Roxburgh Milkins Blog

Interview with Glynn Hayward, Complete Control.  July 2017

Glynn Hayward is a creative guy with some great ideas (BAFTA award winning, in fact). From dreaming up brilliant kids games ideas in his kitchen, to building a successful business with 18 staff hasn't been a quick transition though. Glynn has made it work through thinking ahead and protecting his commercial interests.

 With his company Complete Control having just joined the exclusive BBC Digital Design Services roster along with only 9 other global agencies, that's pretty exciting. They also have contracts in place with Sky, Entertainment One and Lego to name a few, and their own Bebods brand is growing fast.   Being based just outside Bath in a converted barn also means that it's a beautiful working environment with a great culture to match.

 So what has Glynn done to make this happen? One element is that he's a strong believer in legal support to underpin his creativity, and that of his team. "It's one thing to think that you've sold this great idea to a global brand, but quite another if you find out in a years’ time that they own the rights to it now, not you." he says.  

 Glynn started working with Ian Grimley at Bristol-based niche law firm Roxburgh Milkins Limited in 2015 when the size of contracts they were securing meant they needed expert help. He strongly believes this approach has really helped them move the business forward. "Having Ian looking at our contracts and making sure everything is right for us is so important. There have been situations where we knew we couldn't go ahead with a project if it wasn't set up as we needed, and he gave us the right structure to do that. It shows us to be a bit more astute when it comes to dealing with these big players too - not only protecting our intellectual property but making us more professional into the bargain".

 Complete Control know they can push something straight to Roxburgh Milkins and have them pick it up quickly, and with a sound commercial awareness of their business. In turn, they can focus on the ideas and imaginative content for the next phase in their development - safe in the knowledge that it will still be their own.

 Ian Grimley sees Complete Control as a good example of what similar businesses should be doing – recognising legal support as positive investment in the future, to secure their creative investments.  He explains that “Glynn understands that having the right legals in place is helping build his brand and his business, protecting - rather than being a barrier - to creativity”.  

 Glynn is keen to share this concept and success with others: "I'd really recommend some of the smaller agencies out there - who are coming up with amazing stuff - to think about getting some legal support now.  The two actually go hand in hand very well to help us be leaders in our field and we look forward to what's coming next".

 For more information:

PR: Claire Fowler, The BD Consultancy          0845 2998590

Legal: Ian Grimley, Roxburgh Milkins            Via The BD Consultancy or roxburghmilkins.com

 Roxburgh Milkins is a Bristol-based boutique law firm which provides corporate, commercial and intellectual property legal services to entrepreneurs and businesses.

The firm was founded in 2003 by Bruce Roxburgh and Jason Milkins who had worked together at a leading commercial law firm. All our partners have backgrounds with leading commercial firms.

Our clients range from start-ups to listed PLCs. The firm has particular expertise in advising

So, after months of campaigning, the UK has decided to make a Brexit from the EU and it’s time to start considering and dealing with the consequences. There is bound to be some turbulence but, as a firm, we are working on the basis that all we can do is keep calm and carry on. Knowing our clients as we do, we are sure you will be working on a similar basis. It is difficult to predict exactly how the future will look but we thought we'd try and help by sharing some brief thoughts on where we are (and will be) legally.

At least 2 years without change The quick answer is that legal change will not come quickly. Once the UK Government triggers the UK’s withdrawal from the EU, we will enter the 2 year period during which the UK will remain subject to EU laws in the same way as it is now.

Post-exit - how the law could change After exit, the position becomes a little more complicated. The main difference is that the UK government will no longer be bound to follow EU laws.

There are two primary types of EU law - (1) EU directives, which must be implemented in each member state via national legislation (usually by regulations or Acts of Parliament in the UK); and (2) EU regulations, which are directly binding on each member state without the need for further, national implementation. Directives - EU directives implemented in the UK by regulations or Acts (a few key examples include the Data Protection Act 1998, Commercial Agents Regulations, Working Time Regulations, and various consumer regulations) will remain in effect - they are UK legislation. The UK Government will (theoretically) be free to repeal or vary this legislation but we can't see why any Government would choose to do so in the short to medium term.  Also, the Government may be practically restricted in its ability to change such laws if the UK joins the European Economic Area or agrees a free trade agreement, as continuing to trade on such a basis typically requires compliance with a vast body of EU law. Regulations - There could be a legislative gap caused by EU regulations, which do not require implementation by the UK Government, ceasing to apply when we leave. Although it isn’t known how this will be handled, the Government may well implement these regulations as a job lot to avoid a legislative black hole. The Government will then be able to pick and choose which to keep, amend or ditch. A good example of this will be the new data protection regulation (the GDPR). This is due to come into effect from May 2018 and, assuming the UK leaves after that date, the GDPR will apply from May 2018 until we leave and will then cease to have effect. So the Government will have to decide what to do (i.e. whether to implement it in full, in part, or do nothing and fall back on the current Data Protection Act 1998 but risk falling out of line with the data protection standards upheld by the EU).

But will there really be a major change? The reality is that whichever Government is in power on or after exit, we will continue trading with the EU. And to do so, the UK will need to continue complying with a lot of EU laws. This will either be on the basis we have agreed to comply with certain laws as part of an EEA-like deal or just on a practical basis because we are trading there (for example, in the same way US companies have to).

So once we’ve left, we won’t be bound to implement or follow EU laws but it will make sense for the UK’s laws to remain broadly in line with the EU’s as this will make cross-border trading easier and more attractive. In addition, if we’re trading in the EU, we will need to comply with EU law in any event when we do business there. It would not make sense for any Government to spend its time in power butchering the body of EU derived law which has been put into place and which, for the most part, works well.

However, there will be scope for changes to the law for businesses who are not trading in the EU. And the business community will be able to lobby Westminster direct for such changes. It will be interesting to see what changes companies and trade bodies ask for and whether or not we end up with a two-tier approach to legislation.

What do you do now? Don’t panic. The law will be the same for the foreseeable future and whilst there will undoubtedly be changes post-exit, they are likely to be gradual rather than drastic. As always, it will be important to monitor your compliance with the law (both UK and EU) and check that your legal documents (e.g. commercial contracts) and practices (e.g. data protection processes and procedures) are appropriate.

We will continue to help with this process and will keep you up-to-date on developments.

We are also planning some Brexit related blogs which will look at some of the issues above in more detail.

Guidance Note, Last Updated – March 2016

Since our report (below) on the court ruling declaring the Safe Harbor scheme to be invalid, the EU Commission has announced that it has agreed a replacement of Safe Harbor with the U.S. government: a new EU-U.S. data transfer framework agreement called Privacy Shield.

 According to the EU Commission, Privacy Shield:

  provides a new “framework” for transatlantic data flows which protects the fundamental rights of Europeans and ensures legal certainty for businesses;

contains clear safeguards and transparency obligations on U.S. government access to data; and

will be annually monitored by the EU Commission to assess whether it functions correctly and serves the commitments of points 1. and 2.

 However, before Privacy Shield can be officially implemented into EU law, it must first face a detailed assessment by the Article 29 Working Party (the grouping of European data protection authorities). The Article 29 Working Party has stated  that the agreement reached must impose satisfactory restrictions on U.S. intelligence’s access to and treatment of private data, as well as the power of EU data protection authorities to sanction any such breach by the U.S. government. It is hoped that the Article 29 Working Party will release its opinion by the end of this month.

 So where does this leave businesses in the meantime? In the ICO's recent blog, it states that, for the moment businesses can continue to use alternative transfer mechanisms, such as model clauses and binding corporate rules. The use of model clauses has been the declared choice of most major US companies, including Amazon Web Services and Microsoft since the Safe Harbor ruling.

 As detailed in our previous article below, model clauses are standard contractual clauses (which have been pre-approved by the European Commission), that can be incorporated into data processing agreements to ensure the protection of data transfers to non-EEA countries, such as the US. For example, if your business uses a US cloud company to store its data, model clauses can be inserted into the agreement to enforce certain data protection obligations on that US company.

Whilst the ICO currently recommends using these alternative transfer mechanisms, it also raises a note of caution. As well as looking at Privacy Shield, the Article 29 Working Party is also looking at the adequacy of model clauses and binding corporate rules to cover transfers of personal data to the US.  So there is a risk that these alternative solutions will also be declared an invalid data transfer mechanism – but this has not happened yet.

 Many US cloud giants such as Microsoft and Amazon Web Services have reacted to the current uncertainty by announcing that they will also be opening new UK data centres to ensure personal data does not leave the EEA and thus ‘side-step’ the potential invalidity of model clauses. We act for several clients who provide hosted solutions and we are increasingly seeing their customers asking for solutions to be hosted in the EEA.

 However, the clear message of ICO's useful guidance note for businesses is not to panic. There is no new and immediate threat to individuals' personal data that has suddenly arisen and the ICO will not be taking rushed enforcement action whilst there is still so much legal uncertainty. The advised action to take in the meantime is to take stock:

  what personal data are you transferring outside of the EU;

where is it going to; and    

what arrangements have you made to ensure that it is adequately protected?

 Then look at whether these arrangements are the most appropriate ones, taking into account the ICO’s guidance on international transfers. If you can be clear on these points for the data transfers you have made (and are due to make) outside of the EU, then your business will be able to react efficiently to any changes introduced.

 We will circulate an update following the Article 29 Working Party's announcement. Should you wish  more specific advice concerning your business’ data transfers in the meantime, please contact Ian Grimley.

   October 2015

What has happened?

 The European Court of Justice (“ECJ”) has recently ruled that the transatlantic Safe Harbor agreement, which allows American companies to use a single standard for consumer privacy and data storage in both the US and Europe, is invalid.

 This ruling came about due to Mr Schrems (an Austrian Facebook user) arguing that due to Edward Snowden’s revelations about the activities of the US National Security Agency, the US does not offer sufficient protection against surveillance by the US authorities of personal data.

 What is the significance of Safe Harbor?

 The EU Data Protection Directive (95/46/EC) (and the corresponding Principle 8 of the Data Protection Act 1998 (“Data Protection Act”)) stipulates that transfers of personal data from the EU to outside territories are only permitted if that country or territory ensures there is an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data in that territory.

 Previously, US companies operating in the EU could rely on Safe Harbor as a method of ensuring that they could transfer data on European data subjects back to the US.

 Safe Harbor was a method by which companies could self-certify their adherence to a set of Safe Harbor principles and were therefore deemed to provide adequate protection to receive EU personal data.

However, following the judgment by the ECJ that Safe Harbor is invalid as a form of certifying adherence to the EU personal data requirements, individual countries’ data regulators can now challenge transfers of data to the US.

 What does this mean for businesses using Safe Harbor?

 The judgment means that businesses that were relying on Safe Harbor will need to review how they ensure that data transferred to the US is transferred, stored and processed  in line with the law and will need to put in place new arrangements (such as data processing agreements) to cover transfer of data.

 However, it is worth bearing in mind that Safe Harbor is by no means the only way you can legitimise the transfer of personal information to the US.

 Assessment

 In the UK, in order to comply with the eighth principle of the Data Protection Act (“Eighth Principle”), a business will need to assess whether  the body to which it is transferring data has a level of protection for data subjects’ rights that is ‘adequate in all circumstances of the case’.

 A self-assessment is a complex process and it is rarely carried out unless it can easily be established that the transfer is to be made to a country that can ensure an adequate level of protection (a pre-approved country or territory). However, a self-assessment may be resorted to in cases where none of the following exceptions or exemptions can be relied upon.

 The adequate safeguards exception

 A transfer may be compliant with the Eighth Principle by putting adequate safeguards in place:

  By entering into a data-transfer agreement with the data processor which incorporates pre-approved standard model contract clauses     or equivalent provisions; or

  If the transfer is to be carried out to other members of the UK company’s group in a third country, it will be a compliant transfer if it is governed by a set of legally enforceable corporate rules that have been pre-approved by the Information Commissioner.

 Exemptions

 In certain cases, the Eighth Principle does not apply, meaning that a data controller will not need to make an assessment or rely on the exceptions above. These exemptions include the following:

  Obtaining the direct consent of the data subject to     the transfer; or

  If the transfer is necessary to perform a certain contract (or take steps at the data subject’s request with a view to entering into a contract with him), or is necessary in the interests of the data subject, or for the performance of such a contract.

 It is important to note that there are important restrictions surrounding these two exemptions and the circumstances of the transfer will need to be considered in light of these restrictions to ensure an exemption applies.

 Conclusion

 As the Information Commissioner’s Office has commented, the declaration that Safe Harbor is invalid as a form of self-certification is an important decision. However, it does not mean that all transfers to the US are automatically prohibited, or that a Safe Harbor company does not have adequate protections.

 If you transfer personal data to a company in the US which is certified under Safe Harbor, you will now need to assess whether such transfer, storage and processing procedures do in fact provide adequate protection for personal data, rather than simply relying on their certification. The Information Commissioner has acknowledged that this process may take time.

 Alternatively, you may be able to rely on the exemptions or exceptions, which enable you to transfer data out of the EU without performing a full assessment of the recipient’s data protection compliance. The two which most commonly apply are:

 1. A contract with data protection obligations which meet or exceed the EU’s requirements; and/or

2. Obtaining the consent of the data subject to the transfer of their data outside of the EU.

 If you don’t have either in place, it is advisable to do so as soon as possible.

 Notice

 If you would are concerned about the Safe Harbor decision, or would like advice on data protection issues – including the international transfer of personal data – please contact us on 0117 928 1910.

Yesterday, Monday 8th June, Apple opened the 2015 Worldwide Developers Conference (WWDC) with its usual keynote address. Apple uses the address to announce its big operating system changes and this year was no exception, with iOS9, OS X El Capitan, and Watch os2 all on display.

There were many exciting announcements throughout the keynote but one of the biggest cheers (followed by a minute or so of applause) came for the news that Apple's Swift programming language would be made open source. So, what does this mean?

What is Swift?

Swift is Apple's new proprietary programming language for applications and software products built for iOS and OS X. The intention is that Swift will replace the old Objective C programming language. Its proprietary nature means that developers can only access and use it within the restrictions set by Apple and only within the Apple ecosystem.

What is open source?

“Open source” or “free” software is licensed under a group of licences which give licensees free access to software and its source-code. Importantly, “free” in this context means that open access is given to the source code. It does not mean you cannot charge a fee for distributing the software/program built using the code in question.  

Open source licences must meet certain requirements, including that they:

(1)   grant the licensee the right to distribute the software themselves (for a fee if they want);

(2)   grant access to the software’s source code;

(3)   grant the right to modify the software and distribute the modified versions; and

(4)   allow distribution in any form and with any other software.

By making Swift open source, Apple is effectively unlocking the door for developers to access and modify the language's inner workings, opening up a wide variety of possibilities for improvements and uses which Apple itself hadn't considered or explored.

Types of open source licence

There are a wide range of standard open source licences which can be used for open source programming, which vary from restrictive or 'strong copyleft' licences to permissive or 'weak copyleft' licences. Restrictive licences will generally dictate how any changes you make to the code must be distributed and licensed. In the most restrictive cases, developers must re-release the modified source code as a whole, which limits the commercial value of their work.

On the other hand, permissive licences will allow the software to be modified or combined without the new version becoming subject to the licence and having to be made open source. This allows developers to create products which they own (known as "derivative works") and can transfer or licence as they see fit. Whilst they must disclose and distribute the open source element of the source code, they retain proprietorship of the modified elements (which, as a result, are not considered open source).

Which licence will Apple use?

Apple hasn't announced yet which open source licence they intend to use but they have said that it will be an open source initiative-approved permissive licence.

This bodes well for developers. Not only will the open-source nature of the programming language mean that it can potentially be used outside of the Apple ecosystem (Apple have already announced there will be a port for Linux) but a permissive licence will give developers the freedom to adapt and modify the code to create new and exciting software, with certainty that they will own their work and not to have to share the code on an open-source basis.

What's in it for Apple?

The two key benefits for Apple are (1) product diversity; and (2) greater integration. By making Swift open source, they are opening it up to a world of developers who will adapt and change it in ways Apple had not considered, creating new and improved applications and software, most of which will be made available via Apple's appstore.

After several years in development, The Consumer Rights Act 2015 has received Royal Assent and has been published in its final form. View the full Act here. 

The Act is intended to replace or substantially amend a wide body of UK law and regulation around consumer contract law, including the long-standing Sale of Goods Act 1979, Sale of Goods and Services Act 1982 and Unfair Contract Terms Act 1977. 

It will provide a consolidated point of reference for consumer law, making it easier for businesses and consumers to understand their respective rights and obligations.

The majority of the Act’s provisions will come into force on 1 October 2015 and will only affect contracts entered into after that date. This means that businesses have several months to ensure that their contract terms comply with the new laws.

In the meantime, The Trading Standards Institute has published a series of guides on the new Act and how it will affect the sale of goods, supply of services, digital content, and unfair contract terms. You can access those guides here.

Apple has been in the news recently, following an update to its iTunes and App Store terms of use. The Guardian and other media outlets, have reported on a change to its terms for EU countries, which allows customers to cancel a purchase within 14 days.

The Consumer Contracts Regulations 2013

Apple have made this change in order to comply with new EU consumer protection regulations, which came into force on 13 June 2014. The regulations require that, where digital content is purchased via distance means (i.e. online or over the telephone), the customer is given a no-quibbles right to cancel the contract and receive a full refund if they contact the seller within 14 days. The customer must also be informed of this right, in writing (e.g. via terms & conditions).

The regulations also set out an important exception to the right to cancel. The customer will waive the right to cancel by choosing to download or stream the digital content within the 14 day cancellation window, provided that they have been told they will lose the right to cancel as a result and they have explicitly acknowledged this.

The guidance to the regulations says that it is not enough to mention the exception in your terms & conditions and rely on the customer's acceptance of those terms.

Apple's Implementation of the Regulations

Apple's terms of use do refer to this exception: "You cannot cancel your order for the supply of digital content if the delivery has started upon your request and acknowledgement that you thereby lose your cancellation right."

However, referring to the exception isn't enough. The regulation guidance says that the seller must take further steps to notify the customer of the consequences of downloading the app before the 14-day period expires and the customer must take positive action to acknowledge acceptance of that (i.e. by ticking a box). It doesn't appear that Apple has introduced any means for its customers to give this acknowledgement before starting a download.

Those in the app development and entertainment industries are understandably concerned about Apple's move. Including the cancellation right in the terms, but not taking the steps necessary for the exception to apply, potentially enables customers to download and complete games and films, or download and copy music, and then contact Apple for a full refund.

It isn't clear whether Apple plan to introduce a method for customers to waive their cancellation right.

What Others Do

Other major app stores, such as Google Play and Amazon's AppStore, do not appear to refer to the 14-day cancellation right at all. This is risky as, under the regulations, failing to inform the customer of their cancellation right results in an extension of the cancellation period of up to 12 months.

Our Tips

If your business provides digital content, your terms of use should inform the consumer that they have the right to cancel and provide details of how they can exercise it. However, you can take advantage of the exception and avoid the need to accept cancellations in practice by making it clear to customers that, if they download or stream the content within the 14 days, they will lose the right to cancel, and having them acknowledge that.

The easiest way to do this is by having a tick-box acknowledgement as part of the checkout process, or prior to download, which is mandatory in order for the consumer to proceed with the transaction.

Further Queries

If you have any queries regarding consumer cancellation rights, or any other aspect of consumer law, please do not hesitate to contact our commercial team on 0845 241 9500.

Status of this Update

Virtually all businesses will enter into all sorts of commercial arrangements and money-making ventures on a day to day basis but too often fail to consider the underlying contractual implications.

Here, we debunk a few myths which often contribute to a business' neglect of its own legal security and commercial liability.

1. I don't need a written contract

No business wants to spend money unnecessarily but written contracts are often mistakenly seen as a wasted expense. One common sentiment is that "nothing has gone wrong so far" so a business decides to operate on a hand-shake or one page document, trusting that nothing will go wrong this time either.

Things quickly change if something does go wrong. What if the other party tries to terminate your agreement, or isn't performing as you want them to, or fails to pay you, or complains that you have breached the terms of your deal and tries to claim money from you? Without anything in writing, you will struggle to determine what your position should be and what you can do about it.

Those are just a few examples of the sorts of issues and disputes which a written contract will normally anticipate and legislate for but there are many more.

The fundamental question to ask is "what is the business risk?" related to the contract. One-off, low value, deals may not involve too much risk but even the supply of one piece of equipment throws up numerous issues (for example, the law implies that you give certain warranties (promises) in relation to such equipment) and the liability you might have if something goes wrong. Longer term arrangements, or contracts or deals with a higher value, are likely to involve more risk and it therefore becomes even more important to have a robust written contract to protect you and your business investment.

2. DIY contracts do the trick

The second most common myth is that there is no need to get lawyers involved for a contract and that a business can draw one up itself, often taking 'inspiration' (i.e. copying and pasting), from others it has come across or finds online.

This is a serious mistake. A business' first instinct is to agree the commercial details of a deal and make sure it is getting good value. That is clearly important but a business can do a very good commercial deal but completely wipe out the value by signing up to inappropriate legal terms or not having any at all.

Non-existent or inappropriate legal terms, and focusing simply on what the has been agreed from commercially, exposes a business to potential risks and liabilities. We have a common law system whereby certain legal principles (and liabilities) may apply to a contract even if they're not mentioned in it. This is the stuff that gets missed in DIY contracts but that lawyers are trained to spot.

Even worse, a business may transpose legal terms from other contracts it has entered into, or seen elsewhere, without fully understanding what they mean or whether they are relevant.

Contract drafting is a skill, which needs to be learnt and which involves knowledge of a bank of case law, statute and, increasingly, EU regulations. A commercial solicitor will have this knowledge and the experience to apply it to your specific business situation.

Without this knowledge and experience, a written contract may well be worth nothing – or even potentially expose you to more liability than if you didn't have a written contract at all. It is no good, once the wording of a contract needs to be relied upon, to say that it was supposed to mean, or do, something which in reality it doesn't.

3. One size fits all

Businesses which do go to the trouble of having a contract drawn up, sometimes think that they can change a few words and it will work for other situations and deals but this is not the case.

There may well be some contracts which can be made as versatile as possible for use day-to-day and a commercial solicitor should always try to help you achieve this. Standard terms & conditions and a wide range of goods, services, licencing and business agreements, can be made capable of being adapted and used time and time again. However, a good commercial solicitor will clearly highlight the terms which should, could, and should not, be changed and provide instructions on making changes.

Without this guidance, or with some contracts which are negotiated and/or prepared for a particular business deal or set of circumstances, re-using a contract is dangerous. These will often be the more important business contracts that are only entered into from time to time and it is therefore risky to try and use them in other circumstances without seeking legal advice.

Likewise, businesses sometimes think they can accept another party's contract terms without much scrutiny, on the basis that it looks like a contract should look and surely couldn't contain anything too bad. Putting aside the risk that the other party is guilty of falling for one of these myths, the reality is that contracts are very easily skewed to favour one party or the other and you may well be signing up to very onerous terms. In the worst case scenario, the contract may contain something truly oppressive or inappropriate, whether intentionally or not.

4. My terms apply to the contract

Getting terms & conditions drawn up is all well and good but they are worthless if they are not properly incorporated into contracts. Too often, a business will go through the trouble of having terms prepared, and then put them in a drawer never to be seen again.

The rules on the incorporation of terms into a contract can be complex but the basic requirement is that the terms are brought to the other party's attention before the contract is formed. This will normally mean providing a copy of the terms, or referring to them in whatever order form/quotation/booking or other document you use to record the key details of the contract.

This should be straightforward but things become more difficult when the so-called "battle of the forms" happens, where the other party is trying to impose their own terms on the contract. In this case, it is the terms which were imposed last (at the point at which the contract is made) which prevail.

Simply having a sentence in the terms saying that they apply to the exclusion of any others is not enough, particularly as the other party's terms will most likely have something similar. In this case, it is important to establish which terms should and do apply to avoid any nasty surprises later on.

5. Nothing in writing, or no signature, means no contract

Some businesses think the opposite of myth #1, that if there is nothing on paper, there is no contract to worry about. They may think they don't have to perform their obligations, or can get out of paying, or terminate the arrangement immediately and without any liability.

This is not the case. Contracts may be formed orally, as well as in writing, so a contract can be formed by having a discussion. This is one of the key reasons that a comprehensive written contract can be so important as it avoids the risk of disagreements arising over what was discussed and agreed.

Another common mistake is to think that, just because a contract which was prepared or handed over wasn't signed, it never came into effect. Just as you can enter into a contract orally, you can also do so by writing the terms down, but there is no legal requirement that the document is signed.

It is the intention of the parties that matter, so if a business was to receive a contract from a supplier/customer, and then began to perform its obligations under it (albeit without signing the document), it could be deemed to have accepted the contract.

6. The lawyers are just trying to generate fees – it's an unnecessary expense

Clearly solicitors need to earn a living and are trying to generate business – but it's genuinely in the interests of our clients. Without exception, it's always more difficult to sort out a subsequent problem than it is to do the contract properly in the first place.

Contact us

Introduction

In January 2012, the European Commission published its proposals for the reform of EU data protection laws. It is expected that the reforms will come into effect in 2016 and will significantly change data protection law, putting additional financial and administrative burdens on businesses across the EU.

Why the change?

Data protection is currently governed in the UK by the Data Protection Act 1998, which implements the EU’s Data Protection Directive. The Directive is in effect across the EU but there is inevitably some variation in the interpretation and implementation of the Directive by national governments.

The EU’s proposal is to introduce a new set of regulations which update the principles contained in the Data Protection Directive. EU regulations, unlike directives, do not require implementation by the national governments. They automatically have legal effect across the EU’s member states. This avoids the risk of variations in the application of the laws in the EU member countries.

Key Proposals

Non-EU Data Controllers - currently, data controllers based outside the EU are only caught by the EU data protection laws if they have a local branch or equipment based in the EU which processes personal data.

The regulations will expand the territorial reach of the data protection laws so that data controllers outside the EU will be required to comply with the regulations if they offer goods or services to, or monitor the behaviour of, data subjects living in the EU. This will include companies which run websites using cookies to track users and customise the website to suit their preferences.

Data Processors - for the first time, data processors will have direct obligations under the EU regulations. Previously, the laws applied only to data controllers, who were responsible for policing their data processors’ actions.

Explicit Consent - currently, data controllers often presume that data subjects are consenting to the processing of their personal data when they provide it, i.e. by registering an account or filling in a form.

The regulations will require that data controllers obtain the data subject’s explicit consent, either via a statement or by a clear affirmative action, before processing their data.

This will be one of the most onerous new obligations and will pose practical and administrative problems for data controllers. Consent must also be proven for existing data subjects and should be refreshed from time to time.

Right to be Forgotten - the ‘right to be forgotten’, which has become famous following the recent Google ruling, has been planned by the EU Commission for some time. The regulations will give individuals the right to demand that a data controller deletes all of their personal data and stops using and distributing it.

Where the data has been made public, the controller must take all reasonable steps to inform third parties to delete copies of the data and any references to it. As with the need for explicit consent, this will be one of the most difficult and costly measures for data controllers to implement .

International Transfers - international transfers, meaning transfers outside of the EU, will be largely unchanged under the new laws.

As under the current laws, data may only be transferred outside of the EU if:

the country to which data is being sent has been deemed by the European Commission to have adequate data protection laws (a list of such countries is available at http://ec.europa.eu/justice/data-protection/document/international-transfers/adequacy/index_en.htm); 

where the country has not been deemed to have adequate protections by the Commission, appropriate safeguards – such as minimum contractual obligations – are put in place; or 

one of the derogations apply.

Currently, the EU can only make a finding of ‘adequacy’ in relation to a country as a whole. Under the new laws, it could alternatively find that a particular territory or sector of a country, or a particular international organisation, have adequate protections.

The derogations under the new laws will largely mirror those currently in place. The most commonly used is that the individual has consented to the transfer, which continues to apply.

Record Keeping - new accountability rules will require all data controllers and data processors to maintain documentation of all processing operations under their responsibility. This must include details such as the purposes of the processing, the types of data subjects and personal data involved, details of any recipients of the data, and of the internal mechanisms for data processing and protection.

Data Protection Officer -public authorities and large companies (250 or more employees) will be required to appoint a data protection officer for a minimum initial period of 2 years. This officer must be allowed to operate independently and report direct to management. This applies to both data controllers and data processors.

Sanctions - the regulations will introduce new, tiered penalties for breach of the provisions, with fines of up to 2% of annual turnover.

Preparing for the new regulations

Given that the regulations are still under review and not likely to be in force for another 12-24 months, it is difficult to begin introducing new policies and procedures at this stage. However, businesses should begin to prepare for the changes and be ready to ensure that they can become compliant by the implementation date. Preparatory steps could include:

Budgeting for conducting a thorough review and implementing changes to policies and procedures;

Reviewing how personal data is collected, how consent is obtained for processing, what (if anything) you tell data subjects about the use of their data, and what might need to be changed as a result of the new regulations;

Reviewing data protection policies with a view to updating them;

Reviewing any arrangements with data processors and ensuring suitable agreements are in place with them for the use and protection of data; 

Reviewing any arrangements for the international transfer of data and, where data is transferred outside of the EEA, ensuring that sufficient protections are in place for the personal data.

The Intellectual Property Rights Act 2014 received Royal Assent on 14 May 2014 and is due to come into effect in October. The Act will modernise certain aspects of intellectual property (IP) law and assist those seeking to protect and enforce their rights in the UK and beyond.

The bulk of the changes relate to patents and design rights.

PATENTS

Enhanced European Patent System

The Act paves the way for the creation of a pan-European patent right, known as Unitary Patent Protection (UPP), and of a Unified Patent Court (UPC). It is expected that these initiatives will create a uniform system across the EU, making it easier and cheaper for businesses to protect and enforce their patent rights within the EU.

The proposals for the UPP and UPC are set out in the EU’s “UPC Agreement”. In order to take effect, the agreement must be ratified by at least 14 EU member states. It will then come into effect 4 months from that date, which the European Commission expects to happen in early 2015.

The Act does not actually implement any of the aspects of the UPC Agreement but it does give the Secretary of State the power to do so in the future.

To find out more about the plan for the enhanced European patent system, see this guidance note published by the Unified Patent Court preparatory committee.

Virtual Patent Marking

Putting a party on notice of a patent can act as a deterrent to infringement and may also improve the holder’s prospects of successfully claiming damages in the event of an infringement.

The Act introduces virtual patent marking, whereby patent holders can mark their products with a weblink instead of individual patent numbers. The weblink will direct third parties to a page showing the details of the patents and any other related applications.

The link will put people on notice of the patent in the same way as a number, whilst the detailed information on the webpage will create a wider opportunity for the patent owner to claim damages against a party that infringes the patent.

Added benefits include that third parties will have more information about the scope of the patent, helping to avoid potential confusion and disputes; and that the holder will be able to easily alter the contents of the webpage and will not have to alter the markings on the products themselves or their packaging.

Patent Opinion Service

The patent opinion service, which was established in 2005, provides an opinion on patent validity to assist with disputes. The Act will enable the service to also provide opinions on supplementary protection certificates.

DESIGN RIGHTS

Changes to Registered Designs

The Act will enable the UK to join the Hague Agreement on the International Registration of Industrial Designs, meaning it will be one of a range of countries in which you can register your design rights via one central application with one fee, but provides a separate protection in each of your selected countries so a challenge in one does not invalidate all of the others.

This is an improvement on the current situation, whereby a single application can be made for protection throughout the EU but this is vulnerable to central attack, which can result in a loss of protection across the EU.

The Act will create a right for a party to continue its prior use of a design which becomes registered. This will apply where the party acts in good faith and is either continuing its use of a design or has made serious and effective preparations to use the design.

It also introduces a new criminal offence of intentionally copying a registered design, which carries a maximum sentence of 10 years’ imprisonment.

 Design Opinions Service

The Act will introduce a design opinions service, similar to that for patents. The intention is that the service will reduce the number of design disputes requiring the courts’ involvement. A holder of a registered design right, or a third party affected by such a right, may request an opinion from the Intellectual Property Office on the validity of the design’s registration and whether it is infringing, or being infringed by, another design.

Scope of Unregistered Designs

The Act will narrow the scope of unregistered design right to reduce the risk of trivial features of designs being protected. Unregistered design right will be available to protect the design of the shape and configuration of an article, as opposed to extending to any aspect of its design.

The test for originality is also clarified. A design may lack originality and therefore not be capable of protection if it is "commonplace in any qualifying country", which expressly includes any EU member state.

Ownership of Unregistered Designs

Currently, the UK differs from the rest of the EU in that design rights (unlike copyright) belong to the party who commissioned the design rather than the designer. This will be changed, bringing the UK in line with the rules on European community designs.

Once the changes come into effect, commissioners of designs will need a signed agreement saying that the designer assigns their rights. As with copyright, this change will not apply to employees, so the employer will continue to own any design rights created by employees during the course of their work.

Private Use of Unregistered Designs

It will be a defence to infringement for third parties who use designs for private (non-commercial), experimental and/or teaching purposes.

These defences already exist in respect of registered designs. This change also harmonises the UK position with that under EU law.

CONCLUSION

Many of these changes will be welcomed by businesses as reducing the costs and administrative burden of registering patents and designs, as well as clarifying how those rights are protected and infringed. 

Although the Act is expected to come into effect in October 2014, the changes to registration of both patents and designs will take longer. The EU expects the unified patents system to come into effect in early 2015 but it may be delayed until 2016. The design registration changes are also likely to come into force in 2015.

A number of our clients have benefited recently from our help in negotiating with the following household name companies:

Tesco

Waitrose

Barclaycard

Peugeot

EDF

Wilkinsons

BT

Yodel

Proctor & Gamble

Thomson

Why negotiate?

Sometimes there’s a tendency to be grateful that you have got to the point of having a contract with a client, particularly if it is a big business with the potential for great sales.

This gratefulness can lead to a desire to be accommodating and that may lead to signing a contract without reviewing or negotiating it.

Whilst it makes basic commercial sense just to sign and get on with sales, it’s not always the best idea in the long run. Most big corporates have very onerous, very one-sided agreements that shift all risk to you as the supplier and can expose your business to significant liabilities.

That’s why it’s always a good idea to get the contract checked over to identify significant risks and negotiate some of these out/down where appropriate. Some of the classics that get missed are:

The term of contract being stated to be a fixed period but allowing the customer to get out early without any termination payment

No minimum purchase requirement – i.e. they talk about a contract being worth so many millions of pounds, but actually, there's no commitment to purchase

Very onerous on-going warranty/maintenance periods

No limits on liability (or very high caps) that are completely out of kilter with the contract value

Very wide indemnities that cover everything under the sun

Standard clauses that are inappropriate – such as requiring IP ownership when you’re supplying software services

As well as trying to avoid some of these common pitfalls, there is also a very positive reason for getting your contracts right.

Good customer contracts become valuable assets of your business. If you are moving towards an exit or looking for investment, having good contracts in place will add value to your business. Bad ones have the opposite effect.

How do we negotiate for our clients?

These negotiations can often be hard work.

We have to push hard against intransigent legal and procurement teams to try and protect our clients’ interests, whilst using enough charm to ensure we don’t sour any of these important customer relationships.

We often have to persuade and cajole in-house lawyers to agree to mutually acceptable contract terms when the original proposal was heavily weighted in their favour (we've even managed this recently with a couple of supermarkets).

These issues that we have to deal with over and over again are:

having to 'peg back' unreasonable standard terms so that they match what our client will actually deliver in practice

dealing with procurement departments/in-house lawyers who fear straying from their precious 'standard terms'

constant hand-overs between different in-house lawyers/legal secondees

With a lot of our clients we have very long term relationships and understand their businesses and risk parameters very well. This means we quite often know what they can/can’t agree to without having to take detailed instructions. The longer a relationship goes on, the better we get at negotiating contracts on our client’s behalf.

Some of our clients who require regular contract assistance use our discounted, fixed fee retainer. This helps to spread the costs and manage the legal budget better.

We really can do as little or as much as you like – we fit the service to your requirements and budget.

Do you need any help?

The European Court of Justice has decided that internet browsing which involves viewing copyrighted content does not require the copyright holder's permission and is not copyright infringement.

This is the latest in a recent flurry of court judgments which apply copyright and other intellectual property laws to digital content, providing much needed clarification of how traditional intellectual property rights are applied and must be adapted to reflect the internet age. 

This decision confirms that internet users do not need the permission of a copyright holder to view online content. Although on a different topic, this decision marries well with the recent court decision confirming that it is acceptable to provide clickable weblinks to copyright works which are freely available online.

There is a theme emerging that material published on the internet - which is made freely available - can be browsed, referenced and linked to without the copyright owner's consent. This would appear to limit copyright owners' ability to prevent aggregation and viewing of their material online. 

Case Summary

The Newspaper Licensing Agency (NLA), a body set up by the publishers of newspapers in the UK for the collective licensing of newspaper content, licensed its content to Meltwater News, an online news report monitoring service. NLA argued that the users of Meltwater's service should also have a licence with the NLA.

As part of its argument, it said that viewing the material required the authorisation of the copyright holders because it led to copies being made on the user's computer screen (on-screen copies) and in the internet "cache" of that computer's hard disk (cached copies). It contended that those copies constituted "reproductions" that did not come within the copyright exemption allowing temporary acts of reproduction.

The court disagreed. It decided that the copies made when viewing content online were temporary. The on-screen copies were deleted when the internet user left the website; and the cached copies were usually deleted and replaced by other content over time. The other conditions for the exemption were also met:

The reproduction was an "integral and essential" part of a technological process because it automatically happened when accessing the website. It was irrelevant that the process was acted by the internet user.

The reproduction on-screen was "transient" because it was terminated when the user left the website. The cache copy was "incidental" as they were a by-product of viewing the web page and did not exist independently of the technological process used to view the content.

Contact Us

In a case that triggered a mass media storm, the European Court of Justice recently ruled that a Spanish man had the “right to be forgotten” in online searches.

Despite the widespread reports to the contrary, the court’s decision does not amount to an indiscriminate right to have personal data removed. Rather, the case reaffirms law which is already in effect and imposes that law on Google as a search provider and "data controller". The law in question is that a data controller – meaning an organisation which determines the purposes for which and manner in which an individual's personal data is to be processed – must only process data lawfully and for a legitimate purpose and must be satisfied that such data is accurate and relevant.

The case was very specific in that it applied to a search engine operator, of which there are only a few. It remains to be seen how the ruling may apply to other websites and online service providers. Nevertheless, it is a useful reminder that data controllers must process data lawfully and must consider any requests that personal data be updated, rectified or removed.

See below for further details on the case and commentary. The Information Commissioner's Office has also published an interesting overview of what it has learnt from the EU judgment, which you can view here.

CASE SUMMARY

Mario Costeja González argued that a 1998 report about his repossessed property, which is still available online, was appearing in Google results and adversely affecting his reputation and financial status despite his finances now being in order. He argued that the information was now inaccurate and irrelevant and displaying it was an invasion of his privacy.

Google argued that it is merely a service provider and not a publisher, meaning it merely displays data which others publish and control and that it should not be held responsible for such data. However, the court disagreed and found that, under the EU’s Data Protection Directive, Google is both a data processor (because it accesses and processes data from other websites) and a data controller (because it has the power to decide how it uses and displays the data) and is therefore bound by the obligations set out in the directive.

Those obligations include a duty to ensure that all data held is accurate and, where necessary, kept up to date; to process data fairly and lawfully; and an obligation to consider and respond to any objection to the processing of data and/or comply with a request to have any non-compliant data (i.e. inaccurate or out-of-date data) corrected, erased or blocked.

Therefore, the court ordered Google to remove the relevant links and said that it – and other providers in the same position – should examine any future requests of this sort on its merits. Where a data controller does not grant the request, a data subject may take his or her case to a relevant regulatory or judicial authority.

COMMENT

This case is unusual for two reasons:

First, the court did not apply the same ruling to the original publisher – a newspaper – on the basis that the article had been lawfully published at the time and there is an exemption in the data protection laws for media organisations. Its justification for singling Google out rather than also applying the exemption to links to that data, was that Google brings various sources of information together into one service, enabling people to easily access a lot of personal data which they might not otherwise find.

Second, the court went against the opinion given by Advocate General Niilo Jaaskinen in June 2013. He said that Google should not be responsible for content published by third parties and that the Data Protection Directive does not establish a “right to be forgotten” but merely the right to rectification or deletion of incomplete or inaccurate data. He said that enabling the deletion of personal data at an individual’s request would amount to censorship.

It is difficult to assess the full effect of the case at this early stage but, for the most part, it does little to change the underlying EU and UK data protection laws. The key aspect is the confirmation that Google is a data controller like any other and must comply with the data protection laws.

Other online service providers who receive, store and process data are likely to be in the same position. It is important to emphasise that the ruling only applies to out-of-date (meaning information which is no longer relevant or applicable – details of Mr González’s property repossession in this case), incomplete or inaccurate data. Therefore, fears about a blanket “right to be forgotten” and censorship are unlikely to be realised.

Also, the court has said that the rights of the individual must be balanced against the wider public interest, so if there is an ongoing public interest in the data, it will not need to be removed.

Still, this ruling and the avid attention it has received, is likely to result in a spike in so-called “subject access requests” (a legal process by which individual’s request a copy of the data held about them) and requests to remove or edit personal data. Data controllers must consider these requests on their merits and respond accordingly. If you are a service provider but do not ‘control’ the data, the ruling may well not apply to you but you may still have to expend the time and resources to consider and respond to requests.

In any event, it may be that ongoing law reforms amend this area further in the future.

Parliament is currently scrutinising a set of 5 regulations which, if approved, will introduce new and amended exceptions to copyright protection into UK law from 1 June 2014.

UPDATE: The Government has now announced that the "Personal Copies for Private Use" and "Quotation and Parody" regulations are unlikely to come into force on 1 June 2014 as planned because further scrutiny is required. It is not yet known when they will come into effect, if at all. The other regulations will take effect as planned.

Full Briefing

In May 2011 Professor Ian Hargreaves published an independent review into intellectual property rights, which included a number of recommendations for updating and harmonising UK law, most of which the Government subsequently accepted.

One result of the review has been a set of 5 draft regulations which set out new exceptions to copyright protection. These are:

The Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014

The Copyright and Rights in Performances (Quotation and Parody) Regulations 2014

The Copyright and Rights in Performances (Disability) Regulations 2014

The Copyright and Rights in Performances (Research, Education, Libraries and Archives) Regulations 2014

The Copyright and Rights in Performances (Public Administration) Regulations 2014

Below we have briefly summarised the purpose and effect of each of the regulations.

“Personal Copies for Private Use” Regulations

One of the black holes in UK copyright law – particularly in the digital age – has been the prohibition on making copies of copyrighted work for personal use. This technically means that it is illegal, for example, to copy a legally downloaded single from one device to another. These regulations will update the law so that it is legally possible to make copies of a copyrighted work (which has been acquired legally on a permanent basis) for private use.

The new right will apply retrospectively to any copy made before the regulations come into force. The exception will not apply to computer programs, nor to the provision of copies to another person for their use. Also, if the original purchased work is sold, the exception does not allow the seller to retain his personal copy for continued use without the consent of the copyright holder.

The regulations also include a procedure to allow anyone prohibited from making a personal copy of a work – for example due to DRM restrictions – to make a complaint and for the Secretary of State to make an order requiring the copyright owner to remove such restrictions.

“Quotation and Parody” Regulations

In addition to the existing right to use copyrighted works for the purposes of criticism or review, these regulations will enable the use of otherwise copyright protected works for quotation or parody. Copyright will not be infringed by the use of a quotation provided that the quotation is fair and no more than necessary for the purpose for which it is used.

For some time, it has generally been accepted that parodies and caricatures are a fair use of copyrighted works and do not infringe the owner’s rights. That has also been expressly stated in the EU’s Copyright Directive but is only now being formally adopted in the UK. The new UK law will require that the use of works for the purposes of parody is in “fair dealing”, unlike EU law.

“Disability” Regulations

The Disability regulations repeal and replace the laws on provision of copyright works to the visually impaired. The new laws include an exception for disabled people more generally, as opposed to just the visually impaired.

“Research, Education, Libraries and Archives” Regulations

These regulations introduce a number of changes to existing exceptions. They amend the existing law to allow all types of copyright work to be used for the purposes of research and private study. They also introduce a new exception for making copies of work for text and data analysis research for people who have lawful access to a copy of such works.

Other amendments relate to the use of copyright work for educational non-commercial purposes, enabling educational establishments to use copyright works without infringement provided sufficient acknowledgement is given.

“Public Administration” Regulations

These regulations will make it easier for public bodies to deal with copyright material without risk of infringement. Public bodies will be able to make copies of documents available online as well as in paper form.

  Conclusion

The new regulations are currently being scrutinised by Parliament and, if approved, will come into force on 1 June 2014. The Government has announced that the "Personal Copies for Private Use" and "Quotation and Parody" regulations will not come into effect on that date.

On Friday 13 June 2014, new consumer regulations come into force in the UK, affecting businesses which sell goods or services to consumers (meaning individuals not buying in the course of business).

If you sell to consumers, you should be aware of these new regulations and carefully check that your contracts, terms & conditions, sales information and procedures, are compliant. If you require our assistance, please contact Ian Grimley.

Full Briefing

The Consumer Contracts (Information, Cancellation and Additional Payments) Regulations 2013 come into force on 13 June 2014, implementing the final parts of the EU’s Consumer Rights Directive.

They will affect contracts with consumers (meaning individuals not acting in the course of business) both on the trader’s premises and off-premises via doorstep selling (sales at the consumer’s home or place of work) or distance selling (sales via telephone/internet).

If you trade with consumers, you should check carefully whether your existing contracts, terms and sales procedures need updating before the implementation date.

The two key changes are to the information requirements and consumer cancellation rights:

Information Requirements

Under existing regulations, traders are already required to provide certain pre-contract information to consumers in both distance transactions (i.e. telephone/internet) and doorstep transactions (those concluded at the consumer's home or workplace).

The new regulations extend these requirements by adding to the information which must be given to the consumer and by applying some of the requirements to trader's who sell on-premises.

The purpose of the requirements is to make transactions easier to understand for the consumer. The main requirements are (not an exhaustive list):

to describe the main characteristics of the goods or services;

to set out the identity of the trader, including its geographical address and telephone number (this is distinct from the obligations on companies and website owners under other regulations);

to give full details of the costs of the goods or services (or an estimate where a definite cost cannot yet be provided), as well as any additional charges and delivery costs;

to explain the payment, delivery and performance arrangements;

to provide details of the trader’s complaints handling policy, where applicable; and

to provide details of any after-sales services or guarantees.

Traders in doorstep or distance transactions will be required to give the consumer a copy of the contract and are subject to additional requirements, such as providing details of:

the right to cancel (see below for details of the new rights);

the trader’s return policy; and

details of any codes of conduct which apply to the trader or of any supervisory authority to which they are subject.

A cancellation form must be provided where the right to cancel exists. The regulations include a model cancellation form which can be used.

For on-premises and distance transactions, this information can be “made available to the consumer”, meaning that it must be reasonably easy to access it. In doorstep transactions it must be “given” to the consumer, meaning that the trader must actively provide the information (hand it over) as opposed to making it generally accessible.

In electronic transactions, traders must make certain information clear to the consumer directly before the ordering process is completed (this is normally done via an order summary webpage). It must also be made clear that, when placing an order – for example by pressing a button on a website – the consumer is entering into an obligation to pay. If the trader fails to do this, the consumer will not be bound by the contract. 

Cancellation Right

As under the current regulations, consumers will have the right to cancel a contract which is entered into via distance means or away from the trader’s premises. The cancellation period has been increased from 7 working days and 7 calendar days (respectively) under the previous regulations to 14 calendar days.

The cancellation period will normally run from the day after the date of delivery, provided the consumer has been informed of their right to cancel. If they are not informed, the cancellation period is extended until the information is given, up to a maximum period of 12 months and 14 days from delivery. Cancellation rights also exist for services.

If the consumer cancels, they will be responsible for returning the goods. The trader must make the refund, including the cost of standard delivery, without undue delay and no later than 14 days after the date of receipt of goods by the trader. Unless the trader has specified otherwise in its terms, it will also have to bear the cost of returning the goods.

There are various exceptions to the right to cancel which will continue to apply. For example, there is no right to cancel for passenger transport services, off-premises (but not distance) contracts for no more than £42, specialist or personalised goods, various food/drink goods, and sealed audio/video goods or computer software which have been unsealed.

Miscellaneous Changes

The new regulations will introduce a variety of other changes:

Additional charges – the consumer’s express consent will be needed for additional charges. Default tick boxes on forms/websites will not qualify as express consent.

30 days delivery time – unless otherwise agreed, the default time for delivery of goods will be up to 30 days.

After-sales support – telephone numbers for after-sale services/customer support must either be a geographic number, mobile number, a free number or – if another number is used – the charge may not be greater than the standard rate for a geographic number.

Passage of risk – risk in the goods will pass to the consumer when they come into their physical possession or the possession of a person identified by the consumer.

Enforcement – more robust enforcement measures have been introduced for traders who fail to comply with the regulations. Enforcement functions have now been transferred from the Office of Fair Trading to Trading Standards.

Conclusion

All traders should be aware of these changes and ensure that their terms and procedures are compliant but the new regulations are particularly relevant for distance and doorstep sellers, who will need to update not only their terms but also their ordering processes and correspondence.

You can review the regulations in full here.

If your business creates any software or code, chances are it's quite technical.

If you're applying to the bank for a loan or overdraft, seeking investment or looking to sell the business or even just instructing an accountant or solicitor, you'll need to educate people about your business and its assets pretty quickly.

One thing you can do to help with this education process is to prepare product summary sheets – a one or two page document that explains the software, its history and perhaps your future plans for it.

Recently we helped a client with this exercise, on each summary sheet we set out:

the name of the software product, any old names for it and any derivative products associated with it;

product logos, registered trademarks and unregistered trademarks;

the history of the product, being who developed it or how the business came to acquire it – the main thing here is to show how you own the software product;

whether any third party software was incorporated in the product and, if so, details of how it was licensed; and

any other relevant information, such as significant commercial arrangements associated with the product.

You could also go one step further and add key financial data, such as the annual revenue arising from that product.

You can download an example of a summary sheet here.

A version of this article first appeared on AccountingWeb and can be found here (you will need to register to view this on AccountingWeb) 

In this article we take a look at the due diligence process on the sale of a business.  Most of you will be familiar with what due diligence is and many of you will appreciate that it is often a difficult process from which many buyers and sellers struggle to derive value.  We consider how it should be approached and give some tips for surviving it.

Is due diligence inevitable? Any prospective buyer of a business should want to be as sure as possible that the business is worth what they are paying for it.  It's therefore understandable that they will want to kick the tyres and carry out some investigations into the business, its assets and people.

If you want to sell your business it is possible that you will find a buyer who is willing and has the money to just write a cheque without doing due diligence.  However, especially in these economically difficult times, buyers like this will be few and far between.

We often find that even if some people on the buying side are willing to proceed with minimal due diligence (perhaps a director who is championing the deal at a commercial level) often they are unable to do so because others (funders, shareholders, the main board) require thorough due diligence.  So don’t just accept at face value any assertion that due diligence will be 'light touch' or 'limited' – make sure all stakeholders on the buying side agree with this.

What the reality of due diligence often is Due diligence can certainly be a painful process for buyers and sellers alike: it can consume a lot of time and result in high professional fees.  We have been involved in plenty of deals where this has created friction between the parties: – "why is your lawyer/accountant asking this irrelevant question – can’t we just get on and sign the deal?","why is it difficult to provide this basic information which you should have at your fingertips?".

In addition, it's a common complaint that the only persons who receive value from the due diligence process are the professional advisers who conduct it, with the sellers, buyers and target business having got little of genuine use from the process.

Collaboration not confrontation Sellers should assume from the outset that any buyer is going to want to investigate every element of the business and will only proceed if it has all the information that it needs. If a seller does this then his interests are likely to be aligned with those of the buyer: they both have the aim of all relevant information being in the open.

A buyer who is invited to see everything about a business is likely to have confidence that the seller has nothing to hide and, as a result, trust between the parties should grow.  In contrast, if you have a seller who is unwilling or unable to provide information the opposite is likely to happen and it may actually mean that a buyer feels it needs to conduct more thorough due diligence.

Cracking old chestnuts Sellers are sometimes tempted to assume that a buyer won’t find out or won’t be bothered about a particular issue.  Sometimes this turns out to be right but, if it isn't,  the consequences can be significant – the buyer can decide not to proceed or the deal terms can change significantly.

From a legal perspective, we find that the same issues come up time and time again which cause problems in due diligence.  Often these issues are ignored or overlooked until late in the sale process.  When this happens, mistrust between the parties can creep in and renegotiation of deal terms and price reductions become much more likely.  Whereas, if the issues are identified and dealt with up front it is often possible for them to be resolved in a way which does not disrupt the deal process or terms.

Examples of these types of issues include:

inadequate documentation for customer and supplier contracts

inappropriate employment contracts for key members of staff

for intellectual property rich businesses (such as those that develop software) inadequate evidence that the business owns/has the right to use intellectual property

dilapidations liabilities on leasehold properties which have not been provided for

irregularities with share capital, where legal formalities have not been complied with.

Five tips for surviving due diligence for sellers

Assume it will take time and be comprehensive. If sellers start with this mindset then they can prepare accordingly and are less likely to be frustrated.

Put yourself in the buyer's shoes.  A seller should ask itself what questions a buyer is likely to ask and make sure that these questions can be answered.

Get organised early. Prepare early, well before potential purchasers are approached.

Resource it.  Assume due diligence will take time and then work out who is going to be responsible for fielding the different questions that will come in.

Roxburgh Milkins advised the shareholders of Bath-based property management company Touchstone, a longstanding client, on its recent sale to Places for People. 

Paladin Group, Touchstone’s parent company, was acquired by Places for People in a deal valued at £15.9m. It also saw the exit of NVM Private Equity, which backed Touchstone in 2006.

Roxburgh Milkins worked closely with Tim Saunders, the chief executive of Touchstone, who offers his thoughts here on a two-year journey – and some tips for others preparing to embark on the same process.

How much time should people allow in planning for a sale?

TS: We started two years out. Our private equity investors obviously needed to exit at some stage but we wanted to manage the process according to our timetable. Other factors were the desire to capitalise on positive market sentiment and also to correlate the completion timetable with that of the financial year, not drifting beyond Christmas 2012.

We spent the first 18 months on ‘tidying up’ the business. That meant stripping away those few parts not functioning particularly well or that did not really fit – anything which might put off potential buyers.

The last six months began with signing off a marketing strategy, then with preparing and issuing the information memorandum. We also set a planned exit date of 16 November. 

There were management meetings from late August with people who made offers in the right ballpark and we entered into exclusivity with Places for People at the end of September. That left us with six weeks to complete – and we hit our target exit date to the very day.

Who were your advisers and how did you manage them?

TS: I combined the roles of chief executive and finance director so I drove the process. 

I have had a 15-year association with Bruce Roxburgh, so Roxburgh Milkins handled the legal matters, while Deloittes were corporate finance lead adviser, also researching the market and co-ordinating inquiries. I’ve dealt with them for seven years. I trust them both.

By the time we were in the ‘exclusivity’ stage, with a willing buyer and a willing seller, my instructions then were simply: ‘Don’t mess up.’ My job was to read the documentation and to manage the process, but I’m neat and tidy and organised. You’ve got to have an eye for detail and you can’t really leave it all to your advisers.

Did the sale process have any effect on the underlying business?

TS: Not really, certainly not in any negative way. Because I was managing the whole process, the involvement of the other directors could then be limited. We needed to keep people focused on ‘the day job’, so I kept them in the loop without distracting them.

We needed to reassure our clients, some of them had been with us for as much as 14 years. So we identified a select group and told them what we were doing. The message was: 'Don’t worry. We’ve got your interests at heart in all this.'

What would you do differently?

TS: Not much really. It all went remarkably smoothly. NVM, who had put £6m into the business over six years, said it was the easiest deal they had ever done.

Did preparing your business for sale bring any wider benefits to the business?  

TS: By January 2012 we had sold off the last small element of those parts of the business which were not really making money and the management structure was in fit and proper shape for the future. 

Our decision to collate and store all the disclosure documentation ‘in the cloud’ also had benefits in the way we now manage our information.

Have you any tips for others planning to sell?

TS: Appoint advisers who are in tune with your way of working – and likewise in choosing your purchaser. There’s no point in being unnecessarily confrontational.

Prepare a virtual ‘data room’ for all due diligence inquiries. We kept our disclosure bundle in ‘the cloud’ rather than in 30-odd lever-arch files. It’s much more straightforward to control and manage access and, in terms of the process, makes life a lot easier.

Reassure your clients in advance – don’t give them nasty surprises. We told staff immediately afterwards but that was a low-key announcement because it was just a change of shareholders. There were no redundancies or employment transfer implications but as a management team we made ourselves available to answer questions.