5 things every manager (of people) should know

Being a manager can be both a tough and a highly rewarding job. Often the result of a promotion coming after hard work. Or a brand new role in a new organisation.  But rarely does the status of manager come with a tight brief and any training. Most managers learn the hard way about what is expected of them and for many their main source of development is how they have been managed; well or badly.

If every manager understood the following 5 things clearly their chances of being successful and effective would significantly improve which in turn would have a powerful knock on effect across the company.

What their purpose is

When we audit companies we often ask the CEO and other senior people, what the purpose of different roles are. We also ask the individual doing that role. Often the definitions don’t match. Sometimes it sounds like two different jobs to us. If you do nothing else, make sure you can articulate the purpose of the manager’s role.

Often explanations talk about production, technical expertise, sales targets, quality but rarely do they talk about responsibilities for the people being managed. It can be seen as Business as Usual – ie in addition to other expectations on the manager meaning it will be a low priority. Which will impact on the whole culture of the organisation and not in a positive way.

What they can and can’t do

This might seem obvious but it rarely is.  We are talking about whether they can hire and fire, what their budget is, whether they can arrange training and promote people. Are they free to discipline their staff or must this be culturally approved? What isn’t written on the job description or needs to be explained?

What vicarious liability is and how it might impact on them

Vicarious liability refers to a situation where someone is held responsible for the actions or omissions of another person. In a workplace context, an employer can be liable for the acts or omissions of its employees, provided it can be shown that they took place in the course of their employment.

Many employers are unaware that they can be liable for a range of actions committed by their employees in the course of their employment – these can include bullying and harassment, violent or discriminatory acts or even libel and breach of copyright. It’s also possible to take action against an employer for the behaviour of third parties, such as clients and customers, provided these parties are deemed to be under the control of the employer.

The key question of any case of vicarious liability is whether the employee was acting in a personal capacity, or in the course of their employment. This can often be difficult to determine. Nor does an employer’s liability end once the employee leaves the organisation – as the law stands, action can still be taken against an employer even though the person in question no longer works for them.

What their H&S responsibilities are

Under the law employers are responsible for health and safety management. For every employee this responsibility lies with their manager. Even if there is a H&S Advisor. It is the managers that have the responsibility on a day to day basis because it is the employer’s duty to protect the health, safety and welfare of their employees and other people who might be affected by their business.

This means making sure that workers and others are protected from anything that may cause harm, effectively controlling any risks to injury or health that could arise in the workplace which includes managing and monitoring stress. Also managing sickness absence and understanding when an employee may need to be offered reasonable adjustments if they have a special need or a disability, and it might help them remain at work.

Employers also have duties under health and safety law to assess risks in the workplace. Risk assessments should be carried out that address all risks that might cause harm in your workplace.

What the unwritten rules are

Often the unwritten rules or internal ways of working are the biggest keys to success or failure. Knowing them is a start. Often politics is a key part of this. Who to know, be connected with. Who to avoid upsetting. How the organisation deals with conflict and disagreements. How the culture dictates the ways of working for the organisation.

We get involved in situations where managers haven’t worked out and often failing to understand and comply with unwritten rules (obvious to everyone apart from the manager) is sited. Imagine being told it was all over for failing to comply with rules that no-one told them about.

Often a solution to tackling any of these issues that you recognise can be signing up to an HR audit and a bespoke management training programme. So that you know your managers are being supported but also that what they are being taught and guided on is appropriate and on brand for your company.  This can be in conjunction with senior leaders and any internal HR function.

The good news is Amelore offer this service so do get in touch if we can help and advise you further.

GDPR AND IMMIGRATION PROCESSES

Most employers will be aware of the upcoming introduction of the General Data Protection Regulation, or GDPR. But how can they be sure the way they collect and store information for immigration purposes will be compliant? Amelore look at the key risk areas.

GDPR

The introduction of the General Data Protection Regulation (GDPR) presents a huge challenge for employers in many data processing scenarios.

Not surprisingly, immigration processes necessitate the collection and processing of considerable personal data by an employer and, in many situations, one or more third parties such as legal advisers.

And with the deadline (25 May 2018) fast approaching, there is a chance that certain types of personal data processing will not be captured in your thinking, and will therefore create a risk of a breach.

For many employers, immigration is a niche activity that changes constantly and is therefore difficult to fully understand and account for with internal policies and processes.

However, given the sensitive nature of data collected and processed, and the multiple parties often involved in this, now is the time to look at key immigration activities and ensure that they are GDPR compliant.

Here are a few scenarios that illustrate the wide range of immigration data points to be accounted for in preparing for GDPR.

Right to work checks

Employers must conduct right to work checks on any new employee, ideally before they start working for you so you only employ people with the ‘right to work in the UK’.  Employers should take copies of any original documentation they see and copy, sign and date the document copy which should then be securely stored.

While it is easy to assume that this is covered by a “legal obligation” that is not actually the case.

A right to work check is done to establish a statutory excuse against a civil penalty – that is, to avoid a fine should an employee be found to be working illegally. It is not strictly speaking a legal requirement to perform a right to work check and there are no penalties for failing to perform a right to work check where the employee is working legally. However, employers that do not carry out right to work checks will not have a statutory excuse.

Therefore, the retention and processing of data relating to immigration status would be categorised under “legitimate interests” and this processing should be covered in a privacy notice.

Resident labour market test

The resident labour market test (RLMT) is conducted as part of a Tier 2 General (new hire work permit) application to justify the recruitment of a non-UK/EU individual, ahead of a UK/EU individual.

The employer generally needs to place two adverts on two websites for 28 days each, and then assess applications against the skills, education and experience described in the advert.

If there are no suitably qualified candidates from the UK/EU, then a non-UK/EU individual can be offered the role and be sponsored under Tier 2 General.

Documentation, including job applications, CVs and interview notes need to be retained for up to seven years in the event that the Home Office conducts a compliance audit.

Now imagine you were one of the candidates who applied for that role. You were interviewed for the job but ultimately were unsuccessful. It would be reasonable to expect that your details would be retained for a reasonable period, for example six months, to allow the employer to defend any challenges arising from the appointment.

However, most candidates would be surprised to learn that their personal information would be stored for up to seven years and shared with legal advisers and the Home Office as part of the immigration process for the successful candidate.

While employers may be able to argue that retaining the information is a legal obligation, the Home Office document that describes document retention is not technically part of the immigration rules. Rather, it is a policy document and therefore it may be open to interpretation whether it is a legal obligation or not.

As such, employers may instead have to rely upon “legitimate interests” as the appropriate legal basis to retain such information. This of course requires a proper assessment to ensure those interests are not outweighed by risk of prejudice to individuals.

What steps do employers need to take to ensure that their RLMT processes are GDPR-compliant?

  1. Ensure your privacy notice for recruitment purposes makes clear the possibility of personal data being processed and retained for the purpose of immigration requirements, specifically the RLMT for Tier 2 General, including the sharing of that data with legal advisers and the Home Office, and the length of time data may be stored.
  2. Minimise personal data where possible. The personal data that must be retained on file, as per the relevant Home Office policy document, relates only to applications shortlisted for final interview – rather than all candidates who responded to the advert. Likewise, do not ask for personal data that is not strictly required at this stage of the process, for example, copies of passports, immigration documents and evidence of qualifications and experience.
  3. Redact and anonymise personal data. A further way to minimise the personal data you hold is to redact information that is not relevant to the information you need to retain, such as contact details, interests and hobbies.

Immigration enquiries and opinions

Throughout the course of employment an employee can expect that their employer may need to consult with legal advisers and other professional advisors on a range of matters, including immigration, and in doing so may need to share personal data.

This should of course be covered in the section within the privacy notice dealing with disclosures to third parties.

However, what if as part of these enquiries it is necessary to transfer data outside the European Economic Area (EEA)? For example, where the organisation is looking to transfer an employee to the US and would like a US-based immigration lawyer to assess eligibility.

Transfers of personal data outside the EEA need to be addressed within privacy notices. Also, any such transfers of personal data should only take place where steps are taken to ensure adequate protection for that personal data in the recipient country (this is also the existing position under the Data Protection Act 1998).

With just over a month to go until GDPR goes live, now is the time to understand the data points in your immigration processes and ensure they are GDPR compliant.