;
  • For some employers, it will be essential to ensure that they have the financial capability to pay the levy;

How can the Apprenticeship Levy work for you?

It is possible that many employers will not recoup the levy that they pay, and will, therefore, simply see it as another employment tax, particularly those that have no need for structured training that could fall within the scope of an apprenticeship scheme.

Be proactive and identify areas in an organisation where training is most needed, to ensure that the apprenticeship levy works in favour of your organisation.

Find an appropriate training provider with a proven track record.

Ensure you have an appropriate agreement (contract) for each apprentice.

Employers that do not pay the levy will still be able to access Government support for apprenticeships.

There is an opportunity for other employers to get out of the levy more than they pay in, if they take the time now to look at their learning and development needs, and ascertain what could fall within the structure of an apprenticeship.

ACAS identify four reasons why employers should recruit apprentices:

  • 90% of businesses engaging apprentices report improved productivity.
  • Apprenticeships allow employers to fill skills gaps and reduce recruitment costs.
  • The Government estimates that employers can recoup their investment within two years.
  • They are the building blocks of the future, with new ideas and skills.

Additionally, employers should think more broadly than the immediate view of an “apprenticeship” as something for young starters. Consider what training has been have put off because of the possible cost, and ascertain what could be done by way of introducing apprenticeship to gain the best value from this new levy.

 

You are welcome to contact our Consultants who would be pleased to advise you on any element of the issues arising from this newsletter.