Archive for the ‘Corporate Perfomance Management’ category

Recent G.C.C VAT updates

February 16th, 2019

Passive interest and dividends
The Federal Tax Authority (FTA) asserted that passively earned interest income from bank deposits and dividend income are outside the scope of Value Added Tax (VAT), and there is no requirement to report these in the VAT return.
VAT is a tax imposed on the import and supply of goods and services at each stage of production and distribution, therefore, VAT implications arise only when there is a supply – when there is no supply, there is no VAT implication.
The FTA explained that the Federal Decree-Law No. (8) of 2017 on VAT and its Executive Regulations have included specific provisions on what would constitute a supply of goods and a supply of services and also included a definition for taxable supplies. As such, where any transaction falls outside the scope of these provisions, it would, as a consequence, fall outside the scope of VAT.
The FTA also noted that although Article (42) of the Executive Regulations outlines the tax treatment of financial services, stating that the payment or collection of any amount of interest and dividend is considered to be a financial service and is therefore exempt from VAT, this would only apply where there is, in fact, a supply.
The Authority had issued the “VAT Public Clarification on Bank Interest and Dividends” as part of its Public Clarifications service, which are available on the FTA website and seek to educate taxpayers on all technical issues surrounding taxes, allowing them to implement the tax system efficiently.
In a press statement the Federal Tax Authority noted that if, for instance, a retail business deposits its income into a bank account and earns interest on the deposited amount, and the said retail business does not do anything to earn this income aside from merely depositing the money in the account, it can then be said that the interest was earned passively. In this case, the retail business is not considered to have made a supply to the bank, and the interest income received is not a consideration for a supply, which, in turn, means that the retail business is not required to declare this income on its VAT return, as it is outside the scope of VAT.
The Authority noted, however, that the above position only applies to interest derived from bank deposits and does not have any bearing on the interest generated from extending loans or credit, which are exempt supplies for VAT purposes.
Dividend income:
• The FTA explained that the payment of a dividend by a company is a distribution of its profits to its shareholders, where the holder of a share is not entitled to a dividend until the company has declared a dividend.
• Dividend income becomes due for shareholders in a company by the mere ownership of shares in that company and if the company makes any profits and declares dividends.
• The shareholder then receives the dividends and does not make any supply in order to be eligible for a payment of dividends, making the dividend a generally passive income.
• Accordingly, dividend income is outside the scope of VAT, and is therefore, not required to be reported on the VAT return. T
• he Authority noted, nonetheless, that while dividend income is generally outside the scope of VAT, any amount charged as a “management fee” would be subject to VAT. For example, management fees charged by a holding company to its subsidiaries would be subject to VAT.

The Public Clarifications service can be accessed through the Federal Tax Authority’s official website by clicking the “Help” button, then choosing the “Public Clarifications” tab, and selecting the required document. (https://www.tax.gov.ae/en/public-clarification.aspx)

Deregistration
The Federal Tax Authority (the “Authority”) explained that the Federal Decree-Law No. 8 of 2017 on Value Added Tax has defined the cases for tax de-registration. As such, when a registrant stops making taxable supplies or if the value of the taxable supplies made by the registrant over a period of 12 consecutive months is less than the voluntary registration threshold of AED 187,500 and it is not expected that the total value of the registrant’s anticipated taxable supplies or expenses subject to tax in the coming 30-day period will exceed the voluntary registration threshold, then the registrant must submit a de-registration application to the Authority within 20 business days of the occurrence of any of these cases using the Authority’s e-Services portal, knowing that failing to submit the de-registration application within the period specified in the tax legislation will lead to the imposition of administrative penalties as stipulated in the Cabinet Resolution No. 40 of 2017 on Administrative Penalties for Violations of Tax Laws in the UAE. This was the subject of a press release issued by the Authority to clarify the conditions and procedures for de-registration for Value Added Tax, after more than a year of its implementation. The Authority confirmed that registrants will not be de-registered unless they have paid all due taxes and administrative penalties and filed all required tax returns for the period in which they were registered as stipulated under the tax legislation.

The Authority went on to assert that the UAE Tax System is based entirely on voluntary compliance by Taxable Persons, whether it being with regards to registration, filing Tax Returns and payment of due tax or de-registration, noting that these services are available free of charge.
The Authority also mentioned that these procedures can be completed within few minutes through simple steps via the e-Services portal, available 24/7 on the Authority’s website (www.tax.gov.ae).

KSA
Reduction of the value-added tax (VAT) registration threshold to SR 375,000 from January 1, 2019, will increase the taxpayer base by about 150,000
The 2018 base was over 140,000 VAT-registered taxpayers.

Non-resident taxpayers are required to appoint a tax representative to act on their behalf and to assume joint liability for VAT debts. This requirement is posing some challenge to some non-resident taxpayers. Hopefully, progress in this area can be made soon.

VAT audits have commenced and assessments issued for contraventions of the regulations such as late registration and filing of VAT returns as well as incorrect declarations.
The global trend is towards tax authorities accessing taxpayer data directly and, in some territories, preparing the return for the taxpayer. Saudi taxpayers need to be prepared. Expect an increase in the level of scrutiny as GAZT continues to build its resources to challenge the VAT treatment of specific transactions.

Foreign Business VAT recovery
In a new guide on “VAT Refunds for Business Visitors”, published on its official website, the Federal Tax Authority (FTA) outlined four conditions that allow foreign businesses to recover Value Added Tax (VAT) incurred in the UAE To be eligible for the VAT refund.
1.The first condition is that foreign businesses must not have a place of establishment or fixed establishment in the UAE or in any of the VAT-Implementing GCC States that fully comply with the provisions of the Common VAT Agreement of the Cooperation Council for the Arab States of the Gulf.
2.Second, such foreign businesses must not be a Taxable Person in the UAE.
3.Third, they must also be registered as an establishment with a competent authority in the jurisdiction in which they are establishe
4. The fourth condition is that they must be from a country that implements VAT and that equally provides VAT refunds to UAE businesses in similar circumstances.

FTA Director General His Excellency Khalid Ali Al Bustani described the refund procedure as clear and transparent, noting that it supports economic activities in the areas in which the visiting business of the country participates, which is reflected positively on many sectors including tourism, trade, exhibitions, conferences, etc. He stated that the mechanism is in accordance with the Federal Decree-Law No. 8 of 2017 on Value Added Tax and the terms and conditions set in its Executive Regulations, which call for refunding taxes paid on supplies or imports made by a foreign entity not residing in the UAE or any of the Implementing States, subject to meeting certain conditions. He further explained that reciprocity is a key condition for the procedure, whereby the Authority will refund the VAT to businesses resident in countries that refund VAT for UAE businesses visiting their territories.

The Federal Tax Authority clarified that the period of each refund claim shall be a calendar year, noting that for claims in respect of the 2018 calendar year, refund applications can be made as of April 1, 2019. However, for subsequent calendar years, the opening date for accepting refund applications will be March 1st of the following year; this means that for the period from January 1 to December 31, 2019, applications will be accepted as of March 1, 2020.

The FTA went on to stress that the minimum claim amount of each VAT refund application submitted by business visitors is AED2,000, which may consist of a single purchase or multiple purchases. The Authority urged potential applicants to hold on to the original tax invoices on the purchases for which they would like to reclaim VAT, as they will be required to be submitted along with the refund applications.
Businesses residing in any GCC State that is not considered to be an Implementing

State may still submit a VAT refund application to reclaim VAT incurred in the UAE under this scheme, the FTA assured, outlining only 3 situations where VAT cannot be reclaimed,
1,The first situation is if the Foreign Business in question makes supplies in the UAE, unless the recipient is obliged to account for VAT under the Reverse Charge Mechanism.
2. Second, a VAT refund cannot be processed if the Input Tax in respect of any goods or services is “blocked” from recovery and, therefore, not recoverable by a Taxable Person in the UAE.
3. The third situation where a refund is not possible is if the Foreign Business is a non-resident tour operator.

The guide on “VAT Refunds for Business Visitors” can be accessed on the FTA’s official website via the link:
https://www.tax.gov.ae/pdf/VAT%20Refund%20User%20Guide-Business%20Visitors_EN.pdf (See Public Ax 2012 Finance Vat folder)
Independent Directors Services

Independent Directors’ services
The Federal Tax Authority (FTA) has confirmed that the date of supply for Value Added Tax (VAT) with regard to Independent Directors’ services is determined either in accordance with the general rules or the special rules, depending mainly on whether the fees for the said directors were known from the outset or not.
Where such fees are known from the outset, the date of supply shall be determined in accordance with the provisions of Articles (25) and (26) of Federal Decree-Law No. (8) of 2017 on VAT, depending on whether or not there will be periodic payments. If such fees are not known from the outset, they shall be determined upon conclusion of the Annual General Meeting and the date of supply shall be established only when such fees become known.
The date of supply prescribes the point in time when a VAT Registrant needs to account for VAT, the Authority explained in the Public Clarification on the Date of Supply for Independent Directors. This is part of the “Public Clarifications” service available on the FTA’s website to introduce taxpayers to all aspects of the tax system and facilitate compliance. The service can be accessed via the link: https://www.tax.gov.ae/public-clarification.aspx
The FTA explained that in instances where the Board Fees are known at the outset and involve periodic or multiple payments, the date of supply would be determined as per Article (26) of Federal Decree-Law No. (8) of 2017 on VAT, where the date of supply would be the earliest of the following three: The date of issuance of the tax invoice; the date the payment is due as shown on the tax invoice; and the date of receipt of payment. If 12 months have passed from the date of provision of services and none of the aforesaid events has occurred, the date of supply will be triggered at the end of the 12th month.
As for the instances where Board Fees are known at the outset but there are no periodic or multiple payments, the date of supply would be determined as per Article (25) of the Federal Decree-Law No. (8) of 2017 on VAT. Accordingly, the date of supply would be the earliest of the following three: The date of issuance of a tax invoice; the date on which the provision of services was completed; and the date of receipt of payment.

Profit Margin Scheme
The UAE Federal Tax Authority (FTA) asserted that only those goods which have previously been subject to VAT before the supply in question may be subject to the profit margin scheme. As a result, stock on hand of used goods which were acquired prior to the effective date of Federal Decree-Law No. (8) on Value Added Tax (“VAT law”), or which have not previously been subject to VAT for other reasons, are not eligible to be sold under the profit margin scheme. VAT is therefore due on the full selling price of such goods.

The taxable person will not be allowed to apply the profit margin scheme in such cases where he has issued a tax invoice or any other document mentioning an amount of VAT chargeable in respect of the supply.
• The profit margin is the difference between the purchase price of the Goods and the selling price of the Goods,
• The profit margin shall be deemed to be inclusive of Tax
• A VAT registered business may apply the profit margin scheme to eligible goods when:
o the goods must have been purchased from either a person who is not registered for VAT;
o or a taxable person who calculated VAT on the supply by reference to the profit margin i.e. a VAT registered business, which already applied the profit margin scheme on the same goods.
o In addition, the profit margin scheme may also apply when the taxable person made a supply of the goods where input tax was not recovered in accordance with Article 53 of Cabinet Decision No. 52 of 2017.
Suppliers should be confident that a good has previously been subject to tax in order to apply the profit margin scheme. Such evidence or information of this position could include but is not limited to.:
o information relating to the date the good was first manufactured, sold or brought in to use
o e.g. in the case of a car, the date the car was first registered would indicate its sale would have been subject to VAT if it was registered on a date after 1 January 2018;
o Evidence that the supplier paid VAT on their original purchase e.g. by asking the supplier for a copy of the tax invoice relating to their purchase of the good.
Where a Taxable Person has charged Tax in respect of a supply with reference to the profit margin, the Taxable Person shall issue a Tax Invoice that clearly states that the Tax was charged with reference to the profit margin, in addition to all other information required to be stated in a Tax Invoice except the amount of Tax.

Transportation

As per the Clause (4), Article (45) of the Federal Decree-Law No. 8 of 2017 on Value Added Tax and as per Article (34) of Cabinet Decision No. 52 of 2017 on the Executive Regulations (“VAT Executive Regulations”): The supply of the means of transport shall be subject to the zero rate in the case of, a supply of bus or train that is designed or adapted to be used for public transportation of (10) or more passengers.

One such qualifying means of transport includes the supply of a bus or train that is designed or adapted to be used for public transportation of 10 or more passengers. This Public Clarification discusses the definition of ‘public transportation’ and its interpretation for the purposes of identifying those buses or trains which qualify to be supplied at the zero rate under this provision.As a result, those means of transport which are designed to transport a specific category of individuals, such as school students or employees of a business, do not meet the conditions to be treated as a qualifying means of transport for the purposes of the zero-rating provisions. Such means of transport shall therefore be subject to the standard rate of VAT.
This denotes that, any supplies of means of transport (e.g. supply of buses) made for the use of schools or business are subject to 5% tax at the time of its purchase.
It has also been clarified by the FTA that, whether or not the original supply of the means of transport qualified for zero rating has no impact on the VAT liability of any charges made for the supply of transportation services. The VAT treatment of the means of transport when purchased does not determine the VAT treatment of any supply of transport services made using that vehicle. Providing services to business for transporting its employees from one place to another still remains exempt under law. Therefore, where local transport is made for a charge to a defined group of people, any VAT incurred on the costs of purchasing the means of transport, fuel etc. in order to provide that service is not recoverable.

Difference between private transportation & public transportation in the VAT Law:
What is Private Transportation?

FTA defines ‘Private Transportation’ as ‘all means of transportation used to transport a specific group of people under contracts.’
What is Public Transportation?
The transport used for ‘public transportation’ shall be interpreted by the FTA as, ‘all means of mass transportation used to transport all individuals without specifying any category.’
The difference between the two forms of transportation therefore means that public transportation should be available for all individuals without exception. Public transportation would not include transportation which is only available to a specific category of user.
To summarize, if a bus or train is designed or adapted for a specific class or group of people, or is only available for use by a specific class or group of people, then it shall be considered to be designed or adapted for use for private transportation. And thus, the supply of such means of transport will be taxable.
Factors relevant to identify Public Transportation:
In order to determine whether a bus or train is designed or adapted for use for public transportation, the following factors would be relevant:
1. Features exist which allow passengers to pay for the transportation or to indicate they possess a ticket e.g. a payment booth, ticket scanner or device to take payment;
2. There is branding either within or outside the vehicle advertising the transport service, indicating the transportation is available to all;
3. There is branding or other features indicating regulation of the means of transport by the entity regulating public transportation in the Emirate of operation;
4. The intended use of the means of transport is to transport members of the public without exception or limitation to a specific group.
By considering above points, the following means of transports are not be considered to be used for public transportation:
1. School buses;
2. Buses used to transport groups of employees or workers to or from a place of work;
3. Shuttle buses used to transport hotel guests to other locations e.g. a mall, airport, park, or other tourist attraction.
Hence the and the supply of such means of transports shall be subject to VAT at the standard rate.
VAT Liability of Transportation Services:
To add on, services related to transportation shall be governed by Clause 4 of Article 46 of the VAT Law and Article 45 of the Executive Regulations which state that any supply of local passenger transport shall be exempt from VAT where the supply is of local passenger transport services in a qualifying means of transport by land, water or air from a place in the UAE to another place in the UAE.
For the purposes of the exemption from tax, one of the qualifying means of transport listed includes a motor vehicle, including a taxi, bus, railway train, tram, mono-rail or similar means of transport, designed or adapted for transport of passengers.

Emirati Nationals – Home owners
The Federal Tax Authority issued a guide Apr2018 with details for home owners on how to claim the refund.
Emirati house owners have the right to a five per cent value added tax (VAT) refund when constructing their homes, the Federal Tax Authority (FTA) has stated. The Authority has issued a guide with details for home owners on how to claim the refund. It clarifies that only UAE citizens have the right to ask for the refund. They need no new account on the Authority’s website, and only need to download and fill a form and submit it back so the Authority
t UAE nationals can claim the VAT refund against the construction expenses for a residential building, when they construct it either for themselves or for their family members.
UAE nationals can claim the refund against a newly constructed building to be used solely as residence, under Article (66) of Cabinet Decision No. (52) of 2017 on the Executive Regulations, of the Federal Decree-Law No (8) of 2017 on Value Added Tax,”.
The VAT refund is not allowed in relation to a building that will not be used solely as a residence by the person or the person’s family. For example, it is not to be used as a hotel, guest house, hospital, or if the property is to be used for rental purposes or for any other purpose not consistent with it being used as a residence,
According to the guide issued by the FTA, an Emirati owner has the right to ask for the VAT refund if he bought a piece of land and allowed an authorised person or company to establish a housing unit on it. The guide says that the VAT refund only includes the money spent on establishing the unit, adding that it includes the amounts paid as building materials, except for electricity products of furniture or green areas.
On the other hand, the refund also includes VAT paid for doors, fire alarms systems, floors, kitchens, health units, bathrooms, windows, and electricity cables. A third entity is going to review the housing units to approve the refund and its amount after the Emirati owner submits the form. Moreover, the owner needs documents that prove his ownership for the unit, show the date of issuing the certification of establishment, prove the ownership of the land and show the value of VAT paid during the process.
It should be noted that the VAT refund will be claimed after completion of the new building which is ready to use. The owner must file a VAT refund application after getting registration with the FTA within six months from the date of completion of the newly built residence. Processing can take up to 20 days.
A newly built residence is considered complete at the date the residence becomes occupied, or the date when it is certified as completed by a competent authority in the state, or as may otherwise be stipulated by the Authority.
Also where the Authority has repaid tax and following the receipt of such repayment, if the person used the building for rental or any other commercial purpose, then he will be required to repay the amount of the tax that was claimed by him. The UAE national can claim VAT against construction related expenses excluding furniture or electrical appliances.

Grants and Sponsorships
The VAT treatment of donations, grants and sponsorships depends on whether the donor, grantor or sponsor, as the case may be, received any benefit in return for such payments.
o Where any benefit is received in return for the payments, VAT implications will arise.
o However, where no benefit is received, the payments will be treated as outside the scope of VAT as they will not be seen as consideration for a supply.
The VATP011 clarification states where donation and grants do not have any supply, they are considered as out of scope.
Generally, sponsorship will be subject to VAT as there is usually associated supply to such sponsorship.

Pre Vat Orders and post Vat supply
As per the FTA’s statement, the only case where consumers are directly responsible for paying VAT on services are those that were delivered fully or partially after VAT went into effect from January 1 and it was contractually/ stated that the amount due is exclusive of tax.
According to the FTA’s statement, suppliers will be liable for VAT in two cases:
o if the contract states that the amount received against the good or service is inclusive of VAT;
o or if the contract issued to the consumer did not refer to VAT.
In the latter case, when the goods or services recipient is registered for tax, the amount due is treated as exclusive of tax. So the supplier has to ascertain whether the recipient is registered, and the recipient ability to recover tax as per Article 70 of the VAT Executive Regulations.
The authority stressed that in all cases, the supplier remains liable for accounting for the tax and paying it to the FTA.

Bahrain and Utility Bills
A Bahraini lawyer has insisted that the recent decision by the Electricity and Water Authority (EWA) to apply Value Added Tax (VAT) on subscribers’ bills are unconstitutional, demanding immediate cancellation of the decision. This came as lawyer Mohammed Al Thawadi appeared before the High Administrative Court, which is examining a complaint lodged by him against the authority. The court said that it would issue its final verdict in the case on February 24.
In his statements, the lawyer asserted that the decision is unconstitutional, claiming that Articles 15 and 17 of the Constitution of the Kingdom stipulate that taxes should only be imposed through legislation. Mr. Al Thawadi also accused EWA of not adhering to the Unified GCCVAT Agreement.
“Article 29 did not stipulate the imposition of taxes on electricity supply services, but on the contrary, it gave each state the right to exempt some sectors in accordance with local law. “Additionally, Article 30 stipulates the exemption of government bodies from paying taxes, and therefore it is not permissible for the authority to collect taxes.” The lawyer’s last statement came after the authority denied the accusations during the previous hearing.
“The authority does not exercise its functions as sovereign and there is no monopoly of providing electricity and water supply services in the Kingdom,” the authority’s counsel had told the court. Further supporting his accusations against the authority, Mr. Al Thawadi said: “The authority’s claim that it does not operate in a sovereign manner and that there is nothing preventing competition with it from any other party in providing its services is incorrect.

Cloud back ups or on-premise?

February 16th, 2019

Pretty scary.
We have suffered catastrophic destruction at the hands of a hacker, last seen as aktv@94.155.49.9 This person has destroyed all data in the US, both primary and backup systems. We are working to recover what data we can.

Though they’re back up and running, who knows if customers will stick by them, or will sue them.
What impact that had on infrastructure mail servers, backup servers, and SQL Servers for customers is hard to judge.
A large number of people might have lost their mailboxes and previously stored mail that was in IMAP storage.
This is likely an annoyance for individuals, but potentially catastrophic for businesses. Imagine your small business hosted with them and all your mailboxes were lost with customer communications and who knows what else.

Could this happen with a cloud provider like Azure O365, Google Apps or AWS?
Maybe but they will have DR backups,
But what if you store back ups on the cloud but run on premise- how long would it take to mass restore multiple, customers? Do you still have ad3qute on premise test systems to restore on and the staff and the time to do it?

Do you assume that you will always have either a primary server and an online backup server/share/bucket/container and can download data.
The problem is that online systems that connect to the primary can be accessed.
If an attacker were to access one, they potentially could access the second.
The world seems to be moving towards more online storage, or in the case of cloud vendors, a reliance on snapshots. That might be good enough for cloud vendors, but is it good enough for your on-premise system.
It’s likely that an attacker, possibly even with insider help, would wipe out backups first, then primary systems.
Some sort of disconnected offline backup of data, especially database servers gives you a third line of defence.
don’t forget that back up- need to be tested- if the back up software compatible with old versions, does your back up use the same version as the current erp software installed on your primary, or the same SQL version (i.e when you upgrade do you also upgrade your back ups, or maintain an older environment?)

Microsoft and other large vendors have had downtime whether self induced by releasing code too early, or due to hardware failure, or malicious attach . What is important to realise is just how infrequent are just issues given the number of clients they have across a range of solutions, and how little was the downtime and how fast they are at in addressing issues that arise. The think about how you would have been able to deal with the same issues in your own server room?

There are increasing risks, and increasing issues of statutory compliance with regard to data protection e.g, GDPR. The cloud generally offers cheap storage nd robust systems, yet it needs to be part of a holistic approach to reduce overall risk and cost, and not the only line of defence.

What does GDPR mean for Big Data Analytics and AI?

January 27th, 2019

By 2020, there will be an estimated 24 billion internet-connected devices globally – more than four devices for every person. Many consumers have concerns about data privacy and how their data is used and protected (some surveys put this at 90% of users). As businesses learn to extract value from and utilize data at a deeper level, it is essential for companies to be extremely conscientious about protecting personal information.

The recent Google 50 Million Euro GDPR fine posted about on our blog has major implication means for data insight driven companies. Secondary processing of date using iterative analytics and AI needs to remain legal under the GDPR – i,e.GDPR compliant technical and organizational safeguards in place that:

(1) Satisfy a balance of interest test that requires functional separation (to separate the information value of data from the identity of data subjects) to reduce the negative impact on data subjects, so that the data controller’s legitimate interests are not overridden. see Annexures 1 and 2 of this note: https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf

Recent high-profile lawsuits against Oracle and Acxiom make it clear that simply claiming a “legitimate interest” in commercializing personal data is not enough. (see the video here http://fortune.com/2018/11/08/privacy-international-oracle-acxiom/)

(2) Ensure compliance with requirements that the secondary processing is compatible with the original purpose for which the data was collected;

(3) By default restrict access to only the minimum data necessary for each purpose for which it is processed – such Data Minimisation, is a level of granular control and protection that cannot be technologies like encryption alone.

The “Data Privacy Day 2019″, which is tomorrow: Monday 28 January 2019, is led by the National Cyber Security Alliance (NCSA) in the United States, is built on the theme, “Respecting Privacy, Safeguarding Data and Enabling Trust.”

SQL Server 2016 SP2 CU5, SP1 CU13 – many fixes

January 25th, 2019

Many fixes inside SP2 CU5 and SP1 CU13, e.g.:
• Access violation when you compile a query
• Access violations and unhandled exceptions with Always On Availability Groups automatic seeding
• Dynamic Data Masking doesn’t when there’s a cursor involved
• Access violations for XML data types
• Query Store blocks transactions and log truncation
• Out of memory errors
• Non-yielding schedulers with heavy use of prepared statements
• Can’t restore compressed backups of encrypted databases
• High CPU usage when there are many batch requests (which we would expect?)
• SQL Server service crashes when you cancel CHECKDB (on a “large database” – doesn’t that apply to all? )
…. lots more

Congratulations to Microsoft CEO Satya Nadella – named top CEO in the U.S.A. by Forbes magazine

January 23rd, 2019

Congratulations to Microsoft CEO Satya Nadella who was named the top CEO in the United States by Forbes magazine. This honor follows many key successes under his leadership, including the acquisition of GitHub and an increased focus on Microsoft Azure.
For a fascinating insight into how Microsoft has rebuilt itself ‘brick by brick’ under his leadership over the last 4 years, see this Forbes interview form the end of December 2018,

https://www.forbes.com/sites/alexkonrad/2018/12/10/exclusive-ceo-interview-satya-nadella-reveals-how-microsoft-got-its-groove-back/#454c91397acb

GDPR starts to bite

January 22nd, 2019

Google has been hit with a record fine by French data regulator CNIL, of 50m euros ($56.7m) for breaching GDPR after finding that Google had a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”.
The regulator also said that the users were not sufficiently informed about how Google users personal data for advertising. The fine relates to two complaints filed by privacy advocacy groups, which were filed as soon as GDPR came into place in May last year. The groups also claim that Google does not not have a valid legal basis to process user data for ad personalisation, as mandated by the GDPR. Google also selects ad personalisation by default for new users, instead of offering an ‘opt in’, which is also against GDPR rules.

Under the GDPR, complaints are transferred to local data protection regulators. While Google’s European HQ is in Dublin, the CNIL concluded that the team in Dublin doesn’t have the final say when it comes to data processing for new Android users.

In a statement, Google said: “People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR. We’re studying the decision to determine our next steps.”

The large fine reflect the view thatthe violations were continuous, and still occurring. Google’s violations were aggravated by the fact that “the economic model of the company is partly based on ads personalisation”, and that it is therefore “its utmost responsibility to comply” with GDPR.

Dr Lukasz Olejnik, an independent privacy researcher and adviser, said the ruling was the world’s largest data protection fine. “This is a milestone in privacy enforcement, and the history of privacy. The whole European Union should welcome the fine. It loudly announced the advent of GDPR decade,” he said.

Facebook is also faced with huge fines. Facebook has been fined €10m (£8.9m) by Italian authorities for misleading users over its data practices. The two fines issued by Italy’s competition watchdog are some of the largest levied against the social media company for data misuse, dwarfing the £500,000 fine levied by the British Information Commissioner’s Office in September for the Cambridge Analytica scandal– the maximum that body was able to issue. The Italian regulator found that Facebook had breached articles 21, 22, 24 and 25 of the country’s consumer code by: Misleading users in the sign-up process about the extent to which the data they provide would be used for commercial purposes.

Emphasising only the free nature of the service, without informing users of the “profitable ends that underlie the provision of the social network”, and so encouraging them to make a decision of a commercial nature that they would not have taken if they were in full possession of the facts. Forcing an “aggressive practice” on registered users by transmitting their data from Facebook to third parties, and vice versa, for commercial purposes.

The company was specifically criticised for the default setting of the Facebook Platform services, which in the words of the regulator, “prepares the transmission of user data to individual websites/apps without express consent” from users. Users can disable the platform, but the regulator found that its opt-out nature did not provide a fully free choice. As an additional penalty, the authority has directed Facebook to publish an apology to users on its website and on its app.

In a statement, a Facebook spokesperson said: “We are reviewing the Authority’s decision and hope to work with them to resolve their concerns. This year we made our terms and policies clearer to help people understand how we use data and how our business works. We also made our privacy settings easier to find and use, and we’re continuing to improve them. You own and control your personal information on Facebook.”

On Friday (14 December), Facebook disclosed that a bug gave hundreds of apps unauthorised access to photos that users had uploaded but hadn’t made public. The bug is understood to have ran for 12 days between 13 and 25 September. To compound matter it failed to promptly disclose the issue within 72 hours.

The bug is the latest in a series of privacy scandals. Facebook disclosed a security breach on Sept. 28, saying 50 million accounts had their login access tokens stolen. That figure was reduced to 30 million , and Facebook lconfirmed that 29 million of the impacted users had their names and contact information exposed. Among those users, 14 million of also had other personal information, such as their gender, relationship status and their recent place check-ins, stolen by the attackers. Facebook told the Irish Data Protection Commission that 10 percent of the affected accounts were European, according to Graham Doyle, the commission’s head of communications. the accounts were hacked in an access token harvesting attack. The security incident, revealed last week, was caused by a vulnerability in Facebook’s code which permitted attackers to steal access tokens. Access tokens are used to keep Facebook users logged in when they switch over to a public profile view via the “View As” feature.

A KPMG global study in 2018 revealed that 77% of consumer are totally against their data being sold.

A CNIL ruling in October last yearagaisnt the company Vectuary has a lot of significance. Data privacy experts consider the regulator was stating that consent to processing personal data cannot be gained through a framework arrangement which bundles a number of uses behind a single “I agree” button that, when clicked, passes consent to partners via a contractual relationship. That CNIL decision implies that bundling consent to partner processing in a contract is not, sufficient, or valid consent under the European Union’s General Data Protection Regulation (GDPR) framework.

The firm was harvesting personal data (including people’s location and device IDs) on its partners’ mobile users via an SDK embedded in their apps, and receiving bids for this data via another standard piece of the programmatic advertising pipe — ad exchanges and supply side platforms — which also get passed personal data so those can broadcast it widely via the online ad world’s real-time bidding (RTB) system to solicit potential advertisers’ bids for the attention of the individual app user… The wider the personal data gets spread, the more potential ad bids. CNIL discovered the company was holding the personal data of a staggering 67.6 million people when it conducted an on-site inspection of the company in April 2018 and yet Vectuary’s website claims it doesn’t store 70% of its data.

GDPR, Article 5, paragraph 1, point f, requires that personal data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.” If you can not protect data in this way, then the GDPR says you can not process the data. So the complint ius not just about the data or the consent but also about the processing. of the data sharing but rather that it is not adequately secure or controlled.

Get ready for year-end close in Dynamics AX and Dynamics 365 with Synergy Software Systems, Dubai.

December 20th, 2018

There many tasks to be done for the Fiscal year-end closing process.
Those include task for all functions not just finance.
For over 10 years Synergy has conducted Year end training courses to help prepare Dynamics users for their fiscal close.
Our 2 day workshop encompasses:
Key tasks and sequence
Tips and trick
Key reports,
Use of MR and Power Bi
Sales, Supply chain, HR, IT tasks
Hands on practice
The course content applies to almost all versions and will be run in Dynamics Ax 2012 R3. it will however will also introduce the Dynamics 365 Financial closing workspace.

Date: 2 day course: 09.00 – 17.00 8th and 9th Jan 2019
Venue: SYNERGY SOFTWARE SYSTEMS. Al Karama, Dubai.
Ample parking and bus stops and metro nearby.
For a trouble-free and timely, year-end close, book today.
Experienced, expert instructors.

Prophix user conference May 2019 Birmingham, U.K.

December 19th, 2018

Just an early note for your diaries that the Prophix EMEA user conference next year will be held in Birmingham in the U,K, 22-23 May.
Meet and socialise with senior Prophix management, and other Prophix users.
Learn about the product road map and new features.
Learn useful tips and tricks.
Make product suggestions.
See the U.K. at the best time of the year – the central location is served by its own International airport with fast rail links to Oxford, Wales London, Bath and the picture postcard villages of the Cotswolds ( se the award winning gardens)

RPA certifications for Synergy Software Systems, Dubai

November 25th, 2018

I am pleased to announce that following extensive training over recent weeks two of our consultants have already achieved certifications.

If you have an ROA project in mind and need support for your project from a proven, local. UAE partner then please call Synergy Software Systems on 0097143365589

Making Tax Digital (MTD)

November 19th, 2018

If you have U.K operations then be aware of Making Tax Digital (MTD), a transformational approach to taxation in the UK from HMRC. The first change is coming in 2019 and will affect every organisation from processes to how systems are set up to record and report tax.

This will affect all companies with U.K, financial operations and all financial software. From April 2019, businesses that are registered for VAT and have turnover above the VAT registration threshold of £85,000 will be required to keep digital records for VAT purposes and submit their quarterly VAT return updates to HMRC through functional compatible software

The new VAT record keeping rules requires that all applicable VAT return data is digitally linked so that transactions can be traced from source data (i.e. purchase/sales ledger) to VAT return completion and upload.

Key benefits for businesses include improved visibility over their tax situation and easier access to tax information online; enabling businesses to plan and budget more effectively, driving performance and growth

With Making Tax Digital, the new regulation from HMRC going live from 1 April 2019, it’s time to start preparing. This is similar to the legislation already implemented in the U.A.E. which we have done for both infor SunSystems, and Dynamics 365/Dynamics Ax.

Which versions of Dynamics AX will Microsoft be ‘Making Tax Digital’ compliant?

Any Dynamics product that is still under mainstream support will get an update from Microsoft to ensure full compliance. This means for Dynamics AX only Dynamics AX 2012 R3 will be automatically updated. Microsoft have not confirmed when this update will take place – there are still some further details to come from HMRC.

Receiving the Microsoft update may not be enough to guarantee full compliance – there will likely need to be a number of small updates such as capturing the right fields and updating commercial forms, and reporting format that will need to be confirmed.

In addition, by April 2020 you will need to ensure all of your processes are fully digital.

ROI On Microsoft Dynamics

November 14th, 2018

what’s the true return on investment (ROI) for an average Dynamics 365 deployment?”

Thanks to a newly released independent analysis from Nucleus Research, we can reveal the answer:

For every dollar spent, companies realize an average of $16.97 in returns.

According to the report summary, “this is significantly higher than the average for both enterprise resource planning (ERP) and customer relationship management (CRM), which deliver, on average, $7.23 and $8.71 respectively. Nucleus found that companies taking advantage of Microsoft’s investments in cloud and usability, as well as integration and analytics, were able to achieve significant returns by increasing productivity and revenues and reducing costs.”

The report dives in the value drivers for the cases, and revels that the common elements to the financial success of deployments include:

• The ability to integrate Microsoft solutions with existing applications and data sources
• The enablement of new lines of business, such as cross-selling and up-selling with field service
• A focus on a standardized, easy-to-use user interfaces—the familiar Microsoft look and feel that can help speed up onboarding and user adoption
• Cost savings and greater innovation realized by deploying cloud-based Microsoft business applications
• The focus on improving user productivity by automating, or standardizing, repeatable manual processes

The report is a fascinating read that we invite you to explore on your own. If you are interested in investing in the modern Dynamics enterprise system system then contact Synergy Software Systems and we will send you a copy.

0097143365589

IFRS 9

November 7th, 2018

The Standard includes requirements for recognition and measurement, impairment, de-recognition and general hedge accounting. This standard has replaced IAS 39 and responds to the criticisms that IAS 39 was too complex,
inconsistent with the way entities manage their businesses and risks, and defer the recognition of credit losses on loans and receivables until too late in the credit cycle.

The new standard is based on the concept that financial assets should
be classified and measured at fair value, with changes in fair value recognized
in profit and loss as they arise (“FVPL”). That is unless restrictive criteria are met for classifying and measuring the asset at either Amortized Cost or Fair Value Through Other Comprehensive Income (“FVOCI”) subject to a special
FVOCI designation option for investments in equity instruments, only
loans, receivables, investments in debt instruments and other similar
assets ( “loans and receivables”), can qualify for measurement at Amortized Cost or FVOCI. The key questions are whether:
• The objective of the entity’s business model is to hold assets only to collect
cash flows, or to collect cash flows and to sell (“the Business Model test”),
and
• The contractual cash flows of an asset give rise to payments on specified
dates that are solely payments of principal and interest (“SPPI”) on the
principal amount outstanding (“the SPPI test”).

Both of these tests determine whether to account for an instrument at
Amortized Cost or FVOCI

IFRS 9 specifies how an entity should classify and measure financial assets, financial liabilities, and some contracts to buy or sell non-financial items. IFRS 9 , deals separately with the classification and measurement of financial assets, impairment and hedging.

IFRS 9 requires an entity to recognise a financial asset or a financial liability in its statement of financial position when it becomes party to the contractual provisions of the instrument. At initial recognition, an entity measures a financial asset or a financial liability at its fair value plus or minus, in the case of a financial asset or a financial liability not at fair value through profit or loss, transaction costs that are directly attributable to the acquisition or issue of the financial asset or the financial liability.

So why does it matter if you are not in the Financial services sector?
Any entity with long-term loans, equity investments, or any non-standard financial assets, or only holding short-term receivables may find that it requires
significant changes to its financial reporting as the result of this standard.

Possible consequences of IFRS 9:
Income statement volatility. More assets will
have to be measured at fair value with changes in fair value recognized in
profit and loss as they arise.

Earlier recognition of impairment losses on receivables and loans,e.g. trade receivables. Entities will have to provide for possible
future credit losses in the first reporting period that a loan goes on the books
– even when it is highly likely that the asset will be fully collectible.

New disclosure requirements—the more significantly impacted may even need new systems and processes to collect the necessary data.

IFRS 9 is an opportunity for balance sheet optimization, enhanced efficiency of
the reporting process and cost savings.

Before your year end audit consider the possible impact on financial statements, systems, processes, controls.

Financial assets

When an entity first recognises a financial asset, it classifies it based on the entity’s business model for managing the asset and the asset’s contractual cash flow characteristics, as follows:

Amortised cost—a financial asset is measured at amortised cost when both of the following conditions are met:
◦ the asset is held within a business model whose objective is to hold assets in order to collect contractual cash flows; and
◦ the contractual terms of the financial asset give rise on specified dates to cash flows that are solely payments of principal and interest on the principal amount outstanding.

Fair value through other comprehensive income—financial assets are classified and measured at fair value through other comprehensive income when these are held in a business model whose objective is achieved by both collecting contractual cash flows and selling financial assets.

Fair value through profit or loss—any financial assets that are not held in one of the two business models mentioned are measured at fair value through profit or loss.

When, and only when, an entity changes its business model for managing financial assets it must reclassify all affected financial assets.
Financial liabilities

All financial liabilities are measured at amortised cost, except for financial liabilities at fair value through profit or loss. Such liabilities include derivatives (other than derivatives that are financial guarantee contracts or are designated and effective hedging instruments), other liabilities held for trading, and liabilities that an entity designates to be measured at fair value through profit or loss (see ‘fair value option’ below).

After initial recognition, an entity cannot reclassify any financial liability.

Fair value option

An entity may, at initial recognition, irrevocably designate a financial asset or liability that would otherwise have to be measured at amortised cost or fair value through other comprehensive income to be measured at fair value through profit or loss when doing so will either eliminate, or significantly reduce a measurement or recognition inconsistency (sometimes referred to as an ‘accounting mismatch’) or will otherwise result in more relevant information.

Impairment

Impairment of financial assets is recognised in stages:

Stage 1—as soon as a financial instrument is originated or purchased, 12-month expected credit losses are recognised in profit or loss and a loss allowance is established. This serves as a proxy for the initial expectations of credit losses. For financial assets, interest revenue is calculated on the gross carrying amount (ie without deduction for expected credit losses).

Stage 2—when the credit risk increases significantly and is not considered low, full lifetime expected credit losses are recognised in profit or loss. The calculation of interest revenue is the same as for Stage 1.

Stage 3—when the credit risk of a financial asset increases to the point that it is considered credit-impaired, interest revenue is calculated based on the amortised cost (ie the gross carrying amount less the loss allowance). Financial assets in this stage will generally be assessed individually. Lifetime expected credit losses are recognised on these financial assets.

Hedge accounting

The objective of hedge accounting is to represent, in the financial statements, the effect of an entity’s risk management activities that use financial instruments to manage exposures arising from particular risks that could affect profit or loss or other comprehensive income.

Hedge accounting is optional. An entity applying hedge accounting designates a hedging relationship between a hedging instrument and a hedged item. For hedging relationships that meet the qualifying criteria in IFRS 9, an entity accounts for the gain or loss on the hedging instrument and the hedged item in accordance with the special hedge accounting provisions of IFRS 9.

IFRS 9 identifies three types of hedging relationships and prescribes special accounting provisions for each:

fair value hedge: a hedge of the exposure to changes in fair value of a recognised asset or liability or an unrecognised firm commitment, or a component of any such item, that is attributable to a particular risk and could affect profit or loss.

cash flow hedge: a hedge of the exposure to variability in cash flows that is attributable to a particular risk associated with all, or a component of, a recognised asset or liability (such as all or some future interest payments on variable-rate debt) or a highly probable forecast transaction, and could affect profit or loss.

hedge of a net investment in a foreign operation as defined in IAS 21.

When an entity first applies IFRS 9, it may choose to continue to apply the hedge accounting requirements of IAS 39, instead of the requirements in IFRS 9, to all of its hedging relationships.

IFRS 9 is effective for annual periods beginning on or after 1 January 2018.

VAT in Bahrain – Update your Sunsystem financials with Synergy Software Systems

October 23rd, 2018

Bahrain will be the next country to implement five per cent value-added tax (VAT) after the UAE and Saudi Arabia as part of the GCC framework agreed between the six states, according to tax experts. Bahrain’s parliament in an extraordinary session ordered by royal decree. has approved the introduction of 5 percent value-added tax (VAT) in the kingdom from January 1 2019. The move must also be approved by Bahrain’s upper house.

The introduction of VAT will be a big challenge for the local Bahrain market, and businesses now have less than 3 months to be prepared for these changes. This announcement of a definitive date for the tax to become effective means that businesses should accelerate their VAT readiness preparations. Last week, Bahrain announced a fiscal overhaul meant to balance its budget by 2022, backed up by a $10 billion economic support package from Saudi Arabia, the UAE and Kuwait. The plan aims to raise $2.1 billion a year as Bahrain looks to curb its debt after years of lower oil prices.

At the start of 2018 VAT was introduced in both K.S.A, and the U.A.E. Synergy Software Systems has extensive experience of VAT implementation in business systems like Dynamics 365 Finance and Operations, Dynamics Ax, and Infor SunSystems in both K.S..A and the U.A.E, across almost 200 customers in varied vertical sectors.

VAT Registration
• The compulsory VAT registration threshold in Bahrain is BHD 37,000 per annum.
• A voluntary registration for businesses below this threshold is permitted, although this has its own minimum threshold of BHD 18,850 per annum.
• There is scope for related businesses to apply for a single, Group VAT registration.
• There is no threshold for non-resident businesses, which must register prior to their first supply. Foreign registrations may be either direct, or via a local Fiscal Representative.

Bahraini VAT rates
Generally, Bahrain follows the terms of the Agreement, including the harmonised standard VAT rate of 5%, but has a wider range of zero and reduced VAT rates to provide subsidies to the less well off in society.

Which goods or services, at what rate?:

% Zero Basic foodstuffs; domestic and international transport; new properties; healthcare; exports of goods and services; high-value metals; oil and gas; education; and medicine and medical equipment.

Exempt: Sale and lease of real estate; and financial services.

5% Standard From 1 January 2019: All other supplies of goods, or services, including imports, in accordance with the Unified VAT Agreement.

Bahraini VAT invoices
VAT invoices must contain the following information as a minimum:
• Date of invoice (and date of supply if different)
• Unique, sequential invoice number
• Tax ID number of the supplier
• Name and address of the supplier and customer
• Description and quantity of the goods supplies; nature of services provided
• Gross, VAT and net values of supply
• VAT rate applied, and explanation where not the standard rate
Invoices must be issued within 15 days following the month of supply of the taxable goods or services.

Bahraini VAT Returns
Registered tax payers must submit their periodic returns each month.
Returns must be filed by the last working day of the month following the reporting period.

Penalties for non-compliance
Timely preparation is critical because VAT is generally a self-assessed tax, and errors are often subject to severe penalties and business disruption.
Businesses that have been operating in a largely non-tax environment should already have started to prepare and to analyze in detail what the implications of the new tax will be for example on: their pricing, contracts and IT systems.
The following penalty regime for non-compliance is in place, with financial penalties and potential prison terms:
• BD10,000 for failure to register for VAT within 60 days of the required date
• Failing to issue a VAT invoice within 15 days of the month following the taxable supply
• Failing to submit a VAT return and/or pay any VAT due by the end of the month following the reporting month,

Transition rules
The following rules will apply to supplies contracted and supplied over the introductory period:
• Where invoices were issued, or payments made, prior to 1 January 2019 for post-implementation supplies, then VAT is still due. In this case, a debit note for the original invoice should be issued with the correct VAT indicated.
• Initially, goods supplied to other GCC states that have also implemented VAT (Saudi Arabia and UAE) will be treated as exports. There are plans to introduce zero-rating with reverse charge supplies to eliminate import VAT, but this is dependent on the introduction of an Electronic Services System transaction reporting platform, which has yet to be developed.
• For pre-January 2019 contracts which are silent on the VAT treatment, then the price will be VAT inclusive. This presents a cash flow risk for the supplier.

Other GCC Countries
The Sultanate of Oman announced that VAT would be introduced in 2019, most likely mid-2019.
The Kuwaiti parliament is yet to vote on the VAT bill which should be introduced in the upcoming session before the year-end. The expected timeline of introduction of VAT in Kuwait is late 2019 or 2020.

EY, estimated that a five per cent VAT rate will produce revenues of over $25 billion per annum for the six GCC countries.

Contact:
Synergy Software Systems: 009714 3365589/ 33734282
Deyafa Systems: 009714 3240066

GDPR misses the mark

August 16th, 2018

GDPR took effect in May of this year, at least with regards to enforcement. A few days after the May 25 date, a German court ruled against ICANN, the company that registers domain names on the Internet and manages the global WHOIS database. The case revolves around the information collected when you register a domain. ICANN wants multiple contacts, which they’ve required for decades. However, a company in Germany that is a partner, argued that the additional technical and administrative contacts were not required for fulfilling the business that both ICANN and EPAG (the German registrar) are engaged in.
ICANN Is appealing the ruling, citing the need for clarification of what this means with regard to the law.

There is an interesting argument here to be made about what data is needed for a business purpose. I could see this being argued successfully either way, and not just in court. As a domain holder, does the registrar really need multiple different sets of personal information from me? Arguably, this is a convenience for them, that is based on tradition. However, one could argue the other way. It is a little scary that a court, with no expertise in some industry (Internet domain registration, in this case), will decide whether there is an actual business need. Can a lawyer or judge really understand what data a business needs in their daily activities?

Is it unreasonable to find technical people collecting data, not maliciously, but to anticipate what might be asked of a system, or to avoid rework. Is it wrong to collect everything that might be relevant or useful to save time on future queries?

So now we have the ridiculous situation where more and more transactions can only sensibly be done on line, but only if you agree to provide personal data as part of the terms and conditions. How does that protect anyone? I can understand that large IT companies with heavy investment in cloud data centres are happy to see legislation that makes it impossible for small companies to compete – encryption, additional training and audit costs, huge infrastructure and software protection costs to deal with hypothetical risks to data that is largely in the public domain on Face book and linked in and telephone directories. Governments have new reasons to fine companies. Auditor and lawyers have another source of income. This all drives up costs so how does that benefit the individual?

Why there is not more loud protest and outright rejection of this ridiculous legislation I don’t understand. I doubt even 20% of companies affected comply.

That does not mean that you should not take data protection seriously. The problem with GDPR is that it being applied as a sledgehammer, Companies are trying to enforce complex systems for protection of data to which there is no identified risk, or indeed where there may not even be any data stored.

If an organisation has no central documented overview of the data it holds and processes, it is highly vulnerable to fail in its stewardship of data. The will result in severe damage to that organisation. To protect anything, you have to know where it is, and who needs to use it. With data, you have to know at least its relative importance in terms of its confidentiality, integrity and accessibility. You also need to know why it is retained and how it is used within the organisation and by which role. With this information, you will then have a much clearer idea of the requirements for that data, sufficient to appropriately strengthen the organizational workflows and applications to minimize the risks to that data.

If your organisation is ever caught up in a data breach or other incident that might affect its reputation or even result in legal action, then the exercise of at least having taken information security seriously will provide mitigation for the organisation. Any organisation that takes its stewardship of data seriously and responsibly will take the next step and ensure that all data is held in an appropriate regime that will protect it from malice, disaster, conflict and human failings. They might even save on resources by reorganizing organizational data according to risk rather than by department or activity.

In a recent case not considered under GDPR the potential problems surfaced. In claimants v WM Morrisons Supermarket the High Court found that Morrisons was vicariously liable for deliberate and criminal disclosure by a rogue employee of personal data belonging to his co-workers.

The employee was an internal auditor for Morrisons. In that role he had access to personal data about other employees. However, he felt he had been unfairly disciplined over a conduct issue and as a result became disaffected. A couple of months later Morrisons’ external auditor asked for payroll data for audit purposes and the employee was asked to handle the request. The data at Morrisons’ request was downloaded onto the employee’s work computer. He passed the data to the external auditor but he didn’t delete it from his computer. Some weeks later he uploaded the data onto the internet, under the name of another employee. The individuals whose personal data was wrongly disclosed then sued Morrisons, arguing that Morrison’s was the data controller and so was responsible for the breach. Alternatively, if it was not the data controller that it was vicariously liable for the wrongful actions of the rogue employee.

The High Court accepted that Morrisons was not the data controller at the point at which the individual was loading the data onto the website. Similarly, although the Court accepted that Morrisons should have been more proactive in ensuring that the data on the employee’s computer was deleted as soon as it was no longer needed, this did not actually cause the damage. The Court’s view was that the employee would have sought to circumvent any precaution put in place, given that this was a deliberate breach designed to cause problems for Morrisons.

That left the claim for vicarious liability. Whether an employer is vicariously liable depends on there being a sufficiently close connection between what the employee was employed to do and their wrongful actions. Here, the Court accepted there was a sufficient connection and so Morrisons was vicariously liable. The employee was given access to the data through his work and was deliberately entrusted with the confidential information. Even though he had acted improperly and also used another employee’s name to post the information on the Web, his motive was irrelevant in deciding whether there was vicarious liability.

Given that around 100,000 employees were affected by this data breach, compensation could be significant. Importantly, it is not necessary for the affected employees to show that they have suffered financial loss. Individuals can claim for distress merely from the disclosure of their data. This case has worrying implications for employers. Here the employee’s actions were entirely deliberate, and even though none of the employer’s actions led to the data breach it was still held liable.

Given the employee’s actions were designed to cause problems for Morrisons, by passing liability to the supermarket, the Court’s ruling has in many ways furthered the employee’s wrongful aims.

Unsurprisingly, Morrisons intends to appeal so all employers will be watching carefully to see what happens next.

While not decided under the principles of the GDPR, this case is representative of a new data privacy environment in the workplace, with greater accountability for employers and increased employee rights. More data breach claims may follow, particularly given that it is not necessary for an individual to show loss to claim compensation.

What is clear from the case is that employers will be responsible for the employee data they hold and must apply the strictest possible controls to try to mitigate the risks presented by rogue individuals. Such controls could include: limiting the number of people who have access to personal data for work purposes, ensuring individuals who have such access only have it for a limited period, and that data security measures are in place to flag misuse of the data. Further, the personal consequences of data breaches should be outlined to those who need to have access to colleagues’ personal data for their job.

This is becoming farcical – how should a company reply to for example a request for a reference, or a credit check.
If one employee volunteer’s another’s phone number is that really something for which an employer should have liability to pay compensation?
As with other misguided legilslation this will accelerate adoption of Ai and elimination of human workers.

If ever you want proof of the law of unintended consequences this legislation is going to be high on the list.

Dynamics 365 recent news June 2018

June 14th, 2018

Microsoft is rolling out a new Support Center for Dynamics 365. It’s still in Preview (as of June 2018), but if you meet the Prerequisites then, you can check it out now! It’s really simple to navigate when you have the appropriate Office 365 role. After logging into Portal.office.com, just go to https://admin.dynamics.com to see the new support center. Once you’ve submitted a ticket, you can monitor open support issues from the same place, https://admin.dynamics.com

Dynamics 365 Spring 2018 release – updates and resources

On June 1st, Microsoft announced on their official Dynamics 365 Twitter channel (@MSFTDynamics365) that the Dynamics 365 Spring 2018 release notes are updated. Several changes were made to the Field Service, Social Engagement, Talent, Finance and Operations, PowerBI, Microsoft Flow and Data Integration sections of the Spring 2018 release notes.

This follows another series of updates announced on May 1st, so if you’ve read the Spring 2018 update notes upon their first release last April, there is now a lot of new information!

Information and links about the Dynamics 365 Spring 2018 release:
•Dynamics 365 Spring 2018 release page (with on-demand videos to learn more about the Dynamics 365 capabilities)
•Spring ’18 Release Overview page on the Microsoft website (includes link to download the release notes)
•Spring ’18 change history (to check everything that has changed since April)
•Dynamics 365 Spring 2018 release – documentation & readiness (for a few additional resources)
•Watch the Business Applications spring launch event on‑demand – for more information about Dynamics 365 Business Central

In the Microsoft Documents site, you will find information and a number of resources to help you understand how Dynamics supports GDPR and tools for customers to define and support their GDPR obligations.

Visit the site to access the following types of information:
•White papers
•Data Subject Requests
•Compliance Manager
•Webcasts
•Blogs
•eBooks
see https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putting-customers-in-control-of-their-own-data/

Customer consent is major aspect of the regulations. It is important that you include relevant information in your marketing objects (like landing pages and email marketing message) that unambiguously informs your audience about the data you collect and the purpose of your processing. Your audience must have the option to give consent freely, make an informed decision, and be able to review, update, or revoke consent at any time.

Dynamics 365 for Marketing:
• Allows you to request, capture, and store consent
•Lets you design your marketing activities to respect the consent given by your audience

see this informative post https://blogs.technet.microsoft.com/lystavlen/2018/06/07/consent-management-in-dynamics-365-for-marketing/

Microsoft delivers new features and improvements to Dynamics 365 (online) through service updates that are periodically delivered to customers. They recommend you update to the latest major version when it becomes available. The update policy defines how customers move from one version to the next. Customers have the option to provide consent prior to updating their organization. Customers also have the choice to either take the updates as they become available or take only one update per year. If a customer chooses to take only one update per year, then this update is mandatory and the customer will be required to take the update during the available dates for that release.

In keeping with this policy, all organizations running version 8.1 (two versions behind the current version) will be upgraded to Dynamics 365 (online), version 9.0.2. The automatic update will take place during your normal maintenance window. So please ensure you plan for testing and any updates you need to make.

At the beginning of the year, Microsoft set out to bridge the gap between Dynamics 365 App for Outlook, the future of Dynamics 365 and Outlook integration, and the legacy Outlook add-in, Dynamics 365 for Outlook. The latest improvements to server-side synchronization and Dynamics 365 App for Outlook in Dynamics 365 (online) version 8.2,enable customers to track emails, appointments, and tasks in Outlook with a special “Tracked to Dynamics 365” Outlook category enabled through server-side synchronization. Assigning the category to an email, appointment, or task in Outlook will track the item to Dynamics 365. Category-based tracking via server-side synchronization is an opt-in experience. This is currently available on Dynamics 365 (online) version 8.2, with support for version 9.0 soon to follow.

Service Update 8 for Microsoft Dynamics 365 8.2.2 (online) is now available. Resolved issues include:
• Recurring Appointment occurrence is not updated correctly when synchronizing with Dynamics 365 for Outlook
• A user should able to Untrack an auto tracked email before email tagger processes the item
• Duplicate Detection triggers when SuppressDuplicateDetection parameter is set to true
• Views saved with Custom Filters do not respond to changes in filter criteria
• Generic SQL Error occurs while trying to perform an Offline Sync with the Dynamics 365 for Outlook
• Unable to filter Orders by Currency
• Associated View icon for Leads does not appear on an Account

The latest update to the Field Service and Project Service Automation solutions for Dynamics 365 version 9.0.x is now available

The Voice of the Customer app provides a new experience in survey and theme designing. The new survey designer provides a simple and intuitive experience to add, remove, and modify survey pages, sections, questions, and answers. see https://blogs.msdn.microsoft.com/crm/2018/05/23/whats-new-in-voice-of-the-customer-version-9-0-1162/

Microsoft Social Engagement 2018 Update 1.5 is now available. Social Engagement now shows attached images and videos in private messages on Facebook and direct messages on Twitter directly in the post list. Resolved issues include:
• Fixed an issue to ensure that private messages in any language are acquired by Social Engagement.
• Fixed an issue where private messages in Indonesian language were discarded due to wrong language mapping.
• Fixed an issue where the ‘Link to Dynamics 365’ filter didn’t have a tooltip, making it impossible in some languages to understand if a post from Social Engagement is or isn’t linked to Dynamics 365.
• Fixed an issue that prevented adding multiple Facebook pages as social profiles.

Microsoft Inspire is next month! It will be held in Las Vegas, Nevada, from July 15th to July 19th.