With 2019 in full swing and talk of New Year's resolutions fills our inboxes and newsfeeds, and while coffee break chat turns to what's next, January is an opportune time to kick-start a healthy compliance regime. This edition of Frontline highlights key changes for employers from the previous year, and provides advice on how to detox your employment practices for the upcoming year.
1. Conduct a review of arrangements and practices with sub-contractors
Worker status continued to be a divisive theme in the courts in 2018 with a number of cases setting the tone of the debate and bolstering the rights of would-be workers in the so-called gig economy. In December 2018, the Court of Appeal confirmed that Uber drivers are workers for employment law purposes while working through the app to complete tasks. In an earlier decision, in July 2018, the Supreme Court decided a plumbing and heating engineer was a worker, as his ability to appoint a substitute was restricted and his role had factors which indicated an employer-worker relationship. Of course, the courts will look at the reality of the working relationship to determine worker status, and can look past the labels given by the parties in a contract, which may be self-employment or otherwise.
- Employers with a large contractor base in their workforce should look again at the reality of working relationships in the context of this emergent case law;
- Considering redrafting and re-scoping contractor terms and conditions to seek to ensure that genuine consultancy arrangements are drafted as such.
2. Put in place adequate and appropriate organisational and technical measures, and review your policies and practices
The EU General Data Protection Regulation (GDPR) dominated 2018 and affected businesses across all industries, but while it has been in effect since 25 May 2018, some of the requirements are not new in UK law. For example, in October 2018, the Court of Appeal endorsed the High Court decision in a case against Wm Morrisons Supermarket PLC where the supermarket was vicariously liable (under the Data Protection Act 1998) for a data breach caused by a disgruntled employee affecting a large class of employees . It is worth noting that while vicarious liability is a strict liability, the supermarket's general compliance with data protection laws (in that it had in place generally appropriate measures) may in fact help to limit its exposure, and that of its insurer, in the coming months.
Indeed, with increased awareness of individual rights among data subjects and the risk of increased class litigation for data breaches as a result, it is imperative for companies to ensure they have in place appropriate measures.
- Putting in place secure and responsive systems to enable the company to respond to individual rights and keep data secure;
- Implementing effective data retention and deletion policies;
- Complete data protection compliance training;
- Ensuring effective contracts between controllers and processors which deal with obligations under GDPR;
- Regular reviews of the above as case law develops and the Information Commissioner's Office (as well as other Data Protection Acts around Europe) continues to publish its detailed guidance.
3. Prepare for pension auto-enrolment and implement contractual changes
2018 was a big year for pensions with further roll out and an increase in earning triggers to bring more employees in scope. 2019 will see the second transitional period for auto-enrolment including an increase in employer contributions from 2% to 3% of qualifying earnings and total contributions amounting to 8%. 2019 will also see the Department for Work and Pensions extending the scope of self-enrolment to the self-employed, which will be a significant shift in pension policy.
- Ensuring all contracts of employment are updated to reflect the auto-enrolment requirements;
- Ensuring effective systems are in place to administer these changes
4. Prepare for unannounced UKVI compliance checks
In November 2018, the High Court upheld the Home Office decision to revoke a sponsor licence based on an unannounced compliance visit. This displays the increasing strength and breadth of Home Office enforcement powers, including regular and unannounced compliance visits to company premises and the authority to suspend a sponsor licence "on the spot" for non-compliance.
Tier 2 sponsors must be prepared for compliance visits at all times while holding a licence.
- Stress testing company systems and practices for ability to react to changes to a sponsored worker's COS terms and respond to action points;
- Ensuring records are kept to demonstrate compliance, including personnel files and examples of work carried out by sponsored migrants;
- Conducting unbiased mock audits to enable them to fully comply with their licence obligations, or otherwise risk mandated improvements, suspension or revocation in the New Year.
5. Conduct training sessions and ensure effective whistleblower mechanisms
Whistleblowing and awareness thereof is another trend on the rise. In October 2018, the Court of Appeal allowed a CEO to recover for detriments resulting from a dismissal against his co-workers following an oil-related procurement process, some protected disclosures, an insolvent company and adequate levels of D&O insurance.
The case demonstrates the great care decision makers should take when terminating an employee who has made protected disclosures, and the importance that any such protected disclosures are identified at an early point to avoid causing detriment and exposing the company (or its decision makers) to uncapped damages. This is especially relevant in the context of complex corporate governance structures, when management styles and missions at the senior level may differ.
- Continued employment law training on whistleblowing requirements;
- Continually reviewing policies and procedures for protecting whistleblowers which are applicable to the most junior and most senior levels of an organisation.
This is especially notable as the EU continues to debate its Whistleblowing Directive proposals which seek to provide high-level protection of whistleblowers and EU-level reporting requirements. Indeed, under the proposed Directive, all private companies with more than 50 employees, or with an annual turnover of more than €10 million, will be required to establish internal reporting channels, ensuring the confidentiality of the identity of the whistleblower, in matters of EU law. The proposed Directive serves as a reminder that it is helpful to encourage a culture of openness with an organisation, and that prevention is always better than the cure.