The Compliance Diary

Written By My Business Genie

As with everything in life, everything evolves and that also includes your business. Ensuring you are compliant with the relevant regulations isn’t something that is done at one point in your business and then forgotten about.

Ideally it is one of the key considerations when setting up your business, but it is often overlooked until it becomes a problem. However looking at your compliance is never to late and the Genie is here to help.

For those just starting out on your business journey – the business fundamental checklist will help you ensure you have the right foundations in place – you can download a copy here.

However, at any point in your business journey it will become apparent that you need have a list of things that you need to keep on top of. Like in our personal life we have things we have soooo  many things that need to be done, I know I do, and often have multiple lists for those so I can keep track of them, but we also need somewhere to track key items that need to be done in your business, compliance items included – and this is where a monitoring plan comes into play. This is important whether you are doing your compliance yourself or you are outsourcing it.

So what is the purpose of a monitoring plan, or compliance diary as some professionals call it – it is a diary to keep on top of your key compliance activities that need to be undertaken throughout the year. As your business changes you so often get focused on ensuring your client expectations are met but you forgot to ensure your business is growing appropriately and is still managing it’s risk particularly in relation to compliance.

And this is where a compliance diary can help, now each business is different and therefore their monitoring plans will be different. Those starting out may be very simplicist, however as your business evolves, and if regulation determines it, they may evolve to a solution that evidences you are managing appropriate risks effectively, have the correct resources in place, and these resources are appropriately linked to the highest risks in your business.

So what should be included in a monitoring plan, well it is up to you! however I would recommend:

·         When your Business Insurance is due – if this isn’t something in place, well this is a reminder that it is imperative you get this sorted, especially if you are self employed as you do not have the separation of a legal entity between you and your clients.

·         When your Accounts are due – whilst your accountant may remind you, it is better for you to know when they are due so you can ensure you provide all the necessary paperwork in time for the accountant to work their magic and to save any unnecessary fees.

·         When you are required to submit your Confirmation Statement – for those that have a limited business, there is an annual requirement to submit a confirmation statement to Companies House. Whilst your accountant may do this, you are still responsible, so need to ensure it has been done.

·         Information Commissioners Office renewal – if you are data processor and most businesses are, then you will need ensure this is renewed on an annual basis. You can of course set it up by DD which will save you remembering – provided you are registered in the first place. If you haven’t registered with ICO – check out whether you need to register with ICO using the following link.

·         Review of any Policies and Procedures you have to ensure they continue to be fit for purpose – this will include any privacy policy, terms of business, complaint policies – remember they need reviewing as your business changes.

·         Issues that may have been highlighted in your business that you need to keep a track of – is there any management information you need to collect to ensure you can determine any improvements required, I include marketing insights in this and a general review of my business plan on a regular basis.

·         Consent Management – for those that are marketing to individuals, can you evidence when consent has been provided and when this needs renewing? In the case where clients opt out, do you know when this information needs to be deleted? – the monitoring plan will help you to remember all of this!

·         Due Diligence – any third parties that you are reliant within your business, are you confident in their systems and what would happen with your business if these suddenly were removed from the market. This is your reminder to review these and include any other third parties you may have included in your business processes.

·         Any 3rd parties you are sharing client information with – can you be confident that nothing in their business has changed which will put you at risk as the data controller of this information.

So this seems like a lot and you may be wondering where to start, however I have been implementing compliance monitoring plans, both simplest and more risk rated plans for many years. And I have condensed something that works for me into the Compliance Diary, which is available to buy now.

This enables me to plan my time and resources and enables me to factor things that I need to do in my business, on top of client work, whilst also enabling me to take time out to have holidays and time with my kids but also being confident that nothing is being missed. And yes I will confess not everything is done when I plan it however this is where I implement a risk based approach – if something will result in me breaching legislation and a potential fine, this is completed before anything else and I make a strategic decision to move some items into the following month.

Once you have identified the items that you need to keep on track of during the business year you can add them into the relevant months, and as we all like to feel we have accomplished things you can tick them off as they have been completed. On a regular basis you can check whether you are on track and if you think about why not, and at the end of the year it is always good practice to see what worked, what didn’t, what did you need to monitor but didn’t and what isn’t really needed.

As your business grows you may feel that you need to support to keep on track of everything.

So in summary the diary helps you keep on track of all the requirements in your business and you can be confident you are meeting the requirements. It is a blank diary so you can use it whenever you desire, but I would suggest that once you have identified your key activities to plug them into the monthly trackers so you don’t forget.

I hope that diary helps you with being confident in your business and if you are unsure what should be included either check out the example monitoring plan or drop me a message with a few details about your business and I will provide you with guidance.

If you want a full compliance monitoring plan developed and integrated into your business then Book a Call and we can discuss how we can work together to get this implemented.

 

 
My Business Genie

Empowering businesses to navigate Governance, Risk & Compliance with Finesse

Previous

Ethical Personal Data use - The True Value of Your Personal Information
Next

Treat your Data like your Energy