The General Data Protection Regulation comes into full force on 25th May 2018
There are now less than six months to go until GDPR implementation, when it becomes law throughout the EU, including the UK. Any business operating in the EU, serving EU customers or shipping orders inside Europe will need to comply.
From training staff to rewriting privacy policies, there’s a lot that needs to be done to ensure your business is ready for GDPR. If you’re in the UK, the new Data Protection Act will form the basis of data protection law. However, ensuring your business is ready for GDPR will also ensure you are ready for the new Data Protection Act.
What is in the new UK Data Protection Bill?
Along with transposing GDPR into UK law, the Bill will replace the UK’s DPA 1998 and ensure that data protection law remains Brexit-proof. Continue reading
VinciWorks has just added a new module to the course Data Protection: Privacy at Work. The new module explores and contrasts data protection legislation in countries around the world. This new module consists of an interactive guide to global data protection, whereby users can easily lookup the answers to a range of questions they may have about the data protection laws in various countries. This allows businesses to easily familiarise themselves with the data protection laws in any country they operate in and ensure they comply.
Today, Section 11 of the Criminal Finances Act 2017 comes into force. It amends the Proceeds of Crime Act (POCA) and affects the regulated sector. The new data sharing regime enables regulated persons to request and share information with their regulated peers, free in most respects from contravening data protection regulations. Any disclosure “made in good faith” that does not breach any duties of confidence or “any other restriction on the disclosure of information.”
The purpose is to encourage the sharing of information from different entities in the regulated sector and better enable the collation of multiple reports of potential money laundering into a single Suspicious Activity Report.
GDPR will come into full force in May 2018
The six principles of GDPR (General Data Protection Regulations) are similar in many ways to the eight principles of the Data Protection Act. While the six principles of GDPR do not include individuals’ rights or overseas transfers, these are included elsewhere in GDPR.
One key difference is that under GDPR, you must show how you comply with the principles, not just that you do. This is a separate requirement known as the accountability principle which is integrated across GDPR.
The six principles of data protection in GDPR are that data must be treated in a way that is:
1. Lawful, fair and transparent
There has to be legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they wouldn’t expect.
2. Limited for its purpose
Data should be collected for specified and explicit purposes and not used in a way someone wouldn’t expect.
Use of the cookies
Your policy should first define what cookies are and then explain what the organisation used the cookies for. It should stress that they are used to enhance the user experience and any tracking software used should also be stated.
Our fully customisable data protection course is now available in German
VinciWorks’ GDPR data protection course is now available in German. The course combines the latest in policy and law with best practice guidelines. It provides real-world scenarios, interactive features and review questions to test understanding of key points. By completing this course users will learn how to comply with data protection laws for their specific role in the organisation. The online training is based on the General Data Protection Regulations (GDPR).
German Data Protection Amendment Act
While GDPR will be coming into force across Europe on 25 May 2018, Germany has already enacted a new data protection law to prepare for the new regime. The German Data Protection Amendment Act (GDPAA) enters into force on 25 May 2018 and contains some key national differences with GDPR.
VinciWorks’ online GDPR course, Data Protection: Privacy at Work is now available in French. The course combines the latest in policy and law with best practice guidelines. It provides real-world scenarios, interactive features and review questions to test understanding of key points. By completing this course users will learn how to comply with data protection laws for their specific role in the organisation. The online training is based on the General Data Protection Regulations (GDPR).
While GDPR will be coming into force across Europe on 25 May 2018, France has already enacted some legislation to prepare for the new data protection regime.
The 1978 Data Protection Act was amended on 7 October 2016 by Law No. 2016-1321 for a Digital Republic (Digital Republic Law). The amendments were designed to prepare for additional protections on the processing and international transfer of such data as regulated by GDPR.
France’s data protection laws
The Digital Republic Law also introduced the right for minors to be forgotten and to request deletion of any personal data collected when they were under 18. People can also create digital wills to deal with their data posthumously and all electronic communication providers must give users to the option to transfer their data to a designated third party after they die.
If you are already preparing for GDPR, and with VinciWorks GDPR Guide to Compliance and our Data Protection: Privacy at Work course, you already should be, then most of what is in the Data Protection Bill will not be news to you. However this will explain the key points of the new Data Protection Bill that are different from GDPR.
Running to over 200 pages, with 194 clauses, 18 schedules and 112 pages of explanatory notes, the government describes the Bill as a “complete data protection system.” That system already exists however, and it’s called the General Data Protection Regulation.
The Bill is essentially Brexit-proofing GDPR by bringing in the European standard of data protection, along with allowed UK exemptions, no matter if, when or how the UK leaves the EU. Also the Bill is necessary to implement a single data protection regime as GDPR, as a European Directive, only applies to areas of law under EU competency. The Bill itself says things like: “Terms used in Chapter 2 and in the GDPR have the same meaning in Chapter 2 as they have in the GDPR.” So there’s no reason to throw out all the GDPR compliance work you might have done so far. Indeed, now is the time to speed it up.
As the countdown to GDPR implementation progresses, we have refreshed our course Data Protection: Privacy at Work to ensure users benefit from the latest in policy and practice.
New modules have been added and existing ones updated to take account of the coming data protection regime; both across Europe and in the UK specifically with the introduction of the new Data Protection Bill.
Global Data Protection Module
An in-depth, line by line comparative analysis of data protection legislation and regulations across more than 70 major countries. View a summary of data protection rules compared to GDPR for one country at a glance, or compare and contrast multiple jurisdictions to ensure staff all around the world understand their data protection obligations.
The threats to your personal and professional cyber security are ever-growing, with the needs of each organisation and employee varying. VinciWorks has therefore added a further six apps to it’s bank of available customisations.
What constitutes acceptable use of company resources? Review the do’s and don’ts of the fair and proper use of business equipment and protect it from unauthorised access.
Top tips and need-to-know’s on keeping company information in the right hands and away from the wrong eyes.