Home » Articles and blogs » Are You Compliant? Legal Requirements and Training Advice For Businesses

Are You Compliant? Legal Requirements and Training Advice For Businesses

Estimated reading time: 12 minutes

As a business owner, manager or leader, you’re responsible for maintaining a safe work environment and ensuring your employees adhere to the law – but finding out exactly which pieces of legislation apply to you can be a challenging and time consuming task. We’ve pulled together some of the most common laws and regulations that your organisation will need to bear in mind, and provided some suggestions of ways to keep staff up to date and compliant.

For each of the most common areas of legislation, we’ve listed:

  1. The relevant legislation and the body responsible for enforcing it
  2. Who the regulations apply to
  3. What the potential consequences could be if you fail to comply
  4. How you can make sure your employees understand how to comply

Of course, this list is just the beginning; if you work in a specialised or highly regulated sector, there may be many other legal requirements to consider (such as safeguarding, financial conduct or working with harmful substances), but it’s a great place to start. So, what are the main areas you should be aware of, and how can you make sure you’re doing the right thing?

Data and information

In the UK, the Information Commissioner’s Office (ICO) is the independent body that upholds information rights. They set out the relevant legislation and provide organisations with the support and information they need to comply with the law.


The UK’s General Data Protection Regulation (GDPR) outlines how personal data must be processed and stored, and lays out the rights, obligations and principles behind the legislation.

Who needs to comply?

If you or your organisation handle information that relates to an identifiable individual and you operate in the UK (or offer goods or services to people in the UK), the UK GDPR applies to you. This means that anyone who handles this data in your organisation should be trained in the appropriate procedures, and particularly in what to do if there is a personal data breach.

If your organisation processes data within the EU or data that belongs to EU customers, you are also required to comply with the EU’s GDPR. Currently, both systems are very similar (the UK effectively duplicated the initial GDPR, with a few additions). By ensuring that you comply with the UK GDPR, you are likely to be EU GDPR compliant.

What happens if you don’t comply?

If you fail to notify the ICO of a breach when required to do so, you could be subject to a very heavy fine indeed: up to £8.7 million, or 2% of your global turnover. Keeping all relevant employees up to date on the UK GDPR is a worthwhile investment!

How can you make sure employees know how to comply?

There’s a wide range of in-person and online training available that covers the basics of UK GDPR and other related topics, but be wary – it can be an extremely dry topic, so you’ll want to choose your course wisely. Nimble’s Data Protection Essentials course provides key information and advice for employees to ensure they’re compliant with UK data protection laws, and contains interactive activities to keep learners engaged.

Freedom of Information

Who needs to comply?

If your organisation could be classed as a public authority, you’re subject to the Freedom of Information (FOI) Act 2000. The principle behind the act is to maintain openness around how taxpayer money is spent and to keep public authorities accountable. Members of the public can make a request and the organisation must respond within 20 days. This short timescale makes it essential that anyone who might receive an FOI request be properly trained on the correct procedure.

What happens if you don’t comply?

In the first instance, complaints about FOI requests are handled informally – but the ICO can use an enforcement notice and, should you be found to have altered, blocked, destroyed or concealed information (section 77), you could be charged with a criminal offence and fined.

How can you make sure employees know how to comply?

If you’re responsible for training and compliance in a public authority, you’ll need to provide training for any staff who may need to handle FOI requests. The process can be a little complicated, so it’s worth choosing a course that lays out the requirements clearly and in an easily digestible format. Nimble’s Freedom of Information Essentials course covers everything you need to know about the parameters of the FOI Act and how to handle requests.

Health and safety

In the UK, the Health and Safety Executive (HSE) is the government agency that enforces regulations around workplace health, safety and welfare.

Who needs to comply?

All employers – regardless of size – have a responsibility to protect workers from risks of being injured or made unwell through work. The exact training you’ll need to provide to ensure you fulfil your duties to keep employees safe at work will depend on the working environment. The hazards present in an office are rather different to those in a factory!

What happens if you don’t comply?

In general terms, the HSE has the power to prosecute businesses in the criminal courts under the Health and Safety at Work etc. Act 1974. However, employers are also open to civil claims from workers who have been negligent; depending on the severity of the illness of injury, damages claimed could be extremely significant sums.

How can you make sure employees know how to comply?

Depending on your workplace and industry, you may need to arrange or deliver practical training to ensure your colleagues have the skills required to keep themselves and others safe. This is complemented well by elearning courses that cover the basics – and for many sectors, online courses are the perfect way to get the message across. Nimble offers a range of health and safety courses, including Health and Safety Essentials to cover the basics, as well as more detailed courses about fire safety, personal safety, manual handling and human factors, to name a few.

We’ve outlined a few possible areas of training you may need to consider for your staff:

Fire safety

All employers must undertake a fire safety risk assessment regularly, and use the outcome of the assessment to put appropriate fire safety measures in place. Part of this process includes making sure that employees are appropriately trained, so that they know what to do in the event of a fire.

Manual handling

Improper lifting or carrying can cause serious harm and is unfortunately a very common cause of workplace injury. Where possible, manual handling tasks should be avoided, but where they must occur it’s the employer’s responsibility to provide appropriate equipment and the right level of training to avoid injury.

Working at height

Working at height is defined as working in a place where a person could fall a distance that could cause personal injury. Again, falls (often from ladders or through unsuitable surfaces) are one of the leading causes of major injuries at work – and sadly many fatalities. Employers must provide training to ensure that workers only perform tasks at height when strictly necessary, and equipment to make it as safe as possible.

Personal safety

Regardless of your workplace setting, there are some basic personal safety precautions that employees should be aware of. As an employer, you need to make sure that members of your team aren’t exposed to unnecessary personal risks; do you have a lone working policy, or advice for those travelling alone, for example? An elearning course can be a great way to support these policies and get staff thinking about how they can reduce their own exposure to risk.

Display screen equipment

Also known as DSE, this refers to any screen that’s used regularly in the workplace – whether it’s a PC monitor, laptop, tablet, PDA or smartphone. The Health and Safety Executive provides support and guidance for employers.

Who needs to comply?

It might surprise you to hear that organisations are responsible for completing a workstation assessment for any employee who uses a screen (which could be a PC, laptop, tablet or smartphone) for an hour or more on a daily basis. Employers need to provide training and information for workers, and reduce risks by ensuring that their staff take regular breaks from working on a screen. They are also required to pay for an eye test for any employee that requests one.

What happens if you don’t comply?

DSE enforcement comes under the remit of the Health and Safety at Work Act, and HSE can act to ensure this is adhered to. However, it’s also important to consider the long-term implications of failing to consider how employees’ workstations might be affecting their health, particularly as increasing numbers of us work from home. Setting up our working area and screen to minimise risk can prevent headaches, fatigue, eye strain and musculoskeletal problems – and increase productivity.

How can you make sure employees know how to comply?

First and foremost, make sure you’re providing your teams with the correct equipment to minimise risk when working with screens (including an appropriate chair, a laptop stand, foot rest or additional monitor if required). Once you’ve ensured they have access to the right kit, training is the next step – and elearning is perfect for this. Nimble’s Display Screen Equipment (DSE) Workstation Assessment Course presents all the information you and your employees need, plus great tips about posture and health.

Fraud and bribery

Preventing fraudulent and criminal activity is everyone’s responsibility, and in the UK is overseen by various bodies including HM Revenue & Customs (HMRC), the Serious Fraud Office (SFO), the Financial Conduct Authority (FCA) and the National Crime Agency (NCA).

Money laundering

Money laundering is a type of fraud that basically involves ‘cleaning’ money obtained by illegal means and turning it into legitimate assets. The main piece of legislation relevant to preventing money laundering is the Proceeds of Crime Act 2002 (POCA).

Who needs to comply?

Business sectors that handle large sums of money, such as financial service businesses, accountants, solicitors and estate agents are all covered by the anti money laundering regulations. All employees working in these sectors should receive training so they are confident in how to implement anti-money laundering policies and spot any potential fraudulent activity.

What happens if you don’t comply?

If your organisation’s anti-money laundering provision is overseen by HMRC, you could receive a penalty – plus a £1,500 administration charge. The largest fine so far has been issued to MT Global Limited, for breaches relating to record-keeping, policies, risk assessment and due diligence – and came in at an eye-watering £23.8 million. Organisations operating under the remit of the FCA could be subject to even greater penalties; in 2020, Commerzbank AG were fined £37.8 million for persistent breaches.

How can you make sure employees know how to comply?

If you work in one of the named industries, it’s critical that everyone is fully aware of the risk involved, knows how to spot suspicious activities, and understands their obligations under the law. The easiest way to ensure all employees are up to date is to use a high-quality elearning course, like Nimble’s Anti-Money Laundering Essentials Course, which uses scenarios and engaging activities to bring the subject to life.


The Bribery Act 2010 makes paying, giving or receiving a bribe illegal for any UK citizen – and if that person is your employee, you can also be held to account. It’s a good idea to make it crystal clear to employees exactly what constitutes bribery, whether that’s gifts, hospitality, so-called facilitation payments or charitable contributions.

Who needs to comply?

There’s no legal requirement to have an anti-bribery policy, but the law is clear – and in order to protect your employees and your organisation as a whole, you should consider implementing one, regardless of the size of your business. Training should be given to anyone who might come into contact with clients so that they’re fully aware of their obligations under the law.

What happens if you don’t comply?

For individuals, the consequences of offering or accepting a bribe can be extremely severe: up to ten years’ imprisonment, or an unlimited fine. Corporations are also subject to an uncapped financial penalty – not to mention reputational damage, being barred from government contracts, or damages sought from the proceeds of crime.

How can you make sure employees know how to comply?

If anyone in your organisation could potentially receive or give anything that could be construed as a bribe, it’s wise to make sure they understand the definitions and the legal position from the get-go. Online training is a great choice for this; Nimble’s Anti-Bribery Essentials Course provides an overview of the legislation and empowers learners to make good choices that could protect themselves (and your business).

Staying compliant

Hopefully you’ve reached the end of the list and are feeling satisfied that you’ve fulfilled your obligations to your employees and clients – and if not, you know where to turn to get high-quality training that you can roll out to staff immediately. But keep in mind that legislation does change, and people are only human – they need regular reminders of the procedures they should follow and of your expectations. That’s why it’s wise to ensure your employees have regular opportunities to ask questions and refresh their knowledge. Keep these strategies in mind:

  1. Make all accompanying policies available to read for every member of the team, preferably on the organisation’s shared drive – and keep them up to date!
  2. Use a Learning Management System like Nimble LMS to keep track of who’s completed their training and who may need additional support
  3. Ask all employees to complete refresher training regularly; for many subjects an annual elearning course is sufficient, but if you’re using an LMS, staff can log in and check information in a course as and when they need to
  4. Make sure that any elearning courses you purchase are written in conjunction with subject matter experts and are updated regularly to reflect changes in the law.


Keeping up with legal requirements isn’t optional – it’s something all organisations need to do to ensure the safety, security and confidence of their clients, customers and employees. Failing to do this can result in some serious consequences for your staff and your business: legal, financial and reputational. Luckily, elearning can provide a simple solution that’s easy to administer without breaking the bank.