Category Archives: Data Protection

Free GDPR webinar on 21 March

GDPR webinar banner

Following from our webinar on GDPR, on 21 March at 12pm GMT Director of Course Development Nick Henderson and Director of Best Practice Gary Yantin will continue to explore the steps needed to take ahead of GDPR day. The webinar will focus on key issues revolving around preparing for GDPR.

The webinar will end with the opportunity to have any questions on the topic answered. You can register for the webinar by clicking on the button below.

Register now

VinciWorks to release new GDPR micro course

The General Data Protection Regulation (GDPR) is a major shakeup in data protection laws across all Member States of the EU. It will officially come into force on 25 May 2018, and as a Regulation, will automatically be applied in every Member State.

With GDPR just months from coming into full force, we are set to release a new micro course on the topic. The 10 minute course guides users through the changes being applied as a result of GDPR. GDPR: The Basics will complement our existing online GDPR course, GDPR: Privacy at Work.

Screenshot from GDPR micro course

Continue reading

GDPR Myth #3: You can’t send marketing emails anymore

Send button on computer keyboard

Will continuing to send marketing emails put your business at risk of breaching GDPR?

Do the General Data Protection Regulations (GDPR) mean you can’t send any more marketing emails?

JD Wetherspoons, the UK’s largest pub chain, hit the industry headlines last year when it decided to delete its entire marketing list. GDPR has injected a sense of impending doom into email marketers worried that carefully cultivated lists will need to be trashed come GDPR day.

This is not the case. GDPR does not prevent direct marketing taking place, nor does it mean your lists have to be deleted and collected again from scratch. However, it does mean marketers have a greater responsibility in processing personal data, and some issues around consent to market may have to be looked at.

Read more 

VinciWorks adds Subject Access Request module to GDPR course

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Continue reading

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Delete button on a computer keyboard

Does GDPR require businesses to delete all data upon an individual’s request?

The right to be forgotten is one of the key innovations of GDPR, but it’s not exactly a new right, nor is it absolute. It developed in European law in the aftermath of an important court case known as the Google vs Spain ruling. In 2010, a Spanish citizen complained about an outdated court order against him appearing on Google search results. The European Court of Justice agreed this infringed on his right to privacy and ruled that individuals have the right, under certain conditions, to ask search engines to remove links with personal information about them where the information is inaccurate, inadequate, irrelevant or excessive.

The right to be forgotten has been enshrined in GDPR as the right to erasure. This is slightly more encompassing than the original Google vs Spain rules, giving an individual the right to have their personal data erased and prevent it being processed in specific circumstances.

Read more: what should a GDPR compliant privacy policy include?

Continue reading

GDPR Myth #1: Fine of 4% of global turnover for your first GDPR offence

Question mark

Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?

It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.

Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m

However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.

Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.

Continue reading

VinciWorks’ online course plan

After a successful 2017 that saw over 170,000 course completions, we are excited to present our tentative plan for our new course releases and updates planned for 2018. Every year, Vinciworks plans its course schedule based on a combination of client feedback and prevalent compliance issues.

Updated cyber security training suite with two new courses

After several high profile cyber attacks exposed millions of systems in 2017, VinciWorks is set to release two mini courses to help staff protect themselves and their organisation from the latest threats. Each course can be completed in just five minutes. The two new courses are:

Continue reading

Free webinar: GDPR – 10 steps to take before May

21 FebruaryOn Tuesday 21 February at 12pm, Director of Best Practice Gary Yantin will be joined by Director of Course Development Nick Henderson to explore the challenges facing organisations in preparing for GDPR and give guidance on what still needs to be done.

The webinar will cover:

  • Is your organisation ready for the changes?
  • What are your biggest challenges?
  • Conducting Data Protection Impact Assessments (DPIA) and making the most out of them?
  • Dealing with sensitive categories of data
  • What to consider when appointing a Data Protection Officer
  • The Data Protection Bill 2018 There will be an opportunity for answering your questions.

The webinar will end with the opportunity to have any questions on the topic answered. You can register for the webinar by clicking on the button below.

Register now

GDPR: 10 things to do now

Data protection lock

The General Data Protection Regulation will come into full force on 25 May

The General Data Protection Regulation (GDPR) will officially come into force on 25 May 2018. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU will be required to comply.

If you haven’t started to comply, or are not sure what to do next, following these steps will help ensure you are ready for GDPR day.

1. Undertake a data audit

Organising an in-depth data audit across your organisation and all parts of the business is crucial to understanding where data exists, how it is used, and what should be done next. Think of data like oil running through an engine; it powers your organisation and makes it function, but it can also leak if the various conduits are not working properly. After an audit, you should be better able to identify risks, weak spots and priority areas to address.

Continue reading

New module added to Data Protection: Privacy at Work – Subject Access Requests

Subject Access Request module screenshot

GDPR mandates certain procedures when dealing with subject access requests

VinciWorks has added a new module to its data protection course, Data Protection: Privacy at Work. The new module on subject access requests explains what a subject access request is and how to respond to one. The module is the latest addition to the course, following the global data protection guide that was recently added.

Continue reading

Six months until GDPR implementation – how to prepare

Keyboard with GDPR implementation button

The General Data Protection Regulation comes into full force on 25th May 2018

There are now less than six months to go until GDPR implementation, when it becomes law throughout the EU, including the UK. Any business operating in the EU, serving EU customers or shipping orders inside Europe will need to comply.

From training staff to rewriting privacy policies, there’s a lot that needs to be done to ensure your business is ready for GDPR. If you’re in the UK, the new Data Protection Act will form the basis of data protection law. However, ensuring your business is ready for GDPR will also ensure you are ready for the new Data Protection Act.

What is in the new UK Data Protection Bill?

Along with transposing GDPR into UK law, the Bill will replace the UK’s DPA 1998 and ensure that data protection law remains Brexit-proof. Continue reading