Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?
It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.
Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m
However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.
Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.
The number of cyber attacks hit an all-time high last year, with the threat expected to increase in 2018. The highest profile attack, WannaCry, affected over 230,000 organisations worldwide and caused the NHS to cancel appointments and operations. Human error remains the most likely cause of cyber breaches, with phishing emails the no. 1 tactic used by attackers. In more sophisticated attacks, such as spear phishing attacks, phishing emails will target individuals or organisations, being more personalised to include the victim or company’s name. The results of such an attack can be devastating, often resulting in sensitive information being compromised and financial repercussions.
Two new courses added to cyber security suite
VinciWorks’ cyber security suite has now been updated to help protect staff from the latest threats. We have added two new short courses, allowing users to learn how to protect themselves and their organisation in just five minutes.
What is your organisation doing to embrace social responsibility? Social responsibility initiatives are not only good for the community, they build brand equity and reputation, and enhance client satisfaction. VinciWorks has created a free corporate social responsibility (CSR) policy template that can be used to clearly communicate CSR initiatives to clients and align employee behaviour.
Download policy template
What should be included in a CSR policy?
Here is some guidance on what to include in your corporate social responsibility policy:
Begin the policy by acknowledging that the way your business is run affects society. While organisations have a responsibility towards their staff, clients and contractors, they must also consider the wider community in which they operate. The introduction should also state your organisation’s commitments to CSR.
After a successful 2017 that saw over 170,000 course completions, we are excited to present our tentative plan for our new course releases and updates planned for 2018. Every year, Vinciworks plans its course schedule based on a combination of client feedback and prevalent compliance issues.
Updated cyber security training suite with two new courses
After several high profile cyber attacks exposed millions of systems in 2017, VinciWorks is set to release two mini courses to help staff protect themselves and their organisation from the latest threats. Each course can be completed in just five minutes. The two new courses are:
On Tuesday 21 February at 12pm, Director of Best Practice Gary Yantin will be joined by Director of Course Development Nick Henderson to explore the challenges facing organisations in preparing for GDPR and give guidance on what still needs to be done.
The webinar will cover:
- Is your organisation ready for the changes?
- What are your biggest challenges?
- Conducting Data Protection Impact Assessments (DPIA) and making the most out of them?
- Dealing with sensitive categories of data
- What to consider when appointing a Data Protection Officer
- The Data Protection Bill 2018 There will be an opportunity for answering your questions.
The webinar will end with the opportunity to have any questions on the topic answered. You can register for the webinar by clicking on the button below.
The General Data Protection Regulation will come into full force on 25 May
The General Data Protection Regulation (GDPR) will officially come into force on 25 May 2018. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU will be required to comply.
If you haven’t started to comply, or are not sure what to do next, following these steps will help ensure you are ready for GDPR day.
1. Undertake a data audit
Organising an in-depth data audit across your organisation and all parts of the business is crucial to understanding where data exists, how it is used, and what should be done next. Think of data like oil running through an engine; it powers your organisation and makes it function, but it can also leak if the various conduits are not working properly. After an audit, you should be better able to identify risks, weak spots and priority areas to address.
Are your staff able to spot suspicious transactions when it comes to money laundering?
There are many ways that someone will try to launder money, meaning that spotting the crime before it’s too late can sometimes be challenging. Here is some guidance on how to spot suspicious transactions and best practice on how to deal with such suspicions.
Seven ways people may launder money
The guidance below is taken from our interactive e-learning course, Anti-Money Laundering: Know Your Risk. You can demo the course for free here.
Definition: payment for a service or product online through a credit card and other electronic payment systems.
The risk: e-commerce payments create ample opportunity for money laundering and terrorist financing. Selling counterfeit goods online or no goods at all or making payments and transfers where the credit card or the user does not need to be verified are often a blind spot in AML prevention measures.
Tip: have strong identity verification measures and transaction monitoring in place. Using technology to uncover suspicious activity can help reduce the money laundering risk of online payments.
The beginning of a new year is a good opportunity to formalise learning objectives and prepare training schedules. With many new regulations implemented in 2017, and more to come in 2018, VinciWorks has prepared guidance to help you focus on the important compliance topics for the coming year.
General Data Protection Regulation
GDPR will be coming into full force on 25 May. Companies will need to implement staff training, rewrite their privacy policies, review the ways they currently obtain consent from data subjects and assess whether their processes will be valid under GDPR. You can learn more about preparing for GDPR here. We have also published a free data protection policy template and have released a GDPR training course.
2017 ended with a flurry of allegations against high-profile men, many of whom in the music and entertainment industry, as well as allegations against members of Parliament. The allegations came to light following Hollywood producer Harvey Weinstein’s fall from grace after several women accused him of sexual assault and rape. In late 2017, the #MeToo campaign on social media, together with a BBC survey showing half of the women in the UK have been sexually harassed in the workplace, shed further light on how serious and rampant the issue of sexual harassment at work has become.
What to expect this year in AML
2017 was a big year in money laundering. The EU deadline for the implementation of the Fourth Money Laundering Directive came and went, with the UK passing its Money Laundering Regulations 2017 just in time, even as other EU nations rushed to catch up. However, the ink hadn’t even dried on the bills as the EU reached an agreement on the Fifth Money Laundering Directive late in December 2017, with the final text due to be agreed upon sometime in 2018.
Download an anti-money laundering compliance timeline for 2018
There are some important money laundering milestones to bear in mind for 2018. VinciWorks has published a month by month guide to anti-money laundering in 2018. The guide, 2018 – the year in money laundering, includes some of the key upcoming moments that relate to money laundering in 2018, including the fallout from the Fourth Directive, preparing for other crucial changes such as GDPR, and the expected FATF review of the UK.
Anti-money laundering e-learning training
VinciWorks’ latest anti-money laundering course, AML: Know Your Risk, covers six interactive modules and allows users to delve into realistic anti-money laundering scenarios. Users can also receive instant feedback on their answers to the questions in the course. You can demo the course for free here.