Strachan Policies

1. Anti-Discrimination and Anti-Harassment Policy

1. We strive always to create and maintain a work environment in which people are treated with dignity, decency and respect in an environment characterized by mutual trust and the absence of intimidation, oppression, exploitation and therefore will not tolerate any discrimination or harassment of any kind against any employee.

2. All employees, regardless of position, are subject to and are expected to fully comply with this policy and to take appropriate measures to ensure that prohibited conduct does not occur.

3. It is a violation of this Policy to discriminate against any person or persons in the provision of employment opportunities, benefits or privileges; to create discriminatory work conditions; or to use discriminatory evaluative standards in employment if the basis of that discriminatory treatment is, in whole or in part, the person’s race, colour, national origin, age, religion, disability status, gender, sexual orientation, gender identity, genetic information or marital status.

4. The Firm also prohibits harassment of any kind, including sexual harassment, and will take appropriate and immediate action in response to reports of violations of this Policy. Harassment includes any verbal or physical conduct designed to threaten, intimidate or coerce an employee, co-worker or any person working for or on behalf of the Firm. Verbal taunting (including racial and ethnic slurs) that, in the employee’s opinion, impairs his or her ability to perform his or her job is included in the definition of harassment.

5. Any violation of this Policy must be reported to the Practice Manger or to the Senior Partner as may be appropriate for investigation. Any employee found to be in violation of this Policy shall be subject the Firm’s disciplinary process.

Please let all join hands to ensure an environment where we can all thrive.

2. Anti-Bribery Policy

Strachan Partners is committed to conducting its business to the highest ethical standards and in compliance with all laws. The Firm rejects all forms of bribery and corruption, and will not resort to nor will it entertain or allow corruption by any member of the Firm or any other person working for or with it for the sake or gaining or retaining business or for any other purpose.

Our Code of Conduct is designed to control effectively, the risks of bribery and corruption and is efficient in the mode of required training for each member of its staff.

SP has and will continue to communicate its Anti-Bribery Policy to its clients and relevant third parties in the course of its business. Staff are encouraged to report any misconduct or potential misconduct, through a direct email to the Senior Partner. This information will be treated in the strictest confidence and the “whistle blower” shall be protected from any reprisals or retaliation.

All Staff of SP are required to conduct themselves with the highest decorum and abide by the highest standards of integrity and accountability, apply exemplary judgment in all their business dealings / relationships. No member of staff shall use his/her position or information derived from that position, for personal gain or for the benefit of others and must seek to uphold and enhance the standing and good name of Strachan Partners in all that they do and in all circumstances.

This Policy and the SP Code of Conduct will be subject to regular review, to confirm that they continue to be fit for purpose and to make necessary adjustments where they fall short.

A breach of this SP Policy will immediately invoke the Firm’s disciplinary process.

3. Anti-Bullying Policy

Strachan Partners will not tolerate any type of bullying by any employee irrespective of position, against another employee or employees of the Firm.

“Bullying” is repeated inappropriate behaviour, whether direct or indirect, verbal, physical or otherwise, conducted by one or more persons against another or others, at the place of work and/or in the course of employment. Such behaviour violates Strachan Partners’ Code of Ethics, which recognises that all employees are entitled to be treated with dignity and respect.

Bullying includes Verbal Bullying: slandering, ridiculing or maligning a person or his or her family; persistent name calling that is in the opinion of the person on the receiving end hurtful, insulting or humiliating; using a person as butt of jokes; abusive and offensive remarks; Physical Bullying: Pushing, shoving, kicking, poking, tripping, assault or threat of physical assault, damage to a person’s work area or property; Gesture bullying: Nonverbal threatening gestures; glances that can convey threatening messages. Exclusion: Socially or​​ physically excluding or disregarding a person in work-related activities.

Other behaviours as contained in the Procedure, may also constitute or contribute to the evidence of bullying in the Firm.

Any violation of this Policy must be reported to the Practice Manager who must investigate and resolve or escalated as appropriate.

4. Data Protection

What is GDPR?

The European Union General Data Protection Regulation (GDPR) is a set of rules governing how companies should process the personal data of data subjects. GDPR lays out responsibilities for organisations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to demand for demonstrations of accountability and in the event of non-compliance with the GDPR requirements, fines are being levied on such companies.

How does it differ from the previous law in force?

The GDPR and DPA are quite similar to each other, however there still abound some differences in both laws.

Underlisted are the differences between GDPR and Data Protection Act (DPA) which is the present law:

  1. Geographic reach and scope: The previous European Data Protection Directive utilised much more of a light-touch approach than GDPR, setting out aims and requirements for data protection standards that were then implemented through national legislation, such as the UK’s Data Protection Act. By contrast, GDPR is a binding piece of regulation, which will be legally enforceable as soon as it comes into effect on May 25th, and will apply to all EU nations and every company holding data on EU citizens.
  2. Data breach policies: The current law does not mandate the report of any breach although it encourages such, however GDPR places an obligation on companies to report any breach of personal data.
  3. Definition of personal data: the definition of personal data under the GDPR is wider it includes online identification markers, location data, etc. Whereas the Data Protection Act only pertains to information used to identify an individual or their personal details.
  4. Consent policies: This is one of the defining differences between GDPR and the Data Protection Act. Under the old rules, data collection does not necessarily require explicit consent, but under GDPR clear privacy notices must be provided to consumers, allowing them to make an informed decision on whether they consent to allow their data to be stored and used. This consent can then be withdrawn at any time.
  5. Accountability: GDPR places a much greater focus on explicit accountability for data protection, placing a direct responsibility on companies to prove they comply with the principles of the regulation, as opposed to what obtains with Data Protection Act. This means firms will need to commit to mandatory activities such as staff training, internal data audits and keeping detailed documentation if they wish to avoid falling foul of the GDPR rules.
  6. Data protection governance: The Data Protection Act does not stipulate how the governance of data security functions should be allocated, requiring only a basic commitment to the concept from management. GDPR will change this, as any company employing more than 250 people will be mandated to appoint a dedicated data protection officer, as will any firm processing more than 5,000 subject profiles annually.
  7. Penalties and compensation: Currently, non-compliance with the Data Protection Act can see companies fined up to £500,000, or one percent of annual turnover. Under GDPR, these limits will rise significantly to €20 million, or four percent of annual turnover, whichever is higher.

Repeal and Enactment

When the General Data Protection Regulation (GDPR) takes effect ON THE 25TH of May, it will replace the Data Protection Directive (DPD). Under the DPD, only data controllers were held accountable for anything that went wrong but under the GDPR which would come in force, data processors are required to have a contract with data controllers to process personal data.

Advantages of GDPRThe GDPR which is a novel law is a radically different law from the DPD and its just bound that it replaces the former law and fix the discrepancies DPD had.

Some of the advantages of replacing the DPD with the GDPR are:

  • Collection and organising of personal data
  • Enables residents better control over the usage of their data
  • It emphasises on transparency on the part of the data controller
  • A key difference between the DPD and the GDPR is that data processors are now   regulated under the GDPR.
  • Both data controllers and processors will be jointly responsible for complying with the new rules, meaning if an organization outsources data entry or analysis to a third party or processes data on behalf of another organization, both parties are required to abide by the GDPR and are liable for violations.
  • For the security of personal data collected and processed by controllers and processors, the GDPR requires that organizations conduct impact assessments for automated data processing activities, large-scale processing of certain kinds of data, and systematic monitoring of publicly accessible areas on a large scale unlike the DPD.

The Data Protection Act was developed to give protection and lay down rules about how data about people can be used. The 1998 Act covers information or data stored on a computer or an organised paper filing system about living people. However, it only applied in the UK. There was also no requirement for an organisation to remove all data they hold on an individual.

Breach notifications was also not mandatory for most organisations. Therefore, with the multifarious loopholes in the laws, there was need for a new law.

It is of note to point out the changes that will be implemented with the GDPR and why enacting it was necessary in the first place.

  • The territorial scope has been increased. The regulation applies to all companies that process personal data of people residing in the EU, regardless of the company’s location.
  • Data subjects must be given more information when their data is collected.
  • Both consent and explicit consent now require clear affirmative action, and individuals can revoke their consent to data processing at any time.
  • The minimum age for individuals whose data can be collected is rising from 13 to 16.
  • Organizations must delete data that is not being used for its original purpose.
  • Organizations have 72 hours to notify regulators of data breaches that pose a risk to data subjects.
  • There is a single national office for complaints.

Strachan Partners may have to comply due to the firm’s international clientele and partnerships, it should be noted however that, compliance with the regulation would only be motivated by a need to grow a reputation with EU residents.

Article 3
Article 33
Article 4
Articles 6, 7
Article 5
Article 84
Article 3(2)

25 years as a leading commercial law practice.

In its 25 years of experience, Strachan Partners has progressively become a legal resource as it has garnered a wealth of in-depth knowledge and industry know-how applicable to numerous facets of the Nigerian economy, in particular the budding sectors of the Nigerian economy to which the financial industry is one of. We challenge the industry norms and deliver a customized quality service to our clients laced with a cost-transparency policy.

P: (+234) -1-2700722

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.


8 Tokunbo Omisore Street,
Off Wole Olateju Crescent,
Lekki Phase 1.


Suite 311, 2nd floor,
Oakland centre, 48,
Aguiyi Ironsi Street,
Maitama, Abuja.

Latest News from Strachan Insider


Subscribe for updates from Strachan Partners

I have read and agree to the Terms & Conditions