A business can implement a transparency policy to show its commitment to accountability and openness in is work. The policy will show the practices and procedures embraced by the business. It articulates the core values of the business in relation to communication with stakeholders. Honesty, integrity and accountability will be key values. The policy will detail the specific information that will be disclosed. This might include business practices, governance structures, financial performance, and gender pay gap information. It will describe when and how the information is shared, whether publicly by website or report or internally to employees or to certain stakeholders such as investors.
Ethical supply chain management refers to the sourcing, production and distribution of products in a manner that is non-exploitative, fair, sustainable and responsible towards all stakeholders in the chain. This includes the valuing of the human rights of producers of component parts, workers, and communities as well as environmental protection so as to ensure the human rights of current and future generations. Features of ethical supply chain management include safe working conditions and fair pay, local community engagement, minimal environmental impacts, compliance with local laws and international best practice, at all points in the chain. It involves transparency and accountability in relation production, sourcing and suppliers.
There is a certain view that Environmental, Social and Governance (ESG) strategies are soft, marketing-driven and non-essential but there are strong arguments for including ESG at the top table of corporate governance.
A well-crafted ESG policy ensures regulatory compliance. It identifies and mitigates the risk of legal actions, investigations, penalties and fines arising from environmental impact, governance practices, social responsibility, and regulatory and legal compliance. The policy can serve as a framework in managing any crisis that arises. However, the policy alone will not manage the risk; it must be utilised and familiar to all key people.
The ESG policy promotes good practice in sustainability, operational efficiency, employee engagement, social responsibility, stakeholder relationships, accountability and transparency. These good practices not only enhance the business reputation and meet consumer demand by demonstrating a commitment to ethics, they also provide competitive advantages by promoting sustainable practices and a positive work-place leading to cost savings and greater employee satisfaction, engagement and retention.
Demonstrating trustworthiness by accountable practices and transparency attracts investors by satisfying investment criteria which focus on ESG factors; these factors are an increasing prerequisite to investment. Working to global frameworks such as the UN Sustainable Development Goals and the Global Reporting Initiative gives access to new markets and allows the organisation to show itself as serious player on the international stage.
The above is provided for information purposes and is not intended as legal advice. Fitzsimons Redmond LLP would be happy to discuss the needs of your business in relation to all aspects od ESG. Please contact us on 01-676 3257 or lisa@fitzsimonsredmond.ie.
Many businesses are using artificial intelligence (AI) in some form in order to create business efficiencies. Some businesses use generative AI for copywriting, software writing, or employ Chatbots. These programmes work by being ‘trained’ by the inputting of large amounts of data. Other AI in use includes tools to summarise data or to perform analysis. Some businesses use off-the shelf AI tools and others augment the tools with their own specific datasets.
GDPR puts a variety of obligations on businesses. Due to the far-reaching penalties arising under data protection law, it is important for business-owners to recognise where a need for action is triggered. One area that causes confusion or may be overlooked is the requirement for a data transfer agreement (DTA). A business may need a DTA in the following situations:
The EU Artificial Intelligence Act came into force this week without much fuss. It creates obligations on all organisations that use or create artificial intelligence such as predictive analytics, virtual assistants, chatbots, HR tools, fraud detection tools, medical diagnostic tools, financial credit scoring, online retail recommendation engines, and targeted advertising.
There was some concern that after the 31st of December 2020, Irish and EU businesses would no longer be able to freely transfer personal data in the same manner as previously. While businesses were right to have this risk on their radar, the eleventh hour Trade and Cooperation Agreement did make provision for the continued smooth flow of personal data. This means that we do not have to regard the United Kingdom as a third country for the purposes of GDPR. We may effectively continue as before.
Ordinarily at this time of year, I advocate a total switch off from all things work. However, the one thing that does not take a break over the Christmas period is the obligation to report a data breach to the Data Protection Commissioner. All data breaches must be notified within 72 hours.
A Data Protection Agreement is necessary when an organisation allows any third party to access or process personal data. This includes storage of files in the cloud, the use of work management systems, marketing or bulk-email software, as well as any situation where you allow access to an individual’s personal data by anyone outside of your organisation. If you are sharing personal data, it is your obligation to ensure that there is a DPA in place.
Under GDPR, children benefit from all the same protections as adults in respect of their personal data. However, organisations must take particular care in respect of processing the personal data of children, a child being a person under the age of eighteen years.
