To what extent are you up-to-date on your knowledge of the General Data Protection Regulation? VinciWorks’ new five minute GDPR knowledge check will help you and your staff assess their level of compliance, allowing you to decide on next steps. Feedback is given after each question is answered, allowing users to improve their knowledge while completing the assessment. A score is given at the end of each assessment, meaning users can easily establish how much they have yet to learn.
How ready are you for GDPR, set to come into force on 25 May? Has your organisation implemented all possible technical measures to protect people’s data? What still needs to be done to prepare for GDPR day? VinciWorks’ GDPR compliance assessment will help your staff assess where they stand in their compliance with the new regulations and what still needs to be done.
Get your own GDPR compliance score
Have you conducted any GDPR focused data audits? Have you updated privacy notices for GDPR? These are just two of the questions that will come up in the assessment. Upon completion, the assessment will return one of four ratings, with an exact percentage score.
It’s not true. If you do absolutely nothing to prepare for GDPR, take 25 May off, put your out-of-office on and don’t pay any attention to anything related or connected to GDPR, you’ll be found out pretty quickly.
What happens if I don’t comply with GDPR?
First of all, people will know you aren’t complying because your privacy notices will not be GDPR compliant. They must identify the legal basis for processing data, and if that’s consent, then the consent being taken must comply with GDPR rules.
GDPR consent rules are a lot more specific than previous ways to collect consent, so much so that consent which does not meet GDPR requirements will not be valid after 25 May and you’ll be in breach of GDPR if you rely on it.
Prepare your whole organisation for GDPR with VinciWorks’ GDPR training suite
The General Data Protection Regulation (GDPR) officially came into force on 25 May 2018. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU is required to comply. To help organisations prepare all their staff for GDPR, VinciWorks has expanded its GDPR training suite, adding new courses and a knowledge check, and updating its course, GDPR: Privacy at Work. We have also created a GDPR resources page, full of useful resources that can be purchased together with the training suite.
The General Data Protection Regulation (GDPR) is a major shakeup in data protection laws across all Member States of the EU. It came into force on 25 May 2018, and as a Regulation, was automatically applied in every Member State.
GDPR: The Basics is a 15 minute course that guides users through the changes being applied as a result of GDPR. GDPR: The Basics complements our existing online GDPR course, GDPR: Privacy at Work.
How does your organisation collect and process any cyber security or data breaches or concerns as they come up? How does your organisation plan on keeping track of subject access requests or your data protection impact assessment as you prepare for General Data Protection Regulation (GDPR) day and beyond?
Under GDPR, new rights, such as the “right of data portability”, means data subjects can request for their data to be transferred directly to another system for free, as opposed to having to pay for this under the UK Data Protection Act 1998. Further, under GDPR, it will also have to be provided in a way that makes it easy for a computer to read (e.g. via a spreadsheet). Another new right, The right to erasure, allows individuals to request the deletion or removal of their personal data, including information published or processed online.
How can GDPR registers help?
Globally, organisations are bound by complex and ever-changing legal and compliance obligations. Without a structured and secure data collection system, organisations waste time and resources ensuring compliance and uncovering business intelligence. Omnitrack is VinciWorks’ solution to collecting, storing and managing data. It allows managers to be instantly notified of any data breaches or concerns, subject access requests, policy or procedure updates, and any compliance concerns or questions surrounding GDPR.
Research by media agency the7stars has found widespread interest in the new ‘right to be forgotten’ provision of the General Data Protection Regulation (GDPR). More than a third of respondents (34%) say they will exercise this right. With GDPR coming into force in May, this news may cause alarm among businesses who may not have any established processes for handling deletion requests from individuals.
But what exactly is the right to be forgotten, and how might this impact organisations in the UK?
The right to erasure
This provision exists so that people have the right to object to organisations holding their personal data. In simple terms, if you wanted your favourite supermarket to stop sending you emails, you have the right to request that they delete your email address and any other personal information they may hold.
There are exceptions to this right – so if an organisation has a need or a compelling reason to retain your data, then your request can be denied.
When the right to erasure applies
As an individual, you can usually request the deletion of your data when:
- Your personal data is no longer required for the purpose it was collected for
- You withdraw consent
- You object to having your data processed (assuming there is no overriding legitimate reason for processing)
- Your data was unlawfully processed
- Your data must be erased to comply with a legal obligation.
When organisations can decline requests
There are a number of occasions when organisations can refuse to comply with deletion requests. If your organisation has a valid reason for retaining personal information, you may be protected under one of these provisions.
Legitimate reasons for refusing to comply:
- To protect the public interest, or in the interest of public health
- To exercise your right of freedom of expression
- Archiving for public interest, historical, scientific or statistical purposes
- Exercising or defending legal claims
- To comply with a legal obligation, exercising official authority or to perform a public interest task.
Deleting third-party data
While it might be relatively easy to delete the data you hold on a particular person, GDPR also requires that you notify any other organisations that you have shared the data with. This might include marketing partners, data processors and other suppliers.
The challenges of complying with this part of the legislation may encourage organisations to reassess how personal data is managed and shared. Organisations may find it preferable to limit the spread of data so that it can be more easily identified – and deleted when required.
GDPR training from VinciWorks
If your organisation needs help getting ready for GDPR, our suite of eLearning programmes can help. Because our training is online, it can be delivered efficiently, at any time. As part of our GDPR eLearning offering, we have both comprehensive and short-courses available. These cover topics including: Protecting Data, Preparing for GDPR, Privacy Impact Assessments, Accountability and The Right to be Forgotten.
How do you ensure all your staff feel comfortable in their workplace, without being spoken to, touched, or treated inappropriately by their colleagues or managers?
At the end of 2017, the people behind the #MeToo movement were named Time Magazine’s Person of the Year 2017. What started as a drip of revelations and flushing out of open secrets in the media and entertainment industries became a flood at the end of the year, with once powerful men across nations and industries being exposed for the sexual predators, abusers and bullies they are.
With GDPR day fast approaching, organisations across Europe should be working towards full GDPR compliance. However, recent polls during VinciWorks’ webinar, GDPR – 10 steps to take before May, show that businesses still lack clarity and direction on how to prepare for the new data protection laws under GDPR.
Below are some of the key findings of the polls and guidance on how we can make sure we are ready for GDPR, or at least on the way to full compliance, come GDPR day.
Click here to download a free recording of the webinar
Preparing for new rights under GDPR
While less than 5% of organisations had fully prepared for the new right of individuals under GDPR, a worrying 35% feel that they are not at all prepared for the new rights.
New US Anti-Money Laundering rules will cause a data deluge while the EU General Data Protection Regulation turns data combustible.
May 2018 is not a long way off, and it’s going to be an explosive month for compliance. Two earth-shattering changes are coming. Firstly, on 11 May, new client due diligence (CDD) rules for beneficial owners come into effect. Secondly, on 25 May, GDPR goes live. The first change requires mass amounts of data to be collected, while the second change greatly restricts how that data can be used and introduces eye-watering fines for getting it wrong.
What’s changing for CDD in the US?
The United States Financial Crimes Enforcement Network (FinCEN) is requiring financial institutions operating in the US to process and vet sanctions data, negative-news data, corporate associations, individual associations and more on ultimate beneficial owners (UBO). Essentially, institutions will need to be able to track the entire relationship from customer to UBO, and all the corporate vehicles in between them.