SFA E-zine – The Tuesday Edition
Welcome to this week's edition of our SFA e-zine. I hope you all had an enjoyable and relaxing Easter.
We have another great week of interesting articles for you. We return to our GDPR tip with a look at keeping data secure, this is a two part tip so make sure you come back next week for the second half.
Last week the team issued a press release after attending the Brexit Loan Scheme launch at the Liffey Trust enterprise centre. We have an article about the scheme which may be of use to many of our members. There is also information about our upcoming Performance Management training course, which I encourage you to look at.
A second Sectoral Employment Order was issued which is expected to affect an estimated 10,000 qualified and registered plumbers and pipefitters. Make sure you are fully up to speed by reading Helen's article below.
There is a new guide from IEDR on website prices and how much you should pay. Read our article to make sure that you are informed.
As always, we’d love to hear from you about any queries you may have, issues you wish to have raised with Government or other stakeholders and your ideas on how we can improve the business environment for us all. Please contact me on tel: 01 605 1602 or e-mail: firstname.lastname@example.org or tweet: @SFA_Irl or visit: www.sfa.ie.
SFA in the media
- Brexit Loan Scheme
- Data protection
- Counterfeit goods
Brexit Loan Scheme
On Wednedsay, SFA issued a press release welcoming the launch of the Brexit Loan Scheme and calling for close monitoring of the scheme’s uptake. Sven Spollen-Behrens, SFA Director, stated: “The UK’s vote to leave the EU has already posed considerable challenges to Irish businesses and significant further difficulties may be coming down the tracks. This scheme is an important element of Ireland’s response to Brexit."
The full press release can be found here. It was covered in a variety of media:
The results of the SFA’s recent survey on GDPR-readiness among small firms were reported in the Irish Independent (print and online).
SFA data was referenced in a piece in The Times about street traders selling counterfeit goods.
Data breaches part one – keeping data secure
One of the key principles of GDPR is to ensure that personal data is kept confidential and secure. This week we look at how your business can safeguard personal data through your technical, physical and organisational security measures with the help of a recent guide that was published by the Data Protection Commissioner. Read on to avoid a Facebook-like fiasco…
Under GDPR, data controllers must notify the Data Protection Commission within 72 hours of becoming aware of any data breaches that pose a risk to the privacy rights of individuals. If the data breach poses a significant impact to individuals that could cause harm, for instance identity theft or a breach of their credit card data, businesses are required to notify those individuals as well.
A data breach could have significant repercussions for businesses in terms of the potential reputational risk with its service users, the risk of claims for material and non-material damages and administrative fines from the Data Protection Commission. To help reduce your risk of a data breach, the Data Protection Commission has just released an excellent guide for small businesses on how you can best safeguard personal data through your technical and organisational processes.
The guide offers three ways that businesses can ensure they implement the appropriate level of security through your:
- Technical security measures
- Physical security measures
- Organisational security measures
Technical security measures
When assessing whether you have the appropriate IT systems and security measures in place, it is important to liaise with your IT department or outsourced IT provider so that you ensure the following are implemented:
- Are all computing devices such as PCs, mobile phones and tablets on an up-to-date operating system?
- Are all computing devices regularly updated with the manufacturer’s latest software and security patches?
- Is antivirus software installed on all devices? Are devices regularly scanned for viruses?
- Is there a strong firewall in place? What other security measures can the firewall offer to improve data security and enable your business to control the movement of data?
- Has vendor-supplied software been reviewed to ensure that the default system, administrator, root passwords and other security parameters have been updated so that no default settings are left in place?
- Are there regular data backups and are they stored securely in a separate location?
- How often are data backups periodically reviewed and tested to ensure they are functioning correctly?
- What measures are in place to ensure that data is collected and stored securely?
- Are mobile devices such as laptops and mobile phones and tablets encrypted?
- Is there two-factor authentication for remote access to the company network and other shared devices?
- Do websites have TLS (transport layer security) in place to securely collect personal data via webforms for newsletter subscriptions or e-commerce websites?
What is essential is that your business has an in-depth understanding of how you receive personal data, where is it stored, whether it is stored on multiple devices, how secure is it and how easy is it to access it. Your IT department or provider can assist you in assessing if there are any vulnerabilities to your data and how your business can close that gap.
Physical security measures
Often when we think of data protection we think of electronic data only, however, GDPR also applies to hard copy data and safeguards should be put in place for physical data as well.
The guide recommends that small businesses should ensure that ICT equipment such as facilities, equipment, personnel, resources, and other properties have appropriate security measures. Examples of ICT equipment that may store personal data include:
- Computers — servers, desktops, laptops and tablets
- Photocopiers, multifunction devices and printers
- Mobile telephones
- Digital cameras
- Storage media including portable hard drives, USB sticks, CDs and DVDs
- CCTV cameras
- GPS tracking devices
Businesses should consider what is the risk level, if any, if these devices are breached? Do they hold personal data and for how long is the data held on these devices? Can the data be cleared once the purpose for it is no longer relevant? If the risk is high, you would need to implement higher technical security settings, for example you could have password protected printers for highly sensitive documents.
Other measures that businesses should implement include:
- Keeping offices and storage units locked
- Keeping server rooms or cabinets locked and only giving access to the relevant staff
- Cabling desktop machines and laptops to desks
- Implementing clean desk policies
- Ensuring that fire and burglar alarms are in place and that they are functioning correctly
- Ensuring that ICT equipment such as hard drives, old laptops, computers and mobile devices are securely disposed of at the end of their use. It is also good practice to get a certification to verify that they have been disposed of securely
The guide recommends that small businesses should create and implement an asset control policy for ICT equipment which would include:
- Recording the location and user of each device and
- Conducting periodical audits of its ICT equipment
Organisational security measures
Human error is one of the major risks in relation to data breaches so it essential that all staff are trained in GDPR and that they use the appropriate security measures. It may be inconvenient to change passwords on a regular basis or follow the correct IT procedures, however, under GDPR this should be a non-negotiable issue and businesses need to be firm in ensuring these policies and procedures are fulfilled by everyone in the business.
The guideline advises that organisational policies to keep data secure do not need to be time consuming nor overly complicated to implement, but they should be in writing. The policies should be written in clear, concise language outlining what the rules are. They should be easily accessible to employees and they should be reviewed on a regular basis to ensure they are up to date.
Examples of practical organisational security measures could include:
- Communicating the importance of company data and all the measures that everyone should take to protect the personal data
- Conducting ongoing staff training on, but not limited to, social engineering attacks, crypto ransomware and data protection
- Documenting data collection and retention policies
- Ensuring the use of strong passwords by having a password policy in place that is enforced
- Ensuring remote access is supported by a remote access policy
- Documenting a data breach incident response plan and testing it periodically to ensure a data breach can be effectively responded to
- Documenting CCTV and/or GPS policies if this applies
- Documenting data back-up policies
- Periodically reviewing contracts with 3rd party ICT providers to ensure the security measures documented are still appropriate and up to date
The full guideline from the Data Protection Commissioner can be downloaded here.
Next week in data breaches – part two, we will look at what businesses should consider when preparing for a data breach and how to prepare a contingency plan.
If you would like more information on GDPR or to discuss your requirements further, please contact Helen at SFA on 01 6051668 or at email@example.com or visit our GDPR section on www.sfa.ie/advice.
Sectoral Employment Order 2018
Earlier this month, a second Sectoral Employment Order was issued which is expected to affect an estimated 10,000 qualified and registered plumbers and pipefitters, as well as apprentice plumbers and pipefitters. Read on to learn who does it apply to, the new rates of pay and other new terms and conditions…
Last year a Sectoral Employment Order (SEO) was introduced for the construction industry to streamline rates of pay and introduce other terms and conditions for sick pay, pensions and a dispute resolution procedure.
In March 2018, a second SEO came in to effect which applies to certain workers in the mechanical engineering building services sector.
Who does it apply to?
The SEO will apply to the following workers who are either directly employed or hired through an employment agency:
- Qualified plumbers and registered apprentice plumbers (craftsperson)
- Qualified pipefitters and registered apprentice pipefitters (craftsperson)
It also applies to qualified plumbers and pipefitters who have acquired additional or advanced welding qualifications and who operate as welders on a day to day basis within the sector.
The SEO will apply to qualified plumbers, pipefitters and apprentices who carry out the following:
"The installation, alteration, fabrication, fitting, repair, maintenance, commission, removal and demolition in any building or its sites of articles, fittings, pipes, containers, tubes or instruments, storage facilities, etc. (including central heating apparatus, central plant apparatus, machinery and fuel containers connected thereto) for heating, cooling, including domestic hot and cold water systems, medical and process gases, process pipe services, utility pipe services and compressed and vacuum services of such buildings.”
Categories of workers and rates of pay
The SEO lists three categories of workers who will receive the following rates of pay:
Category 1 - €22.73 per hour
This is the minimum hourly rate of pay that applies to all newly qualified plumbers and pipefitters employed in the sector.
Category 2 - €23.33 per hour
This is the minimum hourly rate of pay that applies to qualified plumbers and pipefitters employed in the sector and it comes into effect at the start of their third year of employment after they have qualified as a plumber and/or pipefitter.
Category 3 - €23.60 per hour
This is the minimum hourly rate of pay that applies to qualified plumbers and pipefitters employed in the sector and it comes into effect at the start of their sixth year of employment after they have qualified as a plumber and/or pipefitter.
Apprentice plumbers and pipefitters who are registered and employed in the sector will receive the following rates of pay:
- Apprentice year 1 33.3% of Category 1 hourly rate of pay
- Apprentice year 2 50% of Category 1 hourly rate of pay
- Apprentice year 3 75% of Category 1 hourly rate of pay
- Apprentice year 4 90% of Category 1 hourly rate of pay
What is the normal working week and normal working hours?
The normal working week is 39 hours from Monday to Friday.
The normal hours are eight consecutive hours worked between 7am to 5pm Monday to Thursday and 7am to 4pm on Friday.
What is the premium rate for working additional / unsocial hours?
The following premium rates of pay apply for any work undertaken outside of the normal working week or hours:
- For hours worked between normal finishing time e.g. 5pm to midnight Monday to Friday, the rate is time plus a half
- For hours worked between midnight and normal starting time e.g. 7am Monday to Friday, the rate is double time
- For the first four hours worked after 7am on Saturday, the rate is time plus a half
- For all other hours worked on Saturday and Sunday, the rate is double time
- For all hours worked on Public Holidays, the rate is double time and an additional day’s leave
Other terms and conditions
The SEO sets out the minimum contribution rates for employers and employees for the pension scheme, death in service and sick pay scheme. Full details of the pension scheme and death in service is detailed in the appendix.
Finally, the SEO sets out the dispute resolution procedure to handle any grievances or collective disputes that must be followed before employees can go on strike or undergo any other form of industrial action.
These SEOs are legally binding and you can download the full SEOs here.
For further information on SEOs or other pay issues, please contact Helen Quinn on firstname.lastname@example.org or 01 605 1668.
Website costs in Ireland – how much should you pay?
The following article has information from the IE Domain Registry (IEDR) on how a small business can calculate a realistic budget for a website.
Just published: The IE Domain Registry’s (IEDR) guide on how a small business can calculate a realistic budget for a website.
In the introduction to the website cost guide the IEDR writes the following:
"We are often asked by micro-businesses and SMEs how much they should expect to pay for a website for their business. This is one of the most frequently asked but tricky to answer questions in the world of web design and digital marketing. Even now, there is no magic formula for calculating the cost of a new website. After 20 years working with Irish businesses we’ve compiled all the information you need when deciding on a budget for your website. Our advice is broken down into practical and manageable tasks, showing you what you need to consider when going through the process.
"We’ve heard from industry bodies like the SFA and ISME that website quotes for SMEs can vary from €5k to €20k. It is generally accepted that businesses should spend 5% of their turnover on marketing if they want to stand still, and 10% if they are trying to grow. Marketing statistics in the U.S. indicate that 62% of small businesses are investing 4% or more of their revenue in marketing. So how can a small business in Ireland decide on the right amount to spend? It will of course, depend on the size and nature of your business, as well as the sophistication of the website itself in terms of the technical elements needed. It also depends on how the website is positioned in terms of your overall marketing strategy.
"The IEDR Digital Health Index Q4 2017 states that half of all Irish SMEs acknowledge the benefits of an online presence. In fact, 66% now have a website compared to 62% in October 2016. The gap is certainly decreasing with only 19% stating that they are not present online. This means they have no digital assets, website or social media presence and therefore no way of engaging with Ireland’s e-commerce market, which is forecast to grow to €14 billion by 2021.
"Why is this so? Most say that there is simply ‘no need’ in their industry while others complain of a lack of expertise, finance or time. We’re here to help fill that gap, to provide relevant and up to date information for businesses that want to get online. The very first step is to decide on the purpose of your website. What are you trying to sell? Is it a product or service? This will determine the functionality, style and layout of your website. Then you are ready to move into the specification stage and hire an expert to help you build your website."
You can access the new IEDR website cost guide here.
Brexit Loan Scheme open for applications
The Brexit Loan Scheme has been launched by Ministers Paschal Donohoe, Heather Humphries and Michael Creed. It provides a low-cost borrowing option for companies impacted by Brexit. The first step is to apply for eligibility clearance from the SBCI before approaching Bank of Ireland or Ulster Bank for credit.
On 28 March, the Brexit Loan Scheme was launched by Ministers Paschal Donohoe, Heather Humphries and Michael Creed. It provides a low-cost borrowing option for companies impacted by Brexit – something that the SFA has been calling for since the UK voted to leave the EU in 2016.
The Brexit Loan Scheme is a total fund of €300 million. It is open to companies with up to 499 employees and is delivered by the Strategic Banking Corporation of Ireland (SBCI) through Bank of Ireland and Ulster Bank initially, with AIB joining the scheme in June.
Welcoming the launch of the scheme, SFA Director, Sven Spollen-Behrens, stated: “The UK’s vote to leave the EU has already posed considerable challenges to Irish businesses and significant further difficulties may be coming down the tracks. This scheme is an important element of Ireland’s response to Brexit. It will allow small firms to borrow for working capital or investment at low interest rates, ensuring businesses that are viable in the long-term can survive the challenges ahead. I welcome the fact that the borrowing will be unsecured for loans up to €500,000. Close monitoring, however, will be required to ensure the scheme’s impact on small businesses is maximised. With loans of up to €1,500,000 available and companies with up to 499 employees eligible to apply, the €300 million could dry up very quickly”.
Features of the Brexit Loan Scheme:
- Loans can be used for working capital or to fund innovation, change or adaptation to mitigate the impact of Brexit
- 40% of the fund is ring fenced for food businesses
- Loan amount: €25,000 - €1,500,000
- Loan term: up to three years
- Loans less than €500,000 will be unsecured
- Interest rate: 4% or less
The first step in applying for the scheme is to complete an eligibility application form from the SBCI. A decision will be made within a few days and you will receive an eligibility clearance letter if deemed eligible for the scheme. This can then be presented to one of the participating banks as part of their credit application process.
More information about the scheme and the Brexit and eligibility criteria can be found on the SBCI website.
If you would like to discuss access to finance, access to government supports or the impact of Brexit on your business, contact Linda Barry, SFA Assistant Director, on email@example.com or 01 605 1626.
When a HSA inspector calls
Developing your business profile on radio
On Wednesday, 4 April, SFA are delighted to host a webinar that will help SMEs plan for a Health and Safety Authority (HSA) Inspection.
The webinar will be hosted by Ibec OHS Executive, Elaine Bowers. Elaine will give you advice on preparation, actions and follow-up before/during/after an inspection.There will be an opportunity to submit questions that will be collated and answers distributed in a Q&A document.
We look forward to you joining us next Wednesday, 4 April at 12:30 for this 30 minute presentation.
Please register for the webinar here
The SFA Business Bytes events, which are entirely free of charge, offer small businesses access to expert information and advice and an opportunity to network with their peers. The series is supported by Bord Gáis Energy.
The next Business Bytes event will take place on 11 April at 6pm in Iconic Offices on Stephens Green.
As a business owner, you should be creating opportunities to be interviewed on radio, talking about your own business, talking about your industry, commenting as an SFA member and participating in panel discussions.
Every radio interviewer must introduce you by mentioning you and your company – that’s valuable publicity! - and every contribution you make adds to the perception of you as an expert in your area.
However, if you get it wrong, the opposite impression will be created. So, you need to know what you are doing.
- How to identify opportunities on radio
- How to pitch yourself as an interviewee
- How to get others to create opportunities for you
- How to maximise social media reach from your interview
Ellen Gunning is a director of the Irish Academy of Public Relations, a specialist communications college with 25+ years’ experience of teaching radio and TV skills, PR, journalism and event management in person and online, in six languages, across 50 countries. A regular commentator on Ireland AM (TV3), Ellen presents the weekly Mediascope programme on 103.2 Dublin City fm. She is a past winner of the European Parliament Journalist of the Year award.
The event is open to SFA members and non-members. It will last for approximately one hour with an opportunity to network before and after. Refreshments will be provided.
This event is entirely free of charge but you must pre-register.
The event space partner is Iconic Offices. Iconic Offices are Ireland’s leading flexible workspace provider, with14 locations throughout Dublin city centre, from the beautiful Georgian streets and squares, to Dublin’s Silicon Docks.
SFA Annual Conference
- 24 May, UCD Science Centre
The Small Firms Association is the trusted partner of over 8,500 small firms in Ireland. The SFA Annual Conference is our flagship event and helps small business owners and managers to keep up to date with the latest trends in HR, management and innovation provides an opportunity to come together to make connections and learn from each other’s experiences.
We will see 300 entrepreneurs, owner-managers, policy makers and media gather together to explore how to create competitive advantage in the current economic and business environment. A mix of keynote addresses and panel discussions will focus on how small businesses can stay competitive, gain access to and retain talent and deal with new regulatory challenges such as GDPR.
To book your place please click here.
Performance Management and other upcoming training courses
Performance management is just one of the SFA training courses coming up as part of our ‘Training that counts’ suite. All programmes are delivered by expert trainers with many years of industry experience.
At SFA, we’re here to help you create time for things that can make a real difference to your business, like developing management capacity and other skills for you and your staff.
There are a number of courses coming up as part of our ‘Training that counts’ suite of training programmes that may be of interest to you. They are delivered by expert trainers with many years of industry experience.
This programme will help managers to run the appraisal interview and process within their own organisations. The programme will give managers the confidence to deal with challenging behaviour and performance-related issues while getting the best from those who are performing well.
On completion of this programme, participants will be able to:
- Understand the components of an effective appraisal system
- Implement the core elements of practical appraisal documentation
- Know how to conduct an appraisal interview and the effective management of each element
- Develop the key skills needed to run an appraisal interview with a range of people performing at different levels
Date: 27 April (one-day course)
Venue: SFA/Ibec offices, 84-86 Lower Baggot Street, Dublin 2
Cost: €220 (SFA member rate)
Other upcoming courses
- Finance and Accounting Made Easy (one-day course, 20 April)
- Foundations in Management (two-day course, 12-13 April)
One-day courses are charged at €220 and two-day courses €400 for SFA members. Courses can be booked at http://www.sfa.ie/events
If you would like any more information please contact Quelba Lima in the Ibec Training Unit on firstname.lastname@example.org or 01 605 1619.