Blog posts written during 2018

New payslip legislation for 2019

Saturday Saturday, December 22, 2018 by Administrator

There is now a paper on HMRC’s web site detailing the additional pay information needed to be detailed on payslips to meet their new legal requirements. In simple terms if there is any part of a person’s pay that is calculated on an hourly rate basis: there is now a legal requirement for it to be explicitly detailed as rate and hours.


Our software has been doing this fully automatically for as long as we can remember!


If you think you may have a work around, then the complete guidance is available here:


Payslip policy: a guide to the 2019 legislation 

Payslips: guidance on legislation in force from April 2019 requiring employers to include additional information on payslips




HMRC, IR35, synthetic self employed for next year

Thursday Thursday, October 11, 2018 by Administrator

HMRC are taking a number of measures to ensure they generate what they feel is the appropriate amount of tax from Self-employed and the Gig economy.

Recently it has been leaked that there is to be crack down on People they consider "synthetic self-employed"

Next year payslips will have to detail hourly rates where they apply to paid work.

It’s understood there will be a move to strengthen IR35 to ensure there is an even playing field in ~HMRC’s opinion.


There is now a paper on HMRC’s web site detailing the additional pay information needed to be detailed on payslips to meet their new legal requirements.


Payslip policy: a guide to the 2019 legislation


Payslips: guidance on legislation in force from April 2019 requiring employers to include additional information on payslips

Face-crook up to their old tricks again

Monday Monday, June 11, 2018 by Administrator

Any similarity between Face-crook and a well known social media platform is purely intentional!


Is Facecrook wilfully misleading people to gain access to their personal data? I received a message from someone I know as an email together with a "personal" invite to log in to Facecrook messenger and download it onto any devices I had. The message said it was a personal invite from them (twice). They said they had not made the invitation!



2018 06 11 19 32 40 Messenger


The legal framework for the information provided on a payslip is changing.

Wednesday Wednesday, June 6, 2018 by Administrator

The legal framework for the information provided on a payslip is changing.

If you work out totals from the hours and holidays then and just supply the total amount to your payroll package, be it Sage, QuickBooks or any other this will not be enough for a legal payslip.

Ours software has been compliant with the new legal payslip standard for the last two years. So if you want to avoid yet another disruptive upgrade our integrated solution is you answer.

Use this page to contact Added Value Applications the industry’s most cost effective Temporary Staff Management Solution

All these QWERTY GDPR emails what should I do...

Monday Monday, May 21, 2018 by Administrator

Don't open, (if you didn't already) just delete or mark as spam.


If you don't recognise the sender's name, delete the email without opening it. It is a little known fact that email tracking systems know when you open an email (to read it or to immediately delete it). The sender can then identify the email address that have sent that email to as being a "live" address with a person who opens emails at the end. Simply they were trawling for "live" email addresses. you will be added a someone who has expressed an interest in receiving emails from them.

GDPR video and probably the lowest cost solution including Payroll and Invoicing

Sunday Sunday, May 20, 2018 by Administrator

GDPR video and probably the lowest cost solution including Payroll and Invoicing


In case you were not aware BBC News has a program called “Click”. It’s a reasonably non tech and entertaining guide to tech. This week’s edition gives a light guide to GDPR especially relevant to staffing agencies.


Fines for data breaches are only limited by €10 million or 2% of the company’s global annual turnover (whichever is greater).


To sum up, by default you are required by the legislation to ensure that by default you give the highest reasonable approach to keeping peoples’ data (employees or workers) secure. Simply this is the approach adopted by Microsoft Data Centres. It’s why we use them exclusively. Unfortunately in our understanding these same levels are not automatically and historically implemented by Amazon Web Services or indeed local servers maintained by your (probably very expensive) IT guys.


We can provide GDPR compliance at a stroke and our current, fully automatically generated, payslips already meet the requirements for the upcoming legislation the new standard of Payslips as well.


Links you may find helpful


BBC Click guide to GDPR implications

Information Commissioners Office (ICO) blog

Upcoming Payslip legislation



General Data Protection Regulation (GDPR) enforcement date 25 May 2018

Wednesday Wednesday, May 2, 2018 by Administrator

Our services are hosted by Microsoft who were the first company to adopt and achieve the stringent ISO 27018 standard for GDPR. This is the standard for government organisations and suppliers to government organisations such as NHS trusts. Microsoft cloud services will include commitments to maintain GDPR compliance when enforcement begins.

Your “people” data comes into two categories.

  • People you have employed: in which case you have a duty to retain all relevant employment data for six years or possibly more.
  • Those whom you have not yet employed or will, for whatever reason, not employ: in which case you should obtain a limited agreement via your own terms and conditions to retain their application for a reasonable period in case they wish to reconsider. You must also delete all their data on their explicit request. You can (and probably should for transparency) publish these on an employee T&Cs page on your own web site listing the data you will retain (for example Name, Address, email, phone, dob, NI, date of application etc.) and that it can be explicitly deleted on request.

We are providing hosting for such information. As long as there is a valid agreement between us, we will maintain your data, backed up every 5 minutes (via Microsoft services) with what is acknowledged as the highest level of security available and reasonably achievable.

We are legally obliged to delete any Microsoft hosted data once such agreement is terminated by you. Microsoft requires that their services are paid in advance. It is therefore essential that your customer account is always fully up to date. Ceasing licence payments implies you have actively terminated your contract. If for any reason your account is not up to date (for example your bank is experiencing technical difficulties), you need to contact us immediately. Especially if you are a start-up we will do our best to help. We can only maintain your data as long as you are a current valid customer. This is a direct consequence of GDPR.

You can and should use the reports available to maintain copies of employment data.


How secure is your data? Here are links to Microsoft's extensive compliance with GDPR


Microsoft and Compliance with ISO/IEC 27018 personal data protection

Trusted cloud: more certifications than any other cloud provider

Microsoft compliance ISO/IEC 27001 Information Security Management Standards


The US Sentate hearing, Mark Zuckerberg, owning or running a staffing agency

Thursday Thursday, April 12, 2018 by Administrator

Zuckerberg to US Senate “Senator we run ads”. Ah: the truth, the whole truth and nothing but the truth the American way!


Senate And Zuckerberg


Zuckerberg smirks after answering “How do you sustain a business model in which users do not pay for your services?”

Zuckerberg to US Senate “Senator we run ads”

The Senator missed the chance to ask what was the basis of the value of the ads, and more importantly did this value rely on them being targeted in a highly specific manner?


So how is this relevant to someone owning or running an Agency?

So how much can Facebook know about your company (that you probably dont want them to know)?

For example for a typical Temp Agency: can Facebook have a reasonably complete list of your current and past workers, their names, email addresses and  phone numbers. Oh and commercially sensitve information like where and when they worked (your customers and their addresses)?


This article will explain how your prized company data is for sale on the internet and it’s going to be very easy to understand.

There are three aphorisms that apply to the current Cambridge Analytica and Facebook saga.

  • Knowledge is power.
  • If the service is free then you are the product.
  • It’s not what you know, it’s who you know.

Mark Zuckerberg has an acknowledged; some would say impressive and admirable record of pushing the boundaries on the use of freely supplied personal data to generate substantial wealth. Up till now those boundaries have been virtually non-existent.

Would this worry you if your employee list or customer list were legally for sale?

Well it is and as we will shortly see, it’s not limited to Facebook. All social media apps such as Facebook messenger, WhatsApp (also owned by Mr Zuckerberg), or competitors like WeChat, Line, Viber, KakaoTalk etc. can distil these lists.

How is this possible? As a temping agency, your employee list is basically your asset list. It needs to be protected.. Ok so your IT guys have assured you that your company data is on a secure server behind a firewall, password protected etc. They are not lying. Your company may not have been hacked (in the traditional sense). Zuckerberg et al (and you can pay to be Mark’s friend) still have these lists and they are easily and legally purchased on the internet.


So how do these lists become available?

Let’s take two simple and personal examples.

The other day I was looking for a new event location. I entered the details on my phone and Google very helpfully came up with a map. The Android app asked me if I would turn on location access to guide me there. I did and it did, straight to the (enjoyable) event. The kicker is the next day I was having a meal out and Google popped up and asked me to rate the “Loch Fyne Seafood & Grill” restaurant. So Google knows where by name (and when) I visit, my name, my mobile number and my email. This could equally be where someone works on temping assignments. So in that case they have a list of the customers where that person worked as well. It’s simple to distinguish or filter out the “eight hour” shifts from the coffee shop / restaurant visits, going to the shops or visiting friends at (private) addresses, probably one line of code: (WHERE Location.PropertyType = “Hospital or “Care Home” or PCT” and LengthOfStay more than 4 hrs).

Example 2. The other day I was driving to another event. I was stopped at a traffic light, in “Park”, engine off and I put my finger on the menu of my iPhone. The phone “said” you will not receive alerts whist driving. Clever when you think about it, but easy if I am moving a 50mph along a road then the phone can figure that out. Except in this case I did not turn on location services, they are on by default.

So if someone has an Android or an iPhone, then where and when someone works is “freely” available to any app they have installed. Add this to the other data about the phone owner “et voila! As the French would say” Name, Address, email (security checks) address, correct name, employment history.

If you use Facebook, Facebook messenger or WhatsApp to message your staff, then Mark Z knows a list of your staff without actually reading the messages. (There was not any in the two examples here).  He already has an email, phone number, proper name etc. assuming he can put two and two together.

Facebook is actually more powerful than a simple list of your employees, addresses, phone numbers. By simply repeating the analysis over time, they can find those people that move jobs more often. Those people that like cats, those that like dogs, gardening, music, knitting etc..


So is liking cats and dogs important?

It’s simple to have an advert with an apparently irrelevant picture of a cat, dog, flower, band, ball of wool etc. and an appropriate phrase: “Want more time for your cat, dog, gardening, apply to xyz agency”. How much more likely is it that the targeted person will follow the link in the ad when it contains something about their favourite hobby or pet? They have just had their favourite interest or love spot massaged. How much more likely is the subsequent approach going to be successful?

So in your workers “regularly updated” Facebook privacy setting, how important is the fact that they like cats? That’s not important? Just Google “cambridge analytica personality test” because it goes much deeper than that.

Actually all this is not news. What is current news is that Politicians just have woken up to the fact that using these actually very simple tools for direct news, fake news and adverts, nerds in offices have more power and control than the politicians themselves.

What may also be news to you is that your company data is equally at others fingertips and for sale. What may also be news is how simple this is in a connected society.


Almost the bottom line

This is why Facebook encourages everyone to download the Facebook app on to their mobile phone. It is a mine of personal information. That is mine as in treasure trove, not mine as in personal possession.


The bottom list is taken from the Google play store Facebook App permissions list. Some like making the phone vibrate are innocuous, others... not so much!

Links you might also find interesting:


Facebook says that, even if I limit access to my interests, it will still show me ads based on the following (including location)

UK Businessinsider: how to control your data on facebook like mark zuckerberg says you can

What is the secret behind mining this data also known as  "traffic_analysis"


The Facebook app demands access to and will mine your phone for data regarding:


Device & app history
    retrieve running apps
    find accounts on the device
    add or remove accounts
    read your own contact card
    read calendar events plus confidential information
    add or modify calendar events and send email to guests without owners' knowledge
    read your contacts
    modify your contacts
    approximate location (network-based)
    precise location (GPS and network-based)
    read your text messages (SMS or MMS)
    read phone status and identity
Photos / Media / Files
    read the contents of your USB storage
    modify or delete the contents of your USB storage
    take pictures and videos
    record audio
Wi-Fi connection information
    view Wi-Fi connections
Device ID & call information
    directly call phone numbers
    read call log
    write call log
    precise location (GPS and network-based)
Photos / Media / Files
    download files without notification
    receive data from Internet
    adjust your wallpaper size
    view network connections
    create accounts and set passwords
    read battery statistics
    pair with Bluetooth devices
    access Bluetooth settings
    send sticky broadcast
    change network connectivity
    connect and disconnect from Wi-Fi
    full network access
    change your audio settings
    read sync settings
    run at startup
    draw over other apps
    control vibration
    prevent device from sleeping
    modify system settings
    toggle sync on and off
    install shortcuts
    read Google service configuration
    expand/collapse status bar
    reorder running apps
    set wallpaper
    reorder running apps


Ian Pettman is the managing director of Added value application which provides staff booking software which does not use social media for sending messages or appointments.


If the service is free then you are the product (or your agency is) a $60 billion question.

Sunday Sunday, March 25, 2018 by Administrator

If the service is free then you are the product (or your agency is) a $60 billion question.

This means trouble for your staffing agency i.e. Facebook harming staffing agencies? I think the answer is yes and I’ll tell you why.

This (you are the product) aphorism is well known in the Internet marketing world. One of the best known proponents of marketing your freely provided information is generally acknowledged as Mark Zuckerberg. Actually it does not matter: Facebook, Facebook messenger, Whatsapp, one of the other services he owns or one of his competitors like WeChat, Line, Viber, KakaoTalk etc. They all are based on the principle of selling your personal or business information that you have freely given them by using their services. You have assented to this by ticking the “I agree” box.

Even assuming none of these organisations actually read the messages going back and forth, if you communicate with your employees using these free apps then each of those employees has a registered (real name and email address). This is valuable information. Just the timing and volume of the messages can give a clear indication which are business messages and which are non-business ones.

So the calls by politicians and the press that “social” media providers are more transparent with their use of “personal data” is to a degree wide of the mark. Certainly Names, addresses, emails are important (and essential for communicating with friends) but it’s just as important (and profitable for them) when and with whom you communicate. It is a close parallel another aphorism: to “It’s not what you know, it’s who you know."

It is kindergarten coding for these guys to generate a list of names and email addresses with say 95% accuracy of those people who have “opted in” to one of these services (by simply using it) and are your employees (because you are the focus of the messages).

This is not new news (its called traffic analysis) it was productively used in the second world war and is still subject to security notices from the CIA,NSA, GCHQ, SIS  etc.

No wonder Face book shares have gone from $184 to $163 in 3 days or a drop of over 10% or over 60Bn in total worth.

There was a very relevant deposition made to the House of Commons Committee this week when an exe-employee of Facebook said that Facebook’s security and ring fencing of personal data was excellent and has a very high priority. He also gave the committee the apparent impression that once Facebook possessed the data it had scant regard for the privacy of such data.

You might assume that personal data was simply available to the highest bidder.

So I want a list of Nurses names, emails and phone numbers. How do I do this? Google is a help: I used “targeted uk nurses email database”. Amongst dozens of others there was: nurses email list (ironically this gived connection is not secure!)

One of their pages is reverse appending . So you can probably guess what reverse appending is.

It really is big business and it’s your business.

Invoice Payments, this week, next week, sometime? Cash flow a limiting factor? Simple steps to improve cash flow.

Tuesday Tuesday, March 13, 2018 by Administrator

No matter if you are starting an agency when cash and cash flow can be major issues. Or, slightly more difficult if you are already running an agency wanting to improve profitability. There are number of steps that can considerably improve your cash flow and consequential the bottom line.

Do’s and don’ts simple rules work to ensure you borrow the minimum amount of money for the minimum time.

  • Don’t spend it if you don’t have to. Sure you have to have somewhere to work, but it does not have to be rented office space. Many very successful companies started in garages, bedrooms or on the kitchen table.
  • Don’t spend it if you don’t have to. This means an expensive web site. You need a web site but you can get one for a few pounds as long as you steer clear of WordPress you should be ok. Make sure your web site is secure: one of those padlock things (it has be secure to get good links).
  • Don’t spend it if you don’t have to. This means not committing to some expensive company setup service or one with hidden future costs. From the web site “It costs £12 and can be paid by debit or credit card or Paypal account. Your company is usually registered within 24 hours.”
  • Don’t spend it if you don’t have to. This means not committing to some expensive loan, factoring or payroll service with a low headline rate but much higher APR (what you actually pay for every day you borrow: the bottom line). Borrow as little money as you really need for as short a possible time. Banks are quite good at flexible loans.
  • Don’t borrow if you don’t have to: Sure you need to bridge the gap between paying your staff / ltd company employees and getting your invoices paid. If you can reduce this gap from a month to two weeks or even a week then you can halve or quarter your interest costs.
  • Do have an invoice that includes all necessary information: you must have the word “Invoice” clearly displayed. It must have a unique identification number, your correct Company Name and Address, phone number and email. The Customer’s correct invoice address and usually an Fao line (for attention of), an Invoice date, clear itemised costing of the services  supplied: the employee’s name, shift date, location, times, rate bands, detailed expenses and supplemental charges and reference to your terms and conditions. Bank details (account number sort code, bank name) payment period.
  • Do make clear your payment period terms when you negotiate any contract of staff supply. So what is a reasonable period for payment? Before electronic banking and postal mail, 30 days was considered standard. Don't live in the last century. With modern invoicing systems such as ours then the invoice can arrive at the customer within a few seconds and payment is at worst 3 days via the banking system. So reasonably 14 days is entirely adequate. However, there is no reason why you should not go for 7 days as with our system you can invoice on any day of the week to coincide with the customer’s accounts department. In fact it appears that the majority of small businesses have 14 days or less as a limit in their terms and most request payment in 7 days. So your customers may profess surprise...stick to your guns.
  • Do try have a friendly meet with the customer’s Accounts department (you have met the customer during contract negotiations) if you can, or at very least call them to introduce yourself so “any issues and we will be happy to resolve them quickly for you” to establish a “helpful” bond.
  • Do (courteously) check that the accounts have received the invoice and they are happy with it for the first few weeks, explaining that as your system is new….etc.
  • Do (courteously) check that the accounts have received the invoice and they are happy with it the first time it is late (some companies start of promptly and then slow down). A study showed that typically over 50% of small businesses suffer late payment and a third are overdue by more than 2 weeks. Politely argue your case: are they unhappy with the staff you supply? Are your charges competitive? Point out that to retain those staff and keep those costs, you need to pay your staff promptly, not incur interest charges to pass on (to them) and you are not a bank!


It goes almost without saying: invest in low cost software (ours) that helps you do the most tasks so you can make time for taking a step back and for life!


Links that may help

Simple step by step guide to limited company formation by the guys that write the rule book

Business discussion on invoicing period in your Ts & Cs

The Guardian how to invoice

The Prompt Payment Code

The Government's prompt payment policy


Contact Information

To find out more about Ava solutions you can contact us in a number of ways:
Follow Us...