July 2019 - MLP Law

What is an NDA and why are they in the news?

You may have seen many headlines recently discussing NDAs. The abbreviation stands for Non-Disclosure Agreement. A recent article in the BBC described them as “gagging clauses used to silence allegations of unlawful discrimination and harassment.” NDAs are often included in Settlement Agreements, where an employee is offered a payment on their exit from their role in a business and in return they are asked to keep details of their termination confidential.

This is not always a bad thing. Settlement Agreements are commonplace, and in many cases allow the employment relationship to end amicably. When procedures are followed correctly i.e. both parties have ample time to consider the agreement and get legal advice, settlement agreements can be the best way out of a difficult situation.

So why are NDAs receiving a lot of bad press? There have been complaints in the media of employees being pressured to sign NDAs to cover up serious allegations of sexual harassment as well as alleged incidents of NDAs being used to silence whistle-blowers and prevent even the lawful disclosure of information, such as to the police.

So what is the solution? If you are considering using a Settlement Agreement for an employee, make sure you follow the correct procedures on holding “protected conversations” and offering Settlement Agreements, including allowing ample time for the employee to consider the terms and take advice, and ensuring any NDA-style clauses are reasonable. If you’re an employee who has been offered something which seems like an NDA, please don’t hesitate to seek legal advice.

If you find yourself in either of the situations above, or simply need general advice on NDAs please contact our Employment Team on 0161 926 1508, or follow our employment law-specific Twitter account @HRGuruUK.

Is Your Business Brexit Ready? – An Updated Briefing

Away from the race to find our next Prime Minister, the key question businesses are now repeatedly asking us is ‘are we Brexit ready for October 31st?’

We’ve been advising our clients for some time now on the likely practical, commercial and legal outcomes Brexit could have on you and your business. Back in March, Stephen Attree (Owner ad Director – Corporate, Commercial and IP) gave his top tips on 8 key areas to consider when making your Brexit preparations. You can refresh on those here:

[Link – https://www.mlplaw.co.uk/is-your-business-brexit-ready-8-key-areas-to-be-looking-at-if-you-havent-already/]


No Deal Brexit – What will happen?

As we discussed in our last article, if the UK leaves without a deal or a transition period, the ‘Four Freedoms’ – the freedom of people, goods, services and capital – will end. This could affect:

  • your agreements with your suppliers and supply chains;
  • what you pay to buy and sell goods:
  • how you buy from, and sell to, the EU, EEA and other countries; and
  • how you recruit and retain your staff from overseas.

We’re still no closer to an answer on how (or whether) the UK will leave the European Union on 31st October, but here are our updated briefing identifies what you’ll need to think about when getting your business Brexit ready:


Your Commercial Agreements

  • Your contracts and commercial agreements will remain valid in the event of a no deal, but have you reviewed your jurisdiction, governing law and dispute resolution clauses? You’ll need to be clear before any dispute arises, particularly if you trade with overseas suppliers or distributors.


  • Do your agreements provide you (and your customers) with protection if your supply or delivery chain is interrupted? You’ll need to consider what happens in the event of both short term and prolonged delays.


  • A disrupted supply chain can lead to shortages in goods or raw materials – you may want to consider a proportional supply from your suppliers, ensuring that you receive a proportion of your order, rather than wait in line for your whole order to be fulfilled.


  • Do you need to make any contingency plans in the event of a delay, Brexit with a deal or a no deal Brexit? Think about your stock levels, or whether you’ll need a GBP Sterling or Euro currency account for you customers or suppliers, for example.


Your Imports, Exports and Prices

  • We’re still unclear on whether the UK will leave with a deal or with a transition- in the event of a no deal Brexit, UK-EU trade would be on WTO terms and goods would be subject to customs duties. There may also be changes to regulatory requirements, customs declarations and security and safety controls.


  • Have you considered how your business model will be affected by the imposition of tariffs, and potential delays at customs? Some businesses have relocated some parts of their production facilities or headquarters to the EU, or created EU based subsidiary companies.


  • When you’re considering your agreements are they clear about what currency you’ll buy or sell at, and have you considered forward buying or fixing your exchange rates?


Your Workforce

  • Free movement of people was one of the key cornerstones of the Brexit debate, and is still a hot topic. Does your business rely on EU nationals working in the UK, or is your UK workforce mainly based in the EU? If so, now is the time to make a plan with your HR team and legal advisors.


  • You may want to consider putting together Brexit resources for key staff that are affected – this could include offering support to your team, including around immigration and/or settled status under the EU Settlement Scheme.


  • Have you thought about your long term workforce strategy – liaise with your HR and recruiters to consider how you can recruit and retain the best people, wherever they’re located. You could also consider investing in alternative technologies that may help your existing team to work more efficiently, without the need for new recruits.


Here at MLP Law, we specialise in getting to know your business and finding solutions, not problems. If you need help planning your Brexit strategy or otherwise, contact Stephen Attree or any other member of our team of specialist corporate, commercial and employment solicitors and get your business Brexit ready.

GDPR Fines – Should I be worried?


Speed Read Summary


Mitigate the risks to you and your business by taking these three key steps:


  1. Have clear data protection policies and procedures in place and circulated;
  2. Test your reporting policy in practice, and keep it updated; and
  3. Understand your systems and where data goes.




 The Information Commissioner’s Office (ICO) has recently announced its intentions to issue its first substantial fines under the new GDPR provisions – an eye watering £183 million to British Airways, and nearly £100 million to Marriott International Inc. Both have the opportunity to present their case to the ICO before the fine becomes final.

Our clients have been asking us whether they should be worried – we take a closer look at the facts and give you our top tips on managing your customers’ personal data below:

What happened?

British Airways: Following a cyber incident beginning in June 2018, the personal data for approximately 500,000 BA customers was compromised after they were diverted to a bogus BA site. Following investigation by the ICO, they found that there were poor security arrangements at multiple points in the BA online booking process, including log in, payment card and travel booking data collection.

Marriott International Inc: This involved another cyber incident – Marriott International acquired Starwood hotels group in 2014, and a vulnerability in the Starwood system lead to the personal data of approximately 339 million guests being compromised. This vulnerability wasn’t discovered by Marriott until 2018, and the ICO investigation found failings in Marriott’s due diligence during the buying process, and failures in ensuring the systems were secured.


What can we do better?

On reviewing the ICO’s findings, our view is that the issues weren’t the cyber incidents themselves – personal data is valuable and unscrupulous people will be tempted to steal it – but rather the failures of the systems in place to protect personal data. The ICO considered that neither BA or Marriott had done enough to understand what protective systems were in place, or done enough to ensure that they were able to adequately defend their customer’s personal data.

A key difference between the old Data Protection Act approach and the new system under the GDPR is that just having systems in place isn’t enough – you need to demonstrate that they comply with the requirements of the GDPR, and that ongoing compliance is embedded in your business planning and systems.

You may not be able to help cyber incidents, but you can minimise the risk of compromising your teams’ and your customers’ personal data by asking yourself the following key questions:

Do you have policies and procedures in place for reporting incidents?

By having policies in place, you can ensure that your staff know when and how to report security incidents. Early reporting means early investigation, and a better chance of resolving the issue.

Are your policies reviewed and updated?

Have a policy in place? Great! However, as we discussed, just having a policy in place isn’t enough – make sure that you regularly review it, test any procedures, and remember to update it with any improvements you’ve found.

Do you know where your data goes?

If personal data travels across different systems you use, these points of transfer could make it vulnerable to interception. By mapping the data’s journey through your systems and understanding how your systems ‘talk’ to each other, you can identify potential vulnerability and focus on protecting it – you may even find ways to reduce your processes and data transfers.


How can we  help you and your  business? 

Are you uncertain on your GDPR obligations, or feel you just need some fine tuning? Our data protection specialists can help you.  We deal with all aspects of Data Protection – whether you have a quick query or need a full compliance audit. Call our commercial team on 0161 926 9969 or email commercial@mlplaw.co.uk