UK Government Launches New Product Safety Strategy

The Office for Product Safety and Standards was created in January 2018 by the Department for Business, Energy and Industrial Strategy, to enhance protections for consumers and the environment and drive increased productivity, growth and business confidence.

The Office takes forward the work of the previous Regulatory Delivery directorate, including Primary Authority and the Regulators’ Code.

We are responsible for building national capacity for product safety and for the development of products that support small business growth and implement the Industrial Strategy vision of simplifying regulation.

We work at the front line with businesses, local and national regulators and consumers to improve regulatory protections and support compliant businesses.

Kelly Tolhurst, The MINISTER FOR SMALL BUSINESS, CONSUMERS AND CORPORATE RESPONSIBILITY says in her opening comments to the Product safety Strategy:

I am pleased to present the first strategy from the Office for Product Safety and Standards. This is an important milestone in our work to enhance and strengthen protections from unsafe goods and the harm they can inflict.

The safety of individuals, families and communities is a top priority for Government. As the new Minister with responsibility for product safety, I am looking forward to working with all of our partners to ensure that everyone can continue to buy and use goods with confidence, today and tomorrow. I want to see an approach to product safety regulation that equips the UK for the future, that embraces all the opportunity that innovation and technology brings us. We need to be thinking not only about the challenges of now but where our economy and our society will be in ten or twenty years, as part of delivering the critical ambitions of the Industrial Strategy.

We already have good protections in place and a healthy business environment that supports enterprise. But we must not be complacent – we must ensure that our approach to regulation responds to changing needs whilst delivering the safety outcomes that every citizen expects. This can only be achieved through determined action and a shared commitment to doing the things that matter, that drive change, and that improve outcomes. This includes firm action to tackle those who endanger the public, using the full suite of tools and powers available.

We have already seen the impact of committed partnership through the Working Group on Product Recalls and Safety – whose powerful recommendations laid the foundation for the Office – and I would like to thank the group for their contribution. I fully believe that collaboration and partnership will be key to delivering the aims set out in these pages.

The potential of increased national capacity for product safety is already being unlocked through the early actions of the Office and its partners – including the publication of the first Code of Practice for recalls and corrective action with the British Standards Institution and dedicated training for hundreds of front line officers, working with the Chartered Trading Standards Institute. Strengthening national capacity for product safety: Strategy 2018-2020 Page 3 of 31

Alongside this strategy, I am publishing a number of related documents. These include the first Delivery Plan for the Office, setting out its priority actions, an Incident Management Plan and a Strategic Research Programme. These build on early progress to provide the firm foundations needed to prepare us for the future. They show our commitment to delivering a trusted product safety system with protection, fairness and competition at its heart. 

Read More

Government rejects F-gas concerns

The UK government insists it will maintain the HFC phase down post-Brexit. Claims that the Environment Agency does not have the adequate resources to tackle compliance have been ignored.

Published today, the government’s response to the Environmental Audit Committee report on the UK’s progress on reducing F-gas emissions has also dismissed calls to reform the renewable heat incentive to encourage the use of low GWP refrigerants in heat pumps.

Industry concerns over non-compliance and whether the Environment Agency (EA) had the necessary resources available to tackle illegal refrigerant sales were also side-stepped in the government’s response.

The Environmental Audit Committee, which called on submissions from the UK air conditioning and refrigeration industry, found that the UK could go further to reduce F-gas emissions.

Commenting on the government’s response, Mary Creagh, chair of the Environmental Audit Committee, said: “While the government was positive about many of our recommendations, we are disappointed it has not shown more urgency and set out clear targets and a timeframe for achieving them. The government can and should do more.”

Faced with evidence of illegal activities, particularly on the internet, the audit committee questioned whether the Environment Agency had adequate resources to tackle the problem. It pointed to the low number of investigations and the single prosecution for a self-reported breach since the beginning of 2015, and asked for DEFRA and the Environment Agency to publish plans for monitoring non-compliance, especially on social media sites.

Basing its reply on a recent European Commission report which found no large scale illegal trade in HFCs, the government said that this indicated that “compliance with the HFC phase down was generally good and the main environmental outcomes are being achieved”.

It explains that the Environment Agency focuses on bringing organisations into compliance by using enforcement notices, advice, awareness campaigns and guidance to make businesses aware of their obligations.

“The number of prosecutions is not, therefore, necessarily a good indicator of the effectiveness of compliance work,” the government says in its response.

The government also maintained that the EA monitors sales on online marketplaces such as eBay and Amazon on a daily basis. In the event of any products being sold in breach of the regulations, it said the EA works with the online platform to have them removed. It also insisted that the EA also carries out intelligence led investigations into non-compliance, whether that be at physical locations or via the internet.

There has also been previous concerns over a disconnect between the customs authorities and the F-gas quota system and more recent evidence of a rise in the amount of refrigerant entering the country in illegal disposable cylinders.

In its report, the Environmental Audit Committee asked the government how it would ensure with HMRC that there are no weaknesses in the F-gas regime now and after the UK leaves the EU.

The government insists that the Fluorinated Greenhouse Gases (Amendment) Regulations 2018 give HMRC the ability to share information with the Environment Agency about imports. It says: “The EA will use this data to target products from outside the EU that breach the regulations.”

It also declined to publish details of how the EA monitors and investigates non-compliance “as publicising these techniques could undermine their effectiveness, making it harder to enforce the Regulation”.

Car air conditioning top-ups

The anomaly of the general public being able to buy F-gas to top-up car air conditioning systems was also raised again. The Environmental Audit Committee insisted that only qualified persons should be able to handle F-gases. The legal availability of high GWP HFCs for the unsupervised top-up of car air conditioning units risked undermining the system, it said, with illegal activities putting responsible businesses at a disadvantage and endangering consumers if refrigerants were used inappropriately, such as flammable HFCs being applied to systems designed for low flammable HFCs.

The government pointed out that EU legislation does not prohibit these sales to members of the public as long as they use refillable and returnable containers and do not remove refrigerant from the system. It also felt that as all new cars must now use low GWP refrigerants the use of high GWP top-up kits would decline over time.

Despite evidence of flammable hydrocarbons being openly sold as top-up gas for R134a in car air conditioning systems, the government also insists: “The safety of consumer goods is regulated and enforced by local authority Trading Standards services, with the support of the Office for Product Safety and Standards.” 

The committee was keen for the government to encourage the use of low GWP refrigerants in heat pumps by reforming the renewable heat incentive schemes. The government accepted that heat pumps play an increasingly important environmental role but argued that the F-gas quota cuts were already driving industry to look for low GWP alternatives for heat pumps. It felt that any additional measures to reduce the use of high GWP refrigerants must not hinder heat pump uptake as that would be counter-productive for the environment.

the Environmental Audit Committee report on the UK’s progress on reducing F-gas emissions has also dismissed calls to reform the renewable heat incentive to encourage the use of low GWP refrigerants in heat pumps.

Industry concerns over non-compliance and whether the Environment Agency (EA) had the necessary resources available to tackle illegal refrigerant sales were also side-stepped in the government’s response.

The Environmental Audit Committee, which called on submissions from the UK air conditioning and refrigeration industry, found that the UK could go further to reduce F-gas emissions.

Commenting on the government’s response, Mary Creagh, chair of the Environmental Audit Committee, said: “While the government was positive about many of our recommendations, we are disappointed it has not shown more urgency and set out clear targets and a timeframe for achieving them. The government can and should do more.”

Faced with evidence of illegal activities, particularly on the internet, the audit committee questioned whether the Environment Agency had adequate resources to tackle the problem. It pointed to the low number of investigations and the single prosecution for a self-reported breach since the beginning of 2015, and asked for DEFRA and the Environment Agency to publish plans for monitoring non-compliance, especially on social media sites.

Basing its reply on a recent European Commission report which found no large scale illegal trade in HFCs, the government said that this indicated that “compliance with the HFC phase down was generally good and the main environmental outcomes are being achieved”.

It explains that the Environment Agency focuses on bringing organisations into compliance by using enforcement notices, advice, awareness campaigns and guidance to make businesses aware of their obligations.

“The number of prosecutions is not, therefore, necessarily a good indicator of the effectiveness of compliance work,” the government says in its response.

The government also maintained that the EA monitors sales on online marketplaces such as eBay and Amazon on a daily basis. In the event of any products being sold in breach of the regulations, it said the EA works with the online platform to have them removed. It also insisted that the EA also carries out intelligence led investigations into non-compliance, whether that be at physical locations or via the internet.

There has also been previous concerns over a disconnect between the customs authorities and the F-gas quota system and more recent evidence of a rise in the amount of refrigerant entering the country in illegal disposable cylinders.

In its report, the Environmental Audit Committee asked the government how it would ensure with HMRC that there are no weaknesses in the F-gas regime now and after the UK leaves the EU.

The government insists that the Fluorinated Greenhouse Gases (Amendment) Regulations 2018 give HMRC the ability to share information with the Environment Agency about imports. It says: “The EA will use this data to target products from outside the EU that breach the regulations.”

It also declined to publish details of how the EA monitors and investigates non-compliance “as publicising these techniques could undermine their effectiveness, making it harder to enforce the Regulation”.

Car air conditioning top-ups

The anomaly of the general public being able to buy F-gas to top-up car air conditioning systems was also raised again. The Environmental Audit Committee insisted that only qualified persons should be able to handle F-gases. The legal availability of high GWP HFCs for the unsupervised top-up of car air conditioning units risked undermining the system, it said, with illegal activities putting responsible businesses at a disadvantage and endangering consumers if refrigerants were used inappropriately, such as flammable HFCs being applied to systems designed for low flammable HFCs.

The government pointed out that EU legislation does not prohibit these sales to members of the public as long as they use refillable and returnable containers and do not remove refrigerant from the system. It also felt that as all new cars must now use low GWP refrigerants the use of high GWP top-up kits would decline over time.

Despite evidence of flammable hydrocarbons being openly sold as top-up gas for R134a in car air conditioning systems, the government also insists: “The safety of consumer goods is regulated and enforced by local authority Trading Standards services, with the support of the Office for Product Safety and Standards.” 

The committee was keen for the government to encourage the use of low GWP refrigerants in heat pumps by reforming the renewable heat incentive schemes. The government accepted that heat pumps play an increasingly important environmental role but argued that the F-gas quota cuts were already driving industry to look for low GWP alternatives for heat pumps. It felt that any additional measures to reduce the use of high GWP refrigerants must not hinder heat pump uptake as that would be counter-productive for the environment.

Read More

GDPR for small business

 With the European General Data Protection Regulation (GDPR) now in place, the UK will see tougher fines and stricter regulations, across all industries. GDPR regulation for small businesses is a hot topic, but are you complying with the changes?

Read our GDPR key points for small businesses and get clear on your responsibilities.

The GDPR deadline was 25 May 2018

Before we get into the detail of GDPR and what it means for your small business, it’s worth making a note of the key things you’ll need to keep an eye on and action. Bear in mind that the changes came into effect on 25 May 2018.

Here’s our quick definition and overview, followed by a checklist to keep handy.

What is GDPR?

What does GDPR stand for: a meaning and definition

The European General Data Protection Regulation (GDPR for short) is built around two key principles.

  1. Giving citizens and residents more control of their personal data
  2. Simplifying regulations for international businesses with a unifying regulation that stands across the European Union (EU)

It’s important to bear in mind that the GDPR applies to any business established in the EU and may apply to companies based outside of the EU that process the personal data of EU citizens in certain circumstances. See the GDPR checklist below for information on what ‘personal data’ includes.

The government has confirmed that Brexit will not affect GDPR, or its immediate running. It’s also confirmed that post-Brexit, the UK’s own law (or a newly-proposed Data Protection Act) will directly mirror the GDPR.

GDPR overview

  • Businesses whose activities involve ‘regular or systematic’ monitoring of data subjects on a large scale (in other words processing extensive personal information), or which involve processing large volumes of ‘special category data’ must employ a Data Protection Officer (DPO). Their role will be to ensure the company complies with the obligations under the GDPR. They’ll also be the contact for any data protection queries
  • The GDPR may apply to any business that processes the personal data of EU citizens, including those with fewer than 250 employees (contrary to common misunderstanding).

Serious breaches (that is, any breach which has an impact on the rights of data subjects) must be reported to the regulator (in the UK this is the Information Commissioner’s Office (ICO)). This should be within 24 hours where possible, but at least within 72 hours and the report must include information regarding what led to the breach, how it is being contained and planned next steps

  • Individuals will have more rights on how businesses use their data. In some instances, they have the ‘right to be forgotten’ if they no longer want you to process their personal data and you have no other legal grounds (for example the individual is no longer a customer so your contract with them no longer gives you a legal right) to keep the data
  • Failure to comply will result in harsher penalties. Before, the ICO could fine up to £500,000 but the GDPR allows fines of up to €20 million, or four per cent of annual turnover, whichever is higher

GDPR checklist for UK small businesses

Remember, your checklist needs to take into account past and present employees and suppliers as well as customers (and anyone else’s data you’re processing which includes collecting, recording, storing and using the personal data in any way).

  1. Know your data. You need to demonstrate an understanding of the types of personal data (for example name, address, email, bank details, photos, IP addresses) and sensitive (or special category) data (for example health details or religious views) you hold, where they’re coming from, where they’re going and how you’re using that data.
  2. Identify whether you’re relying on consent to process personal data. If you are (for example, as part of your marketing), these activities are more difficult under the GDPR because the consent needs to be clear, specific and explicit. For this reason, you should avoid relying on consent unless absolutely necessary.
  3. Look hard at your security measures and policies. You need to update these to be GDPR-compliant, and if you don’t currently have any, get them in place. Broad use of encryption could be a good way to reduce the likelihood of a big penalty in the event of a breach.
  4. Prepare to meet access requests within a one-month timeframe. Subject Access Rights are changing, and under the GDPR, citizens have the right to access all of their personal data, rectify anything that’s inaccurate and object to processing in certain circumstances, or completely erase all of their personal data that you may hold. Each request carries a timeframe and deadline of one month (which can only be extended in mitigating circumstances), from the original date of request.
  5. Train your employees, and report a serious breach within 72 hours. Ensure your employees understand what constitutes a personal data breach and build processes to pick up any red flags. It’s also important that everybody involved in your business is aware of a need to report any mistakes to the DPO or the person or team responsible for data protection compliance, as this is the most common cause of a data breach.
  6. Conduct due-diligence on your supply chain. You should ensure that all suppliers and contractors are GDPR-compliant to avoid being impacted by any breaches and consequent penalties. You also need to ensure you have the right contract terms in place with suppliers (which puts important obligations on them, such as the need to notify you promptly if they have a data breach). See ‘How can I check my suppliers are GDPR-compliant?’ further down.
  7. Create fair processing notices. Under GDPR, you’re required to describe to individuals what you’re doing with their personal data. See ‘Fair processing notices’ below for more information.
  8. Decide whether you need to employ a Data Protection Officer (DPO). Most small businesses will be exempt. However, if your company’s core activities involve ‘regular or systematic’ monitoring of data subjects on a large scale, or which involve processing large volumes of ‘special category data’ (see ‘Is my data sensitive?’ below) you must employ a Data Protection Officer (DPO).

What constitutes ‘large-scale’ data processing?

The GDPR doesn’t yet fully define what constitutes ‘large-scale’, but some examples include the processing of patient data by hospitals, travel data and transport services, and customer data by an insurance company or bank.

Hanging on to old data?

One of the key principles of GDPR is to require companies not to hold on to personal data for longer than necessary, or process it for purposes that the individual isn’t aware of. Identifying your data categories – what personal data you have, and why – will be very helpful in ensuring you’re compliant with the GDPR.

How does the GDPR define ‘consent’?

Customer or individual ‘consent’ has been redefined and has become much tighter as a result. On top of this, requests for consent can no longer be hidden in small print but must be presented clearly, and separately to other policies on your website or communications – so no more pre-ticked boxes.

Consent may not be required for pre-existing personal data, as long as you have a legal basis that’s compliant with the current legislation (the DPA).

The principle here is that inactivity is no longer a legitimate way to confirm consent. Remember, this applies to you too, as a consumer with personal data rights of your own, and may be a welcome change!

Fair processing notices

It may sound complicated, but a fair processing notice is about giving people clear information about what you’re doing with their personal data. Your fair processing notice should describe:

  • why you’re processing their personal data (the purpose), including the legal basis you have, such as consent (check the ICO’s privacy notices page for more information)
  • the categories of recipients you may be sending the personal data to (customer, employee, supplier, etc)
  • how long you’ll be holding onto the data (the ‘retention’ period’), or the criteria used to determine these time periods

You’ll also need to notify individuals of the existence of their personal data rights.

GDPR is so complicated – why should I care?

It’s easy for small companies with a stack of to-dos to see the GDPR as a burden. But in reality, it’s something that can be used to your advantage, adding value to your business.

By proving to potential and existing customers that your organisation is compliant with new laws that protect the rights of citizens just like you (and your customers), you could bring in more business.

No one likes having their data lost, stolen, damaged, misused, or shared without proper consent, and doing everything you can to protect your customers and grow their trust could be a unique selling point.

So, from fines to compensation claims, there are certainly serious reasons to get GDPR-compliant. But on a real-world level, see it as being worth your while to get organised behind the scenes, earn your customers’ trust, and be the company that respects personal data, rather than letting it sit on a long-forgotten spreadsheet.

Does GDPR apply to my business?

It’s important to bear in mind that the GDPR applies to any business established in the EU and may apply to companies based outside of the EU that process the personal data of EU citizens in certain circumstances

So the first question you need to ask yourself is, how often does your business deal with personal data? This includes your customer data of course, but have you factored in supplier data? Past and present employees? And is there anything else you’ve collected, that doesn’t fall into any of these groups?

If you’re collecting any of this data routinely, you need to comply with the GDPR, whether the data is on a spreadsheet, on your computer network, your mobile phone, or in the cloud.

Another key question is whether your business currently falls under the DPA. If so, the ICO has confirmed that the GDPR applies to you, but remember, the GDPR is much stricter than the DPA.

I employ fewer than 250 people. What should I do?

Being a small business doesn’t mean you fall out of the GDPR scope. It’s recognised that small businesses have fewer resources and pose less of a risk to data protection, so there may be more leniency by the ICO in relation to any non-compliance.

However, you’ll still want to ensure you’re compliant with the principles of the GDPR. This is because your business must still comply if it’s involved in regular processing (which includes collecting, storing and using) of personal data. It’s easier to follow the GDPR and get compliant, than to spend time figuring out how you can avoid complying, especially if you’re working without legal guidance.

It’s also important to note that even if your company falls under one of the exemptions, if you’re contracting with a larger company that conducts large-scale processing you may also be subject to the harsher end of the GDPR’s regulation.

Aside from the law, responsible data handling is a basic principle of good business upkeep. If you’re a one-person band but aware that your records are a bit all over the place, have you thought about how you’d explain a breach to your trusted customers?

What data does the GDPR legislation apply to?

You’ll see a lot about ‘personal data’ when reading up on the GDPR. It’s now got a more detailed definition, and the regulation has clarified that things like an IP address (the unique string of numbers that identifies every Internet-communicating computer) count as personal data. There are lots of other things though that will fall into the personal data category, so make sure you’ve checked the GDPR itself (using the handy links at the end of this article).

Quick check: Focus on your lists. Does your business hold HR records, customer lists and contact detail records, for example? Most do.

This is confirmed by the ico.org.uk, who state; “You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR”.

Manual vs. auto-filing

Whether it’s you keeping a spreadsheet of customer contact details, or an automated digital capture system, the GDPR will apply.

Is your data ‘sensitive’?

Article 9 in the GDPR defines ‘special categories of personal data’ and this includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. They also cover genetic data, biometric data, data concerning health and data concerning a person’s sex life or sexual orientation. Generally, you’ll need explicit consent from individuals whose special category personal data you want to process, although Article 9 sets out a number of exceptions to this rule.

How is the GDPR law different from the DPA?

There are similarities between the GDPR and current Data Protection Act (DPA). However, crucial developments and rulings within the GDPR mean you’ll need to get clear on the new legislation, whether you’re up-to-date with the DPA or not.

The GDPR changes your accountability

One thing that really sets the GDPR apart is the changes made to the ‘accountability’ of data processors. This is a change from under the DPA, which placed more responsibility on the data controller (note, it’s still worth brushing up on your DPA compliance, as lots of its basic principles are pretty much repeated in the GDPR).

These are basic principles you’ll need to think about. Don’t get too hung up on whether you’re a controller or processor as both parties are required to make changes in order to comply with GDPR. At this stage, the key thing is to think about the personal data your small business collects, holds, uses, and shares, and how confident you are that the new principles hold true.

Am I a data controller or a data processor?

The GDPR applies to data ‘controllers’ and ‘processors’. In general, processing is defined as any operation performed on personal data, such as storing, collecting, recording, organising, sharing, erasure, consulting, etc. A controller is a data processor too, but they will also decide the purpose of the data processing activities.

For example, if you’re a small business offering a plumbing service and your customer details are managed using a contacts management app on your phone, hosted by a third party, this would generally make you the controller and the third party the processor. If on the other hand, you manage all of your data on a spreadsheet you’ve built yourself, you’re both controller and processor.

If you’re a data processor

For processors, the GDPR carries a specific set of legal obligations some of which require you to:

  • keep up-to-date personal data records and details of your processing activities and categories, including details of your ‘data subject categories’ (customers, employees, suppliers, etc), the categories of processing carried out (transferring, hosting, altering, receiving, disclosing, etc)
  • keep details of any transfers to countries outside the European Economic Area (EEA)
  • implement appropriate security measures, which may include pseudonymisation and encryption, and prove you’re regularly testing these measures
  • be ready with a general description of the technical and organisational security measures you keep in place

If responsible for a breach, you’ll definitely have more legal liability than under the DPA. If a data subject, maybe one of your customers, has suffered as a result of a data breach, they could make a claim against the data processor directly.

As a data processor, the severity of your penalty will reflect how serious the consequence of your failure to comply with your obligations placed on you by the GDPR or followed the instructions of your data controller. These obligations include ensuring sufficient security measures, and you’ll suffer further penalties (see ‘What are the GDPR penalties?’ further down) if you fail to report the breach within the given time frame (a maximum 72 hours).

As well as this, if you’re a data processor and have paid compensation that the controller is partly or fully responsible for, you may be entitled to claim back the relevant damages from the controller themselves if you have a contract in place that states this. This area of claims is where cyber or professional indemnity insurance can come in handy, although you’ll always need to match the policy to your activities.

If you’re a controller

All controllers are by nature also processors and therefore subject to the same basic requirements. As a controller, the GDPR places obligations on you and your business to ensure any contracts you have with processors are compliant. Take a look at the section for processors above – it may be worth checking that their security measures and processes are GDPR-compliant before signing or renewing any contract.

Are you inside the EU?

The GDPR applies to businesses established in the EU that process personal data of any EU citizens, so far regardless of developments with Brexit. It also applies to organisations outside the EU which offer goods or services inside the EU.

How can I check my suppliers are GDPR-compliant?

Working with GDPR-compliant suppliers and contractors will reduce the risk of being impacted by a data breach, and any consequent fines and claims.

You could ask suppliers and contractors to complete a form that confirms the security measures they have in place, or you could conduct an on-site visit. If their existing measures aren’t sufficient, you should review your relationship to ensure they are compliant with GDPR.

Where your suppliers (as processors) are processing personal data on your behalf (as a controller), you have an obligation to update your contracts with them to include a number of mandatory clauses that can be found in Article 28(3) of the GDPR. These ensure that processors are contractually obliged to provide GDPR-compliant data protection standards.

GDPR consent – how do I get consent from my customers to use their data?

It’s great that you’re thinking about this, as consent is a key concern tackled by the GDPR.

The ICO has a dedicated page on its website covering consent.

GDPR consent checklist and principles (at-a-glance):

  • Check your consent practices and existing records. Refresh where necessary
  • Offer individuals genuine choice and control
  • Where using an opt-in, don’t rely on pre-ticked boxes or default options
  • Explicit consent means a very clear, specific statement of consent
  • Keep your consent requests separate from other terms and conditions
  • Be specific, granular, clear and concise
  • Name any third parties who will rely on the consent
  • Make it easy for people to withdraw consent (and tell them how)
  • Keep evidence of the consent (who, when, how and what you’ve told people)
  • Avoid making consent a precondition of your business services
  • Consent should put individuals in control, build trust and engagement and enhance your reputation

What are the GDPR penalties?

The GDPR toughens up penalties already existing under the DPA. These existing penalties include:

  • Maximum fines of £500,000
  • Prosecutions, including prison sentences for deliberate breaches
  • Obligatory undertakings, where your company has to commit to specific action to improve compliance

With the introduction of GDPR, these penalties got heavier.

Businesses in breach are liable to a dramatic increase in fines, with penalties reaching an upper limit of €20 million or four per cent of annual global turnover, whichever is higher.

Insolvency will be a real risk for non-compliant businesses as a result of these fines. But bear in mind the possibility that individuals can also sue you if they suffer as a result of your data management. This could be for material damage or non-material suffering, such as distress.

GDPR compliance checklist, helpful links and resources

ICO resource centre (small organisations and the GDPR)

ICO 12-step checklist

The website and checklist above are great resource for small businesses looking to step in-line with the GDPR.

From there, these more general websites can give a good overview.

ICO GDPR overview

EU GDPR portal

Information supplied by Simply Business

Read More

Amazon offering and instalation service

Amazone install Service
Amazon install service

Amazon seems to be going from strength to strength in its expansion plans by offering an instalation service on many of the products it sells through its website amazon.co.uk and other services.

For customers ordering a Washing Machine, Tumble Dryer, Dishwasher, Electric and Gas Oven and Range Installation to name a few. A typical washing machine install to an existing position is being charged at £60.00 with no removal of packaging or the old machine.

Other maintenance, cleaning and assembly services are also offered. It seems from our checks that not many postcodes are covered at present, Manchester, Birmingham, Nottingham, Midlands, Southend, Reading, Slough, Southampton, Watford, Medway, Colchester, Chelmsford, Guildford being the only postcode we could obtain a price on. Other areas will become available as service providers get involved.

Customers pay the installer for the service upon a satisfactory install which could mean an opportunity of service companies out there looking to take on more work.

From what we can see on their web site here, there are no up front costs to sell your services through Amazon but they do charge you up to 20% per sale.

Commenting in the ERT, on the move, Scott Webster, general manager of Amazon Home Services Europe, said: “We’re thrilled to be expanding Amazon Home Services to the UK as a simple way to book trusted, service professionals. Following our successful launch in the US, customers have told us they love the convenience and peace of mind that comes with trusted, professional installation of their products. We’re delighted to be able to offer this same experience to UK customers through a network of handpicked, local tradespeople and service providers.”

Will this be another nail in the high street retailers coffin as sales are moving more online or are bricks and mortar retailers going to have to offer more in an attempt to retain customers.

Read More

FIRE AND ICE – FRIDGE-FREEZER SAFETY

FIRE AND ICE – FRIDGE-FREEZER SAFETY

Electrical Safety First responds to Government View

Commenting on the Department for Business, Energy and Industrial Strategy (BEIS) response to the investigation into the fridge-freezer model which instigated the Grenfell fire, Phil Buckle, Chief Executive of Electrical Safety First, said:

“We appreciate the thorough investigation undertaken to ensure that this fridge- freezer model fulfils all requirements of the safety standard in place at the time of manufacture. Under these circumstances, no recall of the product has been required.

“However, we are concerned that even the requirement of the current standard means that a significant number of fridge-freezers are still being produced with plastic backs, which can present a fire risk if overheating occurs. Given that faulty white goods alone led to 1,873 fires last year, it is imperative that updated, robust, legislation is established to ensure product safety.

“Electrical Safety First is working with the industry to develop a new voluntary mark. Used by manufacturers of fridges and freezers, it would allow customers to identify appliances that have been made from proven fire-resistant materials.

“We also hope that the recently established Office for Product Safety and Standards will use our expertise to help ensure the UK’s product safety regime works as effectively as possible. But in the meantime, we will continue to lobby for a central recall and registration database to ensure consumers can easily determine if an electrical product they own has been recalled.”

Read More

The Facts around Tumble Dryer Fires

Hotpoint Indesit facia panelsWhirlpool brandsThe Whirlpool, Hotpoint, Indesit and Creda tumble dryer fire story has been a hot topic for many consumer organisations who are pushing for a recall of the affected dryers, rather than the modification that Whirlpool took on when they purchased the brands back in 2014. The affected models potentially numbered into the millions as the safety notice applied to tumble dryers produced between April 2004 – September 2015.

This presented a number of issues:

  1. How to locate all these tumble dryers and are they still in use or have they been scraped.
  2. How to modify them with the current service force.
  3. How to maintain stock levels to facilitate the modifications.

An extensive advertising campaign was launched on tv and in newspapers. Customers that had registered their appliance were contacted first but of course if they have moved that information would be out of date. As owners of the affected models came forward in time they were contacted. There are still many affected models out there that haven’t been reported and the advice of whirlpool not to use them is being ignored.

Whirlpool established a two prong approach to the engineer issue. Quite clearly there would not be sufficient spare capacity with their existing workforce as they would still need to maintain the current service requirements of the business. They began a recruitment and training program for new engineers and also sub contracted to independent engineers around the country.

Whirlpool dryer modification pop rivit

The modification involved removing and replacing the back panel, rear seal and bearing, installing a pop rivet into the rear of the drum and while the drum is removed giving the whole appliance a good clean, removing any build up of lint that may have bypassed the seals. The whole process should take around 45 minutes.

The purpose of the pop rivet is to scrape the rear seal and help prevent any build up of lint as can be seen in the image.  In our opinion due to how little the rivet touches the rear seal lint will still build up.

Whirlpool dryer lint build up on rear seal

This image demonstrates a modified dryer that is still starting to collect lint on the rear seal.

We feel that the modification has not resolved the issue of customer education in the correct use of there dryers.

Also included in this safety notice are some Proline and Swan brands.

Currently Logik, Siemens and Beko also have safety notices in place for some of their models.

Tumble dryers have always been a cause of fires due to a build up of lint igniting on a heater element. We at The Institute for White Goods Engineers feel that;

a. More emphasis needs to be placed on training customers and instalation personnel in the correct use and installation procedures.

b. Also manufactures need to add sensing to check air flow and prompt filter cleaning.

Lint build up occurs mainly when the air flow from the fan, through the clothes, lint filter, condensing chamber (for condensing dryers), vent hose and wall vent are restricted in any way. If there is a restriction pressure builds up in the drum forcing air and lint past the seals.

It is vitally important that:

  1. The lint collector is emptied after every use.
  2. If the dryer is a condensing type, the condensing chamber is removed at least once a month and cleaned.
  3. If it has a vent hose, check that this hasn’t been crushed usually by pushing the tumble dryer back onto it.
  4. Checking the wall mounted vent to the exterior of the building hasn’t become restricted by a build up of lint.
  5. Location also plays a big role, if the dryer is in a location where dust, pet hairs, leaves or anything else can be sucked in, these too can build up and become a potential source of ignition.

The best advice we can provide for our members is, Check for obstructions and remove any build of lint when ever your service engineer opens a dryer for service or repair.

Tumble Dryer lint removal following a serviceAdvise your customers on the use and cleaning that is necessary.

Also a possible solution to the crushed vent hose problem could be to place two 100mm blocks of timber on the floor. This isn’t ideal as will often result in the dryer protruding further than liked, but a house fire is less than ideal also.

UPDATES:

4th April 2019

The review, by the Government’s Office for Product Safety and Standards, found that there is a low risk of harm or injury from lint fires in modified machines.

The review explored whether Whirlpool’s technical modification, designed to further reduce the risk of lint fires arising from its tumble dryers, was effective in both design and installation, while also reviewing whether Whirlpool’s consumer outreach programme was adequate.

Read our Press Notice: Review of Whirlpool Tumble Dryer modification finds fire risk is low

12th June 2019

Reports in the media that the Government has ordered a recall of 500,000 tumble dryers under the Whirlpool brand such as Hotpoint, Creda, Proline and Swan.

Currently we can find no supporting evidence that this has taken place and currently as of the above date Whirlpools safety Notice website states the following:-

“Please note that this is not a new campaign and was launched in November 2015. Recent media attention relates to the ongoing campaign. If you have registered for a modification previously then you do not need to register again.

This issue refers only to tumble dryers manufactured between April 2004 and September 2015. Anything manufactured after this date is not affected.

If your tumble dryer has already been modified or you have purchased a replacement machine from ourselves then please be assured that this issue is now resolved for you and no further action is required.”

8th July 2019

A letter from D. Jeffrey Noel, Corporate Vice President of Communications and Public Affairs, Whirlpool to Graham Russell, Chief Executive, Office for Product Safety & Standards

9th July 2019

A reply letter from Graham Russell, Chief Executive, Office for Product Safety & Standards to D. Jeffrey Noel, Corporate Vice President of Communications and Public Affairs, Whirlpool

Which in parts says: I can confirm that OPSS will accept your proposal on the basis set out in your letter of 8 July. To enable us to monitor the recall you must inform us in a timely manner of relevant information, which we will set out.

We expect this action to provide for an effective recall of the unmodified products, such that it would not be considered necessary to issue a recall notice at this time. The acceptance of your proposal does not preclude OPSS from taking enforcement action in the future should there be any reason to reconsider adequacy and effectiveness of the corrective action, including any lack of sufficient and timely progress towards implementation.

10th July 2019

The Department for Business, Energy & Industrial StrategyOffice for Product Safety and Standards, and Kelly Tolhurst MP

Published the following:

Whirlpool UK Appliances Ltd is to issue a product recall of tumble dryers not yet modified from consumers’ homes.

The announcement follows an intervention on 4 June by the government’s Office for Product Safety and Standards (OPSS) which informed Whirlpool of its intent to serve a Recall Notice.

Under the recall, consumers with an unmodified, affected tumble dryer will be entitled to a new replacement machine. This will be delivered and installed, with the old one removed, all at no cost.

Whirlpool has agreed to undertake a number of actions required by OPSS, and which have been reviewed by an Expert Panel, consisting of an independent Queen’s Counsel and 3 Chief Scientific Advisors from the Home Office, Health and Safety Executive and the Department for Business, Energy and Industrial Strategy. These actions are set out in an exchange of letters between OPSS and Whirlpool but include commitments to:

  • deliver a significant new consumer outreach campaign with wide ranging publicity of the product recall aimed at reaching affected consumers and driving up awareness
  • guarantee no charges for delivery, installation or removal of machines
  • improve identification of, and outreach to, vulnerable consumers
  • provide OPSS with timely reporting of progress made in the product recall

Consumer Affairs Minister Kelly Tolhurst said:

The UK has some of the toughest consumer protection laws in the world. Our intervention demonstrates that we will take all the necessary steps to keep consumers safe.

I want to reassure consumers that we are doing everything to ensure consumers with unmodified machines are made aware and have their tumble dryer replaced.

Consumers with an unmodified machine should contact Whirlpool to arrange a free replacement.

The decision follows a review by OPSS, published in April 2019 which instructed Whirlpool to reach affected consumers in more creative ways to minimise the risk of unsafe machines still being in people’s homes. Owners of unmodified, affected tumble dryers should unplug and contact Whirlpool.

Whirlpools product recall/safety notice page remains the same insisting that this relates to the ongoing product recall, and that modified dryers and those that fall out side the date range remain safe to use.

20th July 2019

Jeff Noel, Whirlpool
Jeff Noel, Corporate Vice President of Communications and Public Affairs

Whirlpool issue the following open letter from Jeff Noel, Corporate Vice President of Communications and Public Affairs, Whirlpool on there webpage: https://dryerrecall.whirlpool.co.uk/

Dear valued customer,

Safety is our top priority and tackling the issue with our tumble dryers has been one of the biggest challenges we have ever faced. We value our customers more than anything and we recognise that we let many of you down. You deserved better from us and for this we apologise to you all.

We are honoured that our brands have been a part of British homes for more than a century and we are immensely proud to still be manufacturing our appliances in the UK. We recognise the huge responsibility we bear and always strive to do the right thing.

We work continuously to build better, safer products and help to drive change that improves safety across the industry.

When we bought Indesit in 2014, we didn’t just acquire a great British company, we welcomed its 5,000 employees and pensioners, and its millions of loyal customers in the UK into the Whirlpool family. With that comes a duty of care for their safety that is of the utmost importance to us.

The safety of Indesit’s tumble dryers was consistent with other brands’ appliances in the market. They met all UK and European regulations too, but Whirlpool demands higher standards, so, we applied our own safety policies to review Indesit’s products. Our review found a potential safety issue in Indesit’s tumble dryers concerning the build-up of lint. It affects certain models made between 2004 and 2015 that were sold under the Indesit, Hotpoint, Creda, Swan and Proline brands.

Even though evaluations under the EU’s official risk assessment system identified this as a low risk issue – its lowest category – we were not satisfied. Shortly after purchasing Indesit, we raised our concerns with the UK regulator and launched a campaign to fix the problem.

We did that because we believed it was the right thing to do to for people’s safety.

We are the first to admit we got some things wrong and could have done some things better. Due to the scale of the challenge, we left many consumers waiting too long and did not provide the level of service we expect of ourselves. That should never have happened and we apologise.

We did everything we could to put that right, hiring thousands of additional engineers and customer advisors to meet demand.

As a result, we have resolved the issue for 1.7 million people. This represents a success rate of up to five times the UK average for a product recall, but we recognise we have more work to do. There may still be people out there with affected dryers who have not responded. It’s vital that we find and resolve those remaining dryers.

To help us achieve that, we are redoubling the efforts of this campaign by issuing a full recall of all unmodified dryers.

That means anyone with an unmodified dryer is entitled to a free replacement, a free modification, a refund based on the age of their appliance, or the opportunity to upgrade to a superior model for a fraction of the retail price.

We’ve worked with the UK Government to agree on these next steps and together we believe this is the right action to encourage any remaining owners of unmodified dryers to come forward.

For anyone who still has an unmodified dryer, please call us immediately on 0800 151 0905 or visit safety.hotpoint.eu/dryercheck.

We thank the millions of people who have already engaged with us; for your time, for your patience, and for your understanding. Nothing matters more to us than your safety and we are truly sorry for any inconvenience caused.

Yours faithfully,

Jeff Noel, Vice President

An interview with Jeff Noel can be found here

Other related documents from the Office for Product Safety can be found here

Read More

Hisense to launch takeover bid for Gorenje shares

TheIWGE have heard that Hisense Luxemburg Home Appliance Holdings S.ar.l., a member of China’s Hisense group, intends to launch a takeover for the purchase of Gorenje shares. Gorenje is a Slovenia white goods manufacturer.

The offeror states that it intends to publish the takeover bid for the purchase of all shares of Gorenje Gospodinjski aparati, d.d., pursuant to the relevant law, Gorenje said in a filing to the Ljubljana Stock Exchange on Friday.

The takeover intention was published in the Delo newspaper on Friday.

On Wednesday, Gorenje selected Hisense as the best bidder in its tender for a strategic partner, which will acquire a stake of 50% plus one share in the home appliances manufacturer.

Gorenje hopes that with the help of a strategic partner it can pursue the growth of business, strengthen brand power, access prime distribution channels and accelerate product innovation and business digitalisation.

In November 2016, Japan’s Panasonic decided not to increase its stake of 10.74% in Gorenje.

Storey curtesy of SeeNews – See more at: https://seenews.com/news/slovenias-gorenje-says-hisense-to-launch-takeover-bid-for-its-shares-612372#sthash.8AiI5CDI.dpuf

UPDATE:

LJUBLJANA (Slovenia), June 28 (SeeNews) – Hisense Luxembourg Home Appliance Holding, a member of China’s Hisense Group, has increased its stake in Slovenia’s white goods manufacturer Gorenje [LJE:GRVG] by 62.46% to 95.42% following a successful takeover bid, the latter said on Thursday.

The takeover bid at 12 euro ($13.9) per share was accepted by 5,165 Gorenje shareholders for a total of 15,254,871 shares, Gorenje said in a statement on its website.

Hisense Luxembourg Home Appliance Holding launched the takeover bid on May 29, which lasted and included June 26.

Prior to the bid, Hisense held a 32.96% stake in the Slovenian company.

Earlier in May, Gorenje selected Hisense as the best bidder in a tender for a strategic partner.

($=0.864203 euro)

– See more at: https://seenews.com/news/chinas-hisense-increases-shareholding-in-gorenje-to-954-618061#sthash.vQJbh4Ed.dpuf

Read More

Whirlpool AKM 274/IX Gas Hobs

Whirlpool branded stainless steel, built-in gas hobs with the model number AKM 274/IX. The affected appliances were manufactured between September 2014 and March 2016.

The model number can be determined either from the instruction manual or, if access is possible, it will be visible on the rating plate underneath the hob.

If access is not possible then consumers should firstly check if it is constructed from stainless steel material and 60cm wide with four gas burners.

It will also have controls on the right hand side, cast iron pan supports, and a black ignition button in the bottom right corner. Also the Whirlpool logo will be embossed (slightly raised) in the bottom right corner by the control knobs.

Risk:
Whirlpool state that:

“Due to a technical issue in manufacturing, these appliances were produced with the wrong type of gas injector in the front left corner. The front left burner may emit levels of carbon monoxide above EU standards which could, in very rare usage conditions, present a low risk of adverse health effects through inhalation. There have been no reported incidents involving these products. Investigations have confirmed that the issue does not present a risk of fire or explosion.”

What to do:
The issue concerns the operation of the gas burner in the front left corner of the appliance (Circled in red in the above image).

If you have an affected appliance Whirlpool advises not to use the burner in the front left corner until it has been modified by a Whirlpool engineer.

Whirlpool State that all other burners are unaffected and may continue to be used as normal in the meantime. However, Electrical Safety First always recommends that any recalled product should not be used until it has been checked by the manufacturer.

All consumers who own this appliance should visit:

https://www.whirlpoolservice.co.uk/safety-notice

or contact Whirlpool’s customer care team on:

0800 316 3885

to check if the model number (and serial number) of their appliance is involved in this product safety campaign.

Consumers can select a convenient time for an engineer to visit their home free-of-charge.
Electrical Safety First

Read More

Hotpoint Tumble Dryers – April 2004 – September 2015

Following Whirlpool’s acquisition of the Hotpoint/Indesit brands, Indesit Company has closely reviewed the safety of its product portfolio.

As part of this review we have identified a potential concern with two types of tumble dryers manufactured between April 2004 and September 2015. In some rare cases, excess fluff can come into contact with the heating element and present a risk of fire. The affected brands are:

  • Ariston
  • Hotpoint
  • Indesit
  • Creda

Whirlpool branded tumble dryers are not affected by this safety notice.

We are activating an extensive consumer outreach and service action plan in order to provide our consumers with products that are updated to higher safety and quality standards. We will arrange a visit from an engineer, free of charge, to modify your appliance. The service call will take approximately one hour. The improvements we believe are necessary will further enhance the safety and quality of your dryer.

Trading Standards confirmed, following an internal review by independent experts, that the modification programme remains the most effective way of resolving this issue. As a result, we will continue with our efforts to provide consumers with a free of charge modification as quickly as possible. Trading Standards have also notified us that updated usage advice should be communicated to affected consumers. If your tumble dryer is affected by this issue then you should unplug it and do not use it until the modification has taken place.

CHECK MODEL

Read More

CPD Accredited

CPD
The Training Academy CPD Accreditation

We are pleased to announce that our Domestic White Goods Repair Training course has been accredited by CPD.  This we feel is a major step forward in bringing a base level of education to new entrants into the domestic white goods repair sector.

As populations grow within the uk so does the need for domestic white goods with in new households.  An ever increasing pool of domestic white goods engineers are required to service and maintain these appliances which has created a shortfall within this sector. This in turn is driving wages up as companies compete for engineers.

Add to this the increasing number of recalls and safety notices being issued for appliances such as the recent and ongoing Hotpoint/Indesit tumble dryer safety modification which effected an estimated several million appliances covering a period from April 2004 – October 2015. Currently Beko, LG, Caple, Siemens, Bush and Logik to name a few all have active safety notices. These all add to the ongoing increase in white goods engineers that are required to fulfil demand.

Thats just in warranty work, add to this the millions of appliances that are out of warranty that still require service and maintenance and the figures are staggering. There are over 25 million homes in the uk if each own 3 appliances, a cooker, washing machine and a fridge / freezer thats a minimum of 75 million appliances. The figure is probably closer to 125 million appliances. if just a 1/5th  required a visit in any one year thats 15,197 engineers that would be required.

Why do we need an accredited training program?

Every other industry has standards that they have to adhere to and meet, the Domestic White Goods sector should be no different.

With increased news publicity regarding fires caused by domestic white goods, this sector has to ensure issues are not created following a repair.

We live in a blame culture, insurance companies and manufactures are increasingly asking for proof of competency from engineers.

Personal and employee development are very important in keeping standards high and employees engaged.

If this is an area you feel you would be interested in have a look at our training courses.

Read More