Three layers of legal risk

When you become a manager, the law looks at you differently. You take on duties that an ordinary employee does not have, and you carry exposure on three different fronts at the same time.

Section 8 — the employer's duties (and yours, as the employer's delegate)

Section 8 of the Safety, Health and Welfare at Work Act 2005 places the primary safety duty on the employer. As a manager you exercise that duty on the ground. The shop will be measured against each of these:

• Safe place of work, safe equipment, safe systems of work — fix it, escalate it, or write down why it can't be fixed today.
• Risk assessments and a written Safety Statement — in place, reviewed at least annually, available to staff.
• Information, instruction, training, supervision — every employee, every module, evidenced on the Training Matrix.
• PPE provided free of charge where needed — employees never pay.
• Emergency procedures — fire, robbery, medical, written down, drilled twice a year.
• Consultation with staff on safety matters — toolbox talks, safety reps, suggestions taken seriously.
• Accident reporting — IR1 to HSA when triggered, accident book always.

Section 80 — you, personally

In plain terms: if the shop is prosecuted and the offence happened because you consented, turned a blind eye, or simply didn't do your job, you can be prosecuted alongside the company. Personally. With your name in the District Court list and the result in the HSA's published prosecutions register.

Section 80 has bitten managers in Irish retail. Examples of "neglect":

• Roster shows under-18 on alcohol sales — manager who wrote the roster is on the hook.
• No risk assessment for a known hazard, employee injured — manager who didn't do it is on the hook.
• Refusals log not maintained, sale to a minor — manager who failed to keep the log is on the hook.
• Fire exit blocked by stock for weeks, fire happens — manager who walked past it daily is on the hook.

Vicarious liability — you carry your team

The shop is legally responsible for what its employees do in the course of their employment. This is called vicarious liability. It applies to:

The "reasonably practicable steps" defence for harassment / discrimination is essentially: written policy + training + acted promptly when notified. Module 2 covers the staff side; Module 3 (this one) covers your side — receiving and acting on complaints.

Who can knock on your door

An overview — each is covered in depth in Section 14. Print this list and keep it on the office wall.

Before they start: right-to-work

It is a criminal offence under the Employment Permits Acts to employ someone who is not entitled to work in Ireland. Penalties include fines up to €250,000 and 10 years imprisonment, plus you cannot recover wages paid.

Who can work in Ireland without an Employment Permit?

• Irish citizens (passport, driving licence + PPS letter)
• UK citizens (Common Travel Area)
• EU / EEA / Swiss citizens (passport or national ID)
• Non-EEA nationals with: an Irish Residence Permit (IRP) card showing Stamp 1, 1G, 4, 5, or 6 (Stamps 2, 2A, 3 do NOT permit unrestricted work — check carefully)

What you must do

Within 5 days — the core terms statement

Under the Terms of Employment (Information) (Amendment) Act 2022, employers must give every new employee a written statement of the following 5 core terms within 5 days of starting work:

Within 1 month — the full contract

Within one month, the employee must receive a complete written statement of terms. The standard group contract covers all of these:

If you're hiring an under-18

• See a copy of their birth certificate, passport or driving licence to verify age — take a copy for the file
• If they are under 16: obtain written consent from a parent or guardian before they start (legal requirement)
• Give the parent/guardian a copy of the abstract of the Act (HSA publishes this free) within 7 days
• Roster them only within permitted hours. For 16\u201317 year olds: max 8 hrs/day, 40/week, earliest start 06:00, latest finish 22:00, 30-min break after 4.5 hrs, 12 consecutive hours daily rest, 2 days weekly rest. Under-16 rules are tighter \u2014 consult the HSA Abstract.
• Never assign prohibited tasks: sale of alcohol, tobacco, vapes, lottery, solvents; lone working; key holding; driving any work vehicle
• Mark their record clearly as under-18 so they are never assigned a prohibited task

The Organisation of Working Time Act 1997

Every roster you write must comply with the OWT Act 1997. The WRC enforces it; complaints go to adjudication; awards routinely run into thousands per breach per employee. Most cases reach the WRC because the employer cannot produce records.

The 7 limits you must respect

Stricter rules for under-18s

Under-18s have tighter limits under the Protection of Young Persons Act 1996. Whenever you roster an under-18, OWT 1997 stops being your reference — PYP 1996 takes over (covered fully in Section 7).

Records you must keep

• Form OWT1 (or an equivalent electronic record) showing each employee's start and finish times, breaks taken, and rest periods, for every shift
• Retained for 3 years (this is the WRC inspection retention period)
• Available immediately on request from a WRC inspector — if you can't produce them, the assumption is they don't exist and the employee's version of events wins

Payslip rules — Payment of Wages Act 1991

Every employee must get a written payslip with every payment of wages. The slip must show:

• Gross pay
• Nature and amount of every deduction (tax, USC, PRSI, pension, voluntary)
• Net pay

Deductions are tightly controlled. You cannot deduct from wages except where:

• Required by statute (PAYE, PRSI, USC, attachment of earnings order)
• Authorised by the contract (e.g. pension contribution clause)
• Authorised in writing by the employee for each occasion

Spot the violations — click each red pin

Below is a sample week's roster for an adult employee. There are 4 OWT breaches. Click each pin to see what's wrong.

WRC Code of Practice SI 146 of 2000

Every disciplinary process the shop runs must follow the WRC Code of Practice on Grievance and Disciplinary Procedures (SI 146 of 2000). The Code is not optional — the WRC and Labour Court treat departure from it as a presumptive failure of fair procedures. Most unfair dismissal awards are won on procedure, not on substance.

The five principles of fair procedures

The progressive disciplinary ladder

Except for gross misconduct (see next slide), discipline is progressive. Each step is a separate process — not an automatic escalation.

Gross misconduct — the only exception

Gross misconduct can justify dismissal without progressing through the warnings, but the procedure must still be followed: investigation, allegation in writing, hearing, right to representation, right to appeal.

Examples generally accepted as gross misconduct in retail:

• Theft from the shop, from staff, or from customers
• Fraud — falsifying refund receipts, manipulating EPOS, lying on a CV
• Serious safety breach — wilful misuse of equipment, fighting, sabotage
• Serious breach of trust — selling alcohol to a known minor knowingly
• Being under the influence of drugs / alcohol at work to the extent of endangering anyone
• Serious breach of confidentiality or data protection
• Violence or threatening behaviour
• Discriminatory harassment that itself is a serious breach

Practice scenario — you suspect theft

An assistant manager flags that one cashier's till is short €20–40 most shifts she works. Walk through the right path.

Unfair Dismissals Acts 1977–2015

From the day an employee passes 12 months service (52 continuous weeks), every dismissal is presumed unfair unless the employer proves otherwise. The burden of proof sits with you, not the employee. The remedy is up to 2 years gross remuneration in compensation.

Exceptions — dismissal is unfair from day one if

• The dismissal is for trade union activity or membership
• The dismissal is for raising a health and safety concern (Section 27 SHWWA)
• The dismissal is for taking statutory leave — maternity, paternity, parental, adoptive, force majeure, carer's, parents' leave
• The dismissal is on one of the 9 grounds of the Employment Equality Acts (gender, civil status, family status, sexual orientation, religion, age, disability, race, membership of the Traveller community)
• The dismissal is a protected disclosure (whistleblowing) under the Protected Disclosures Act 2014

In all these cases, there is no service requirement — a brand new employee can take a successful case.

The two tests — substance AND procedure

For a dismissal to stand, the employer must show both:

Most cases are lost on procedure even when the substance was sound. The 5 minutes saved by rushing a process can cost two years salary in compensation.

Statutory minimum notice

Under the Minimum Notice and Terms of Employment Act 1973, the minimum notice an employer must give an employee scales with service:

The contract may specify longer notice — in which case the contract figure applies. Either party can pay/be paid in lieu of notice if the contract permits.

Redundancy — Redundancy Payments Acts 1967–2014

A genuine redundancy is one of the valid grounds for dismissal. It is genuine only if the role itself ceases or is reduced — not the person.

The 5 statutory redundancy situations

• Employer ceases business entirely
• Employer ceases business at the place where the employee was employed
• Requirements for that kind of work have ceased or diminished
• The work is being done in a different way and the employee cannot do it
• The work is being reorganised with fewer staff

The statutory lump sum

• Eligibility: 104 weeks (2 years) continuous service, aged 16 or over
• Calculation: 2 weeks pay per year of service, plus a bonus 1 week. So 5 years = 11 weeks pay
• Pay cap: Maximum weekly pay reckonable is currently €600/week for redundancy purposes
• Tax-free up to the statutory amount; ex-gratia top-ups have their own tax treatment

The legal framework you're operating under

Three instruments combine:

• Employment Equality Acts 1998–2015 — makes harassment on the 9 grounds unlawful, with vicarious liability for the employer unless "reasonably practicable steps" were taken
• Safety, Health and Welfare at Work Act 2005 — treats workplace bullying as a workplace hazard the employer must manage
• WRC Code of Practice for Employers and Employees on the Prevention and Resolution of Bullying at Work (SI 674 of 2020) — sets out the procedure you must follow when a complaint is made

When a complaint lands — first 24 hours

Informal vs Formal pathway

SI 674 of 2020 prefers the informal pathway first — it resolves most cases without escalation. But the complainant's wishes are key, and serious matters go directly to formal.

Practice — a complaint comes in

A 19-year-old staff member tells you privately that an older male colleague has been making comments about her appearance and asking her out repeatedly. She doesn't want to "make a fuss" but it's upsetting her.

The "all reasonably practicable" defence

Section 8 SHWWA imposes the employer's duties "so far as is reasonably practicable." When an accident or incident happens, the prosecution's burden is to show breach — your defence is to show you took all reasonably practicable steps.

The defence is evidence-based. The evidence is the Training Matrix. Without it, you have no defence — no matter what training actually happened.

What the Daybreak Training Matrix records

The Excel matrix in Daybreak_Stores_Training_Matrix_v1.0.xlsx is the master record. Each shop has a tab listing every employee on each row, with columns for every training module. Each cell records:

• Date the module was completed
• Pass mark achieved (where applicable)
• Refresher due date (calculated automatically by formula)
• Status: green (in date) / amber (due within 60 days) / red (overdue)

Your weekly job as a manager

Retention periods

What an HSA inspector asks for — in order

What must be reported to the HSA

Under the Reporting of Accidents and Dangerous Occurrences Regulations 2016 (SI 370 of 2016), the employer must report certain events to the HSA. There are two report types.

IR1 — reportable accidents

An accident at work that causes an employee to be unable to perform normal duties for more than 3 consecutive days, not counting the day of the accident. Also reportable: fatalities (immediately, before the IR1).

IR3 — dangerous occurrences

Specified events that did not cause injury but could have. The full schedule is in SI 370/2016 Schedule 1, but for retail the most relevant are:

• Collapse, overturning or failure of any lifting machinery
• Electrical short circuit causing fire or explosion
• Explosion, collapse or bursting of any closed vessel
• Uncontrolled release of any substance liable to cause damage to health
• Unintended fire or explosion

The first 60 minutes after an incident

The never-admit-liability rule

What to say instead:

• "I'm so sorry that happened. Are you all right?"
• "Let me get you some first aid and then I'll take some details."
• "I'll need to record this in our accident book. Could I take your name and a contact number?"

Facts in the Accident Book are facts. Opinions, blame, or admissions are not recorded — they go in a separate management investigation note.

Root cause analysis — the 5 Whys

For every IR1-reportable incident, do a structured root cause analysis. The simplest method is the 5 Whys.

Example: an employee strains her back lifting a 25kg pallet of mineral water.

• Why? The pallet was too heavy for one person.
• Why? She was lifting it alone.
• Why? No one else was rostered on the stockroom that shift.
• Why? The roster was tight that day.
• Why? The roster was written without checking the delivery schedule.

Action: Roster cross-checked against delivery schedule going forward. Two-person rule re-emphasised for >15kg loads. Mechanical aid (sack truck) re-issued. Refresher manual handling for the team.

Document the 5 Whys and the action plan. File with the IR1. Review in 90 days to confirm the controls held.

The legal basis

Under Section 19 of the SHWWA 2005 and Regulation 19 of the General Application Regulations 2007 (SI 299 of 2007), every employer must:

• Identify hazards in the workplace
• Assess the risks from those hazards
• Decide on control measures
• Write it all down in a Safety Statement
• Bring it to the attention of every employee
• Review it at least annually, and whenever there is a material change

For Daybreak, each shop has its own Safety Statement, owned by the Store Manager and reviewed at least annually by the Group H&S Coordinators.

What a Safety Statement must contain

Risk assessments every Daybreak shop must have

Review cycle

The law requires "regular review" — industry practice and what an inspector will expect:

• Annually as a minimum, even with no changes
• After any incident related to the hazard — even a near-miss
• After any material change — new equipment, layout change, new chemical, new task, change in staff demographic (e.g. taking on an under-18)
• After any change in the law — the Group H&S team monitors this and circulates updates
• After any employee raises a concern that touches on it

Evidence the review happened

Each review documented — reviewer name, date, changes made, signed off. The RA is a live document, not a museum piece.

Three regulators run test purchases at Daybreak

Each runs test purchases periodically. The age of the test purchaser is typically 16 or 17. They are coached to behave normally and to leave if challenged.

The due-diligence defence

For each of the three statutes, there is a statutory defence available to the shop and to the individual cashier: that you took all reasonable steps to prevent the sale. The defence is documentary.

The four documents the prosecution will ask you for

• The shop's age-verification policy in writing — e.g. "Challenge 25" or "If they look under 25, ask for ID"
• Staff training records — every cashier trained on the policy, evidenced on the Training Matrix and in Module 1 / Module 2 cert PDFs
• The refusals log — evidence that the policy is operated daily, not just on paper
• Signage in the shop visible to customers — "Challenge 25", "We will refuse alcohol sales to anyone who appears under 25 without ID", legal hours notice

If a test purchase goes against you

Lone working risk assessment

Anyone working alone at any point of the shift triggers the lone-working RA. This includes opening up, closing down, stocktake outside trading hours, cleaning shifts.

The RA must address

• Means of communication — working phone, charged, signal
• Panic alarm — location, ease of activation, monthly test record
• Procedure for opening up (looking through window first, varied route to the back office)
• Procedure for closing down (cash in safe before final lock-up, exit varied, partner check-in)
• What to do if something is wrong on arrival (do not enter, call the Gardaí, call the manager)
• Specific exclusion of under-18s from lone working at any time
• Specific exclusion of pregnant employees from late lone shifts after consultation
• EAP contact in case of incident-related distress

Banking risk assessment

Cash transit between the shop and the bank is the highest-risk routine activity in retail. The RA must address:

• Vary the route, vary the time, vary the day — routine is the robber's friend
• Sums kept low — frequent small lodgements rather than infrequent large
• Discreet carrier — no Daybreak-branded bag, no uniform, no obvious security pouch
• Always a paired drop — never alone, or if alone, a specific check-in protocol
• Direct route — no detours, no stops, no errands en route
• If approached — hand it over — lives over cash, every time, no negotiation

Panic alarm testing

Per Reg 8 of the General Application Regulations 2007, all safety-critical equipment must be inspected and tested at appropriate intervals.

• Test monthly — a specific date in the month, in advance to avoid Garda call-out
• Test all buttons — multiple positions in the shop, not just the till
• Log each test — date, who tested, what worked, what didn't
• Faults: fix within 24 hours — a faulty panic alarm is a serious H&S defect
• Annual full service by the alarm provider, with certificate retained

Post-robbery debrief and welfare

Manager's checklist

The shop is the data controller

Under the GDPR and the Data Protection Act 2018, the shop is the data controller for personal data of employees, customers, suppliers, and anyone captured on CCTV. As manager you operate the controls. The Data Protection Commission (DPC) is the supervisory authority. Administrative fines: up to €20 million or 4% of group annual turnover, whichever is higher.

The six lawful bases for processing

• Consent — freely given, specific, informed, unambiguous, easy to withdraw
• Contract — necessary for performance of a contract with the data subject (e.g. payroll for an employee)
• Legal obligation — compelled by law (e.g. Revenue, OWT records)
• Vital interests — to protect someone's life
• Public task — official function (rare for retail)
• Legitimate interests — your legitimate interests, balanced against the data subject's rights (e.g. CCTV for security)

CCTV — specific duties

CCTV in a public-facing retail premises is allowed under "legitimate interests" (security, theft prevention, evidence). The DPC has issued specific CCTV guidance — you must comply.

• Signage at every entrance — makes clear CCTV is in operation, the purpose, and the controller (the shop / legal entity name) and a contact for queries
• Coverage proportionate — sales floor, tills, stockroom, external approaches yes; toilets, staff break area no
• Retention: 28–30 days by default, longer only when needed for a specific incident
• Access controlled — only the Store Manager and Group H&S can view; access logged
• Never shared on social media for any reason, including amusing customer behaviour
• Released only on Garda request (formal Form A.4 request) or with the consent of identifiable data subjects
• Employees are notified in writing that CCTV operates (typically in the contract and the staff handbook)

Subject Access Requests (SARs)

Any individual whose personal data you process can request a copy. This is a fundamental data subject right under Article 15 GDPR.

Breach notification — the 72-hour rule

What counts as a breach

• Lost USB stick with employee data
• Email sent to wrong recipient containing personal data
• Employee file left visible in a public area
• Theft of a paper file or device
• Hacking, ransomware, unauthorised access to systems
• CCTV footage shared inappropriately
• Disposal of paperwork without secure destruction

What to do

Practice — a SAR arrives

A former employee emails Amit on Wednesday: "I want a copy of everything you have on me, including any CCTV that shows me, and especially the disciplinary file." She left the company 6 months ago after a contested dismissal.

Who can walk in unannounced

Most Irish regulators can inspect retail premises during business hours without notice. The only exception is the WRC, which can but more often gives a few days. Always assume zero notice.

The first 10 minutes of any inspection

Understanding the notices an inspector can issue

Practice — who regulates what?

Sort each scenario into the bucket of the regulator who would handle it. (Tap to select on mobile, then tap a bucket.)

Closing out an inspection

An inspection isn't over when the inspector leaves. The follow-up determines whether it becomes a prosecution.

Within 24 hours

• Written debrief to MD and Group H&S — facts, observations, any notice received
• Action list, owner, deadline for each item raised — even verbal observations
• If a notice was issued: read it carefully, take legal advice if needed, note the appeal deadline

Within 7 days

• Quick wins done and evidenced (photos before/after)
• Risk assessment updated to reflect the issue and the new control
• Training Matrix updated if training is part of the response

By the compliance deadline

• All notice requirements complete
• Written reply to the inspector confirming compliance, with evidence
• Internal file: keep everything together — the inspector's notice, your actions, the evidence, the reply

Knowledge check

Choose the best answer for each question. You can change your answer before submitting. Pass mark: 23 out of 32. There is no limit on retries.