Protecting Your Company Data When An Employee Leaves


At some point in time, employees are bound to leave the organisation. As you bid farewell to your employee when he or she leaves, how do you ensure that they do not take sensitive company data along with them?

In an ideal situation, people will leave the company under friendly circumstances and return back to company accumulated their years of hard work. Unfortunately, that ideal world does not exist. More often than not, people leave the organisation on a rather unhappy or bad terms. If it is the latter, there is the risk that these employees would attempt to put the company in the bad light by leaking confidential information about the company.

Here are some steps and protocols which organistions should adopt to ensure that no data leaves with an employee who has resigned or was terminated.

Limit employee’s access to IT systems and premises

Steps should be taken to ensure that the leaving employee accesses’ to the company’s IT system and folders should be completely revoked. Ideally, this should be done at the earliest reasonable time, whether it is at the date or resignation, termination or at the start of their garden leave. Furthermore, while these systems may be located or accessed via the employer’s premises, do remember that other off-site items such as laptops or tablets should be wiped as well. This will minimise the risk of the leaving employee stealing sensitive information or gaining access into the company’s IT system even after he or she has left.

Enforce the garden leave

Depending on the terms of the contract, many companies grant their leaving employee garden leave, regardless of whether they are joining a competitor company or not. Essentially, a garden leave is when an employee resigns and is required to stay away from work during the notice period while still remaining on the payroll. This is extremely useful in preventing an employee from immediately joining a competitor and risk stealing sensitive information over to the new company.

Ensure steps are in place for employee to return any confidential information

Employees might be bound by contractual terms to return and not to use confidential information belonging to the employer. Such information may relate to a company’s private financial information, sales figures, customers lists and so forth. Hence, steps should be taken to identify and recover these confidential information, be it documentary or electronic. Furthermore, ensure that all off-site devices belonging to the leaving employee, such as tablets and laptops, should be return. Implementing these steps early in the process can reduce the possibility of company’s information being leaked or used by the leaving employee for their own purposes.

Communicate with your staff

In some situations, a leaving employee may approach other employees to try and persuade them to leave as well. Communicate with your employees to ensure a clear understanding that such behaviour is not acceptable and might be a breach to their own contractual obligations as well. Furthermore, be proactive in encouraging them to report any incidents a leaving employee make unlawful advances or caught stealing company’s sensitive information.

With data breaches becoming increasingly prevalent in the workplace today, coupled with a handful of potential thirsty-for-revenge employees, organisations need to take extra precautions to safeguard the company whenever an employee leaves. It might be a tedious task but it is necessary to enforce these steps. Ultimately, your company’s reputation and security of your customers and clients depend on it.

Sign up for a Free Trial and Free Legal Health Check Today

Going Into Business With a Partner, Friend or Family Member? A Shareholder Agreement Should be Your Top Priority


Going into business with someone close to you can be a smart idea and a great adventure. You may be considering launching an enterprise with a family member, friend or a close colleague and the benefits are countless. You can share the set up costs, contribute knowledge and experience, fuel each other’s ambition, bounce ideas around and support each other.

Being on the same page from day one means a collaboration should work really well, and of course you will undoubtedly enjoy celebrating in the inevitable success of your joint venture! One of the biggest advantage is that you and your trusted business partner would try hard to succeed so as not to let each other down.

What could possibly go wrong?

At the beginning it may seem inconceivable that the relationship may break down or one of you would want to quit the business. Yet even in the most trusted business relationship, circumstances and priorities can quickly change. To just think it might never happen to you is merely burying your head in the sand. It is therefore imperative that the collaboration is supported by the correct official legal documentation. This formalises your business agreements and ensures that all parties are suitably protected.

What Legal Documentation do I Need as a Co-founder?

In order to protect everyone who is involved in the collaboration it is crucial to put a Shareholders’ Agreement in place from the outset. This contract enables the founders of a company to regulate their rights as shareholders of the company. What is a Shareholders Agreement?

A Shareholders’ Agreement, also known as a Founders’ Agreement is a formal contract between the company founders. The details of the contract, which are agreed upon by all the shareholders, outline everybody’s intentions and obligations as well as their rights, responsibilities and liabilities. It includes details on share transfer, management structure, exit strategies, dividend distribution and policies and procedures.

Why is a Shareholders Agreement so Important?

Putting a Shareholders’ Agreement in place creates a vital legal foundation for your business or start-up and minimises risk. It ensures all investors are on the same page from the very beginning of the enterprise and is also an important way to manage potential future disputes that may arise.

When you are starting out it may be hard to imagine what kinds of disputes could materialise in the course of launching and growing your business. Differences of opinions are however inevitable and can unfortunately lead to severe and damaging clashes. Having your Shareholders’ Agreement already in place is much more beneficial than trying to negotiate terms when parties are aggravated.

What needs to be included in a Shareholders Agreement?

In a Shareholders’ Agreement, the founders are protected by agreeing on a set of rules for the future transfer of shares and the level of consent required for making major decisions. The agreement stipulates what happens if a shareholder decides to leave or if there is a falling out. If one founder leaves, the sale of his shares could be subjected to other founders’ consent. Alternatively, the remaining founders could also have the chance to buy his shares before someone outside the company does.

A Shareholders’ Agreement is specifically tailored to the needs of your business. Information required includes shareholders’ names and various stakes, who is on the board of directors, roles of the directors and how profits are to be distributed. It also details what happens in adverse situations when a director passes away, resigns or files for personal bankruptcy.

The document also sets out the level of consent required (majority or unanimous) for key business decisions such as adopting a business plan or approving a transaction above a certain value. Also how fundamental company decisions are to be made such as changes to share capital and winding up the business. It can also include a non-competition clause and identify any confidentiality obligations.

The agreement is a private document and as such does not have to be made public. This means that a Shareholders’ Agreement does not need to comply with any set form or procedure, but must be completed in a manner that is enforceable at law.

So Should You Take the Plunge?

In a word, yes! As long as you have the correct legal documentation in place then there is no reason why not to go into business with a friend or family member. Get your Shareholders’ Agreement prepared from the outset and make it a priority to do so. Then no matter who you are in business with, you will have the added confidence that your risk is minimised giving you the freedom, security and peace of mind to concentrate on growing your new business venture. Good luck!

You can easily create a Shareholders’ Agreement with Zegal along with all your essential business and legal documentation.

Sign up for a Free Trial and Free Legal Health Check Today

The 8 Questions Your Website Privacy Policy Should Answer


Did you copy and paste your Website Privacy Policy? Risky!

Here’s the thing: Someone else’s Website Privacy Policy will not be able to protect you and your visitors, because you may use data in very different ways.

An inaccurate Website Privacy Policy may expose you to the risk of having your website taken down, or even potential legal action.

Many entrepreneurs share the misconception that they only need a Website Privacy Policy if they sell goods (or services) online. Wrong.

In order to have a Website Privacy Policy that truly reflects your organisation’s practices, there are a few essential questions it must answer:

The regulation of personal data use is overseen in Hong Kong and Singapore by the Privacy Commissioner for Personal Data (PCPD) and the Personal Data Protection Council (PDPC) respectively.

1. What information will you be collecting from your visitors?

Privacy policy questions number 1: List out specifically the types of information that you may collect and process. This ensures that you are transparent with your website visitors and/or users regarding what information about them that you are collecting and what types of activity you are monitoring.

Simply pick what is applicable to you when drafting your Website Privacy Policy with Zegal. Try now.

2. Will you use the collected information in another country?

You have to state explicitly all the countries and/or territories in which you will be storing or using the data.

Note: Be extra careful if your server is located overseas or if you are a using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.

3. How will you use the data you collected?

Next, it is crucial to specify the purposes for which you will use the information you have collected from your users. It is recommended that you create the most extensive list possible, to keep possibilities open for the future. Even if you are currently only using the data for record-keeping, there might come a time when you want to do direct marketing!If you intend to share the data you have collected with other entities (such as business partners or overseas offices), you need to state this in your Website Privacy Policy. In general, just as with purposes, you want to leave your options as open as possible.

5. Does your website use cookies? What kind of cookies?

Most websites use cookies to distinguish a user from other users. Cookies contain a small file of letters and numbers stored on the browser or hard drive of the user’s computer. This helps websites to provide users with a good experience when they browse the website.

There are different types of cookies. Some identify users and track website performance in order to provide a more personalised experience for visitors. Others help analyse the effectiveness of website content. The four most common types of cookies are:

Strictly necessary cookies are cookies that are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies allow you to recognise and count the number of visitors and to see how visitors move around your website when they are using it. This helps you to improve the way your website works, for example by ensuring that users are finding what they are looking for easily.

Functionality cookies are used to recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example the user’s choice of language or region).

Targeting cookies are cookies that record the user’s visit to your website, the pages the user has visited, and the links the user has followed.

It is critical that you specify what type of cookies your website uses and explain what kind of information these cookies will collect.

Not technically-savvy? Me neither! That’s why the Zegal app provides helpful and clear definitions that guide you through drafting each agreement.

Your website may be using a third-party web analytics service, such as Google Analytics, to collect information on web traffic. If your website uses a third-party web analytics service, your Website Privacy Policy should also specify which analytics service is used.

6. Can customers make payments online via your website? If so, what kind of encryption do you use for web payments?

If you allow customers to make online payments on your website and use technology to encrypt the transactions, you should specify what security technology you use. The most common type of encryption is Secure Sockets Layer (SSL).

7. Who can users get in touch with if they want to access the data?

Remember: Under the law, individuals have the right to check whether you hold personal data about them, the right to access that data, the right to require that inaccurate data is corrected, and the right to request removal or deletion of the data. Therefore, it is essential that you provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can get in touch with should they want to assess or correct the data they have provided.

Under the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.

8. When will you publish your Website Privacy Policy? How will you further notify users of updates?

Your privacy policy only binds users if it clearly states when it came into effect. Also, whenever you update your website, or use new analytics services, you want to make sure to update your Website Privacy Policy. Hence, you will also need a clause that states how users will be notified of new policy changes.

Last but not least….

It is recommended that you provide a link to your Website Terms of Use in your privacy policy so that your website visitors can find it for reference easily.

A Website Terms of Use specifies the rules for using your website and defines the legal relationship between you as the website operator and your website users.

Now, preview your document:


And you’re done!

Congratulations! Your Website Privacy Policy is ready to go. You can now download your Website Privacy Policy in Word, PDF, or HTML, and upload it onto your website.

Running a business may be challenging, but with the right processes and documents in place, you can build prudent legal protections and ensure you stay compliant.   

Ready to get started?

Let Zegal’s smart Document Builder guide you through the essential steps of drafting a Website Privacy Policy.

Sign up for a free trial

No commitment, no credit card required.
Fully customisable to suit your needs.




White Paper: Understanding the new General Data Protection Regulation (GDPR)


The new General Data Protection Regulation (GDPR) comes into force on Friday 25th May but what do you need to know and what steps should you be taking? Don’t be fearful of the looming deadline. The most important thing is that you can demonstrate you are taking steps towards compliance when the law changes.

Why and how is the law changing?

This new privacy law replaces the Data Protection Act (DPA) 1998. At 20 years old, the old laws are well past their best. Technology has evolved at such a fast pace that these new regulations are necessary to align the tech with the law.


The new regulations are not a complete change, rather they are an evolution of the existing laws. Indeed many of the  new  GDPR’s regulations main concepts and principles are much the same as those in the current DPA which you should already be complying with. These principles remain valid under the GDPR so you should already be on the path to full compliance. There are however a some improvements and new elements to consider and therefore you may need to make some changes and take some additional steps.

The main concern is how personal data is collected, processed, stored and shared. Personal data is any information that can be used to identify a person. This could be anything from name, contact info, religious beliefs and even information on cultural background and mental health history.

How does new GDPR  regulations affect you and how do you ensure that your business is compliant?

The new GDPR  regulations affects any business that collects and stores customers’ personal data. You will need to make sure that you manage your data in a way that is lawful, fair, secure and accurate. Only data that is absolutely necessary for the completion of business duties should be held and processed. It may be necessary to appoint a ‘Data Protection Officer’ who will be responsible for all internal record keeping. If there is a data breach, this must be reported within 72 hours of becoming aware of the breach. You will also need to ensure your terms and conditions and privacy policy are up to date, adequate and clearly visible.

So What Steps do you need to take with data protection law changes?

According to the Information Commissioner’s Office (ICO), there are 12 steps that businesses need to take to prepare for the implementation of the new GDPR  regulations into UK law:

  1. Awareness: Ensure that decision makers and key people in your organisation are aware that the law is changing to the GDPR.
  2. Information you hold: Document what personal data you hold, where it came from and who you share with it.
  3. Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
  4. Individuals’ rights: Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests: Update your procedures and plan how you will handle requests within the new timescales and provide any additional information.
  6. Lawful basis for processing personal data: Identify the lawful basis for processing activity in the GDPR, document it and update your privacy notice to explain it.
  7. Consent: Review how you seek, record and manage consent and whether you need to make any changes.
  8. Children: Assess whether you need to put systems in place to verify individuals’ ages and obtain parental or guardian consent for any data processing activity.
  9. Data breaches: Ensure you have the right procedures in place to detect, report and investigate a personal data breach.
  10. Data Protection by Design and Data Protection Impact Assessments: Familiarise yourself with the ICO’s code of practice on Privacy Impact Assessments and the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.
  11. Data Protection Officers: Designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
  12. International: If your organisation operates in more than one EU member state, determine your lead data protection supervisory authority.

For more resources for preparing your organisation for the upcoming changes to the data protection law, check out the ICO’s Guide to the GDPR.

What happens if you don’t comply?

The important thing now is to make sure you can demonstrate that you are actively taking steps towards compliance. Non-compliance comes with a hefty fine which could be up to 4% of your company’s annual global turnover. You will also be breaking the law which isn’t the best idea for the reputation of your company. Customer loyalty will certainly be adversely affected if you are fined for non-compliance. Remember, if you hold or process and personal data of any citizen of the EU then you are compelled to comply with the GDPR, even if your business is based outside of the EU.

Zegal can help you prepare.

So are you ready for the biggest change in data privacy regulation in 20 years? Remember It is your responsibility to demonstrate your compliance to the new regulations.

Zegal can help you keep ahead of the regulations. Our document library has been updated with lawyer-reviewed changes to ensure GDPR compliance. These documents now include clauses which are relevant to the GDPR.

  • Privacy Policy: to inform your customers what you do with their personal data
  • Information Audit Form: to help you map data flows in your organisation
  • Security Audit Form: to let you document your technical and organisational measures to ensure data security
  • Data Processing Addendum: to ensure your existing data processors comply with applicable data protection laws
  • Employee Privacy Notice: to inform your employees and contractors of their privacy rights
  • Letter to Amend Employment Contract: to bring employment contracts already in place in line with data protection requirements

We also have some new documents available to help you address GDPR requirements (available to all Professional and Premium Plan users):

  • Data Processing Addendum to ensure your existing data processors comply with applicable data protection laws
  • Data Protection Policy to inform employees about the company policy they should follow to ensure the protection and security of personal data when employees handle the data in job-related activities.
  • Information Audit Form and Security Audit Form to help you map data flows in your organisation

Click here to learn more about our GDPR compliance toolkit.

If you have questions or concerns about how your information is handled by us, please contact us at

5 Stress Management Tips to Avoid Employee Burnout


Stress in the workplace is common and it is usually expected especially if your employees have to keep up with a deadline and render more hours just to get the work done on time. However, if this has become an everyday thing, the work environment could prove to be toxic and overall unhealthy.

Constant stress and overwork can eventually lead to a burnout, and this is not good for both the employee and the company itself. When employees are burnt out, they will have no room to think of new ways to improve their craft or even think about how to streamline office processes – all they will ever worry about is how and when to get the job done fast.

The office will be a constant humdrum of beating deadlines and rendering the same, mediocre output. Creativity and innovation will be placed in the backseat. Worse, the stress will eventually take a toll on your employees. Productivity and contentment in the workplace will go down, and this will reflect badly on the company culture and performance.

To ensure that your employees remain productive and happy, it is best to find ways on how to manage stress in the workplace. It could be as simple as allocating an hour for yoga and exercise once a week or encouraging them to take a wellness leave once in a while. Below are five more tips that you can follow:

1. Provide more work flexibility

Allow your employees to get out from the four walls of their office cubicle and work from home or somewhere else. You can implement this once a week (like “Work from Home Fridays”) or only just half a day every once a week.

Allowing them to go out and work at home or in a cafe can give them a much needed creative boost and lessen their stress levels significantly – because work environment and ambiance are also huge factors of that.

You may also allow flexible working hours. Like employees can come in at a later hour as long as they can still punch in the required work hours, or even leave early if they have no other pending tasks for the day. This allows them to have more time to relax, unwind and recharge before going back to the daily grind by the next day. It also allows them to avoid the rush hour, where their stress levels can go high even without reaching the office yet.

2. Maintain strict work hours

Work hours should still be consistent, and once the employee punches out or logs off, avoid calling, texting or emailing them about work-related stuff. Allow your employees to completely zone out from anything work-related until they log in again on the next working day.

Constantly bugging your employees about work, even while they are already at home or out on a vacation will certainly burn them out quickly. The stress and worry can certainly ruin a rather relaxing evening at home or a once in a lifetime family occasion. Employees will feel trapped with all the revolving workload, and prevent them from having a good work-life balance.

3. Review your processes and streamline it

One of the sources of stress in the workplace are unclear job positions, tasks and processes. When some people on the team don’t know who’s going to work on which, then there is an internal problem. When employees don’t also know where to go when they have issues and clarifications, then there is certainly an organizational problem.

You have to review and reorganize your corporate structure and streamline work processes whenever possible. Make sure each person on the team knows what their actual responsibilities are, and that they have a set of tasks that are expected from them to be done each day/week/month.

Related reading: 7 Tools For More Productive Collaboration in the Workplace

With a clear and organized structure and work instructions, employees can easily focus on the stuff that are their main priorities and focus on delivering them according to the pace they are most confident with – not just randomly finish whatever task that is handed to them at the last minute.

4. Promote a healthy lifestyle

Aside from getting in good shape, exercising can do wonders for one’s mental health. It can improve overall mood since it boosts serotonin levels on the brain (which helps alleviate depression) and can give an extra energy to a rather slow day at the office. Some offices now offer a mini gym – or at the very least a yoga corner for that much needed stretching and meditative break in the office.

Exercises can help employees relieve stress and frustration at work, and it could help if they don’t need to go far just to have space for such activity. Nap rooms are also great – because aside from exercise, substantial amounts of rest is also part of a healthy lifestyle. Google for example allot a place for employees to take a nap in.

5. Encourage open communication

Last but not the least, encouraging your employees to voice out their concerns with the company can help lessen the stress they experience at work. Employees can take comfort in the fact that someone in the company cares about them, and that they can voice out their concerns without fear of retaliation. However, always remember that communication is a two-way street. Aside from letting them voice their concerns freely, make sure that you actually listen – and take action whenever necessary.

Of course, another obvious tip is to avoid creating unreasonable expectations and deadlines for your employees. Too much pressure is the last thing any employee needs, for this will not only increase stress, but will also push them to do mediocre work instead (just to meet the required deadline). So be reasonable. Allow them some fair time to craft quality work, but make sure they don’t have too much time to slack off as well.

Start managing your legal needs with Zegal today

This a guest post by Gemma Reeves of FindMyWorkspace. The views expressed here are of the author’s, and Zegal may not necessarily subscribe to them. You, too, are invited to share your point of view. Learn more about guest blogging for Zegal here.

Author Bio

Gemma Reeves is a seasoned writer who enjoys creating helpful articles and interesting stories. She has worked with several clients across different industries such as advertising, online marketing, technology, healthcare, family matters, and more. She is also an aspiring entrepreneur who is engaged in assisting other aspiring entrepreneurs in finding the best office space for their business.

Check out her company here: FindMyWorkspace

Like what you just read?

Subscribe to our newsletter and be the first to hear of the latest Zegal happenings, tips and insights!