Yes, There’s Still Time to Protect your Data Under GDPR

Recent suggests that almost half of UK businesses are preparing to receive non-compliance penalties, with many owners having already set aside funds in anticipation of a fine.

The research (conducted by data privacy firm, Ensighten) highlights a worrying amount of unpreparedness surrounding the new legislation and the additional responsibilities it will bring for organisations who wish to process and store personal data. CEO of Ensighten, Ian Woolley, comments that business owners are ‘aware, but still uncertain’ about GDPR, with 61% of survey respondents indicating they would like an extension of the deadline if one became available.

At What Cost?

A lot has been made of the potential penalties for non-compliance with GDPR. The shock value of The Information Commissioner’s Office (ICO)’s power to fine up to £17m, or 4% of annual turnover (whichever is higher) makes for eye-catching news articles indeed. However, organisations would do well to maintain a level-head on the matter and remember that their compliance efforts and behaviour will be taken into consideration when it comes to any fines incurred.

In this sense, it is important for companies to work on implementing a culture of data protection as standard – and as an ongoing commitment – rather than viewing GDPR as simply a box-ticking exercise with a ticking time-bomb attached.

How can VinciWorks Help?

The good news is that organisations still have time to educate their employees about the new legislation and what it will mean for data processors, subjects, and controllers at a practical, day-to-day level.

As firm believers that prevention is better than the cure, VinciWorks offer a range of GDPR eLearning courses, spanning from introductory modules to more comprehensive courses, and also includes microlearning courses to cover specific GDPR clauses that your employees may find tricky.

Specially developed to get organisations GDPR-ready, our comprehensive eLearning course, Protecting Data, offers a detailed yet accessible approach to GDPR legislation. Developed alongside subject experts, the course gives particular focus to the principles, rights, and obligations of GDPR, and offers learners the opportunity to test their knowledge by asking them to deal with realistic potential data-breaches.

To find out more, simply get in touch via the form below. It’s never too late to start your compliance journey.

Bribery whistleblowing policy template

Man passing over a bribe

The Bribery Act 2010 defines bribery in a very broad way, namely as a gift or donation intended to “induce a person to perform improperly, a relevant function or activity”. When it comes to any compliance matter, it is important to install a culture whereby all staff feel comfortable raising any concerns they may have, be it regarding the actions of a client, a colleague or a member of the management team. VinciWorks has therefore created a bribery whistleblowing policy template that can easily be edited to suit your organisation and include the appropriate contact people.

Download policy template

Continue reading

The role of online learning courses: How to learn?

A supermarket chain relied on existing staff to show new delivery drivers how to use powered pallet trucks safely. One new driver had been shown how to use a pallet truck at one site, but when he came across a different type of pallet truck at another site he didn’t understand how to stop it from moving. It crushed his foot, resulting in the amputation of two toes. The supermarket was fined £1 million, and the prosecution said that the supermarket should have had a “standardised training programme” so that every driver would know how to operate every truck they might need to use, safely. When it comes to safety at work, working it out as you go isn’t enough. Could online learning courses have been any help?

So what is the best way to teach people the skills they need to keep safe and healthy at work? One theory suggests that people can be categorised as visual, auditory and kinesthetic learners – that is, some learn better by seeing, some by listening and others by doing. However, there is as much evidence for this as there is for using birth signs to assign people to a career.

Can you imagine learning music without sound? Learning to drive without sitting in a vehicle? Learning to identify birds from a text description without a picture? Some skills are just better taught in a particular way.

So too with health and safety training, the debate shouldn’t be “classroom versus e-learning” or “online versus on-the-job” but “how can I best combine all the training tools available?”
To help you decide how you can integrate online learning with traditional training, we’ve included some of the pros and cons of classroom, on-the-job and online learning below.

Classroom learning:

What’s good about classroom learning?

  • A good teacher can respond to the needs of each learner and tailor the content dynamically
  • Students learn from each other as well as from the teacher
  • Safe environment away from workplace hazards
  • Can be based on best practice, research, and evidence
  • Can make use of videos, discussions, Q&A, role-play, props such as cut-down models of kit
  • Alternative approaches can be discussed
  • A teacher can assess understanding during the course, and an end of course test can be included
 Problems with classroom learning

  • A poor teacher makes errors and doesn’t engage students
  • Slower learners might find it difficult to keep up and be self-conscious about asking for help
  • Faster learners can get bored or distracted
  • Students have to attend a given location at given time
  • Classroom learning might not cover all the variations found on-the-job
  • Can be time-consuming, especially if travel is involved
  • In a classroom, some students can “hide” and a teacher might miss that they haven’t understood something important

On-the-job learning:

What’s good about on-the-job learning?

  • More realistic than a simulation, especially for practical skills involving equipment
  • A good way to pick-up tips you might not learn elsewhere
  • More productive for the employer as the learner is not away from the workplace
  • Results can be monitored on the job
  • Students learn to be confident in the workplace
 Problems with on-the-job learning?

  • It might be dangerous or inconvenient, or time-consuming for other staff
  • Might learn bad habits from colleagues
  • Might only learn one way of doing something when multiple techniques are needed
  • Someone great at their job might not be so good as a trainer
  • Hard to control the content and quality of the experience
  • Not good at teaching how to handle exceptions and emergencies

E-learning / Online learning courses: What’s good about online learning Courses?

E-learning / Online learning courses: What’s good about online learning?

  • Easy to access online learning from a desktop PC or mobile device 24/7 saving travel time and costs, and reducing time away from work.
  • Learners can work at their own pace – fast learners don’t get held back, and slow learners aren’t embarrassed if they want to repeat something.
  • Online courses can include tests with immediate feedback.
  • An online learning management system provides information about what content each learner has studied and how they have performed
 Problems with online learning courses

  • Lack of social interaction and exchange of views
  • Self-motivation and self-discipline needed (unless employers set aside specific time slots for employees)
  • Can’t ask questions or ask about a topic
  • Technology can be off-putting to those who don’t regularly use computers.
  • Unless the online course can be tailored, the training might be more detached from the workplace

From this list of pros and cons we can see that provided you have a great teacher and that students start with a similar level of knowledge and ability, classroom teaching is a good way of making sure that people understand the theory and “buy-in” to the principles presented. However, since online learning courses don’t depend on everyone having the same ability they can be really useful in bringing people up to the same level, for example before a classroom course. Online courses are also useful for refresher training, as they are easy to schedule and access. Knowledge can be tested effectively by both classroom and online courses, but that knowledge needs to be reinforced in the workplace and provided it can be done safely and recorded, checking competence is best done on-the-job. Online learning is automatically recorded by the learning management system, so where the same online learning management system can also be used to schedule, test and record classroom attendance and on-the-job training, the administration will be a lot easier.

Here are some examples of how you might blend these approaches to get the best results from your health and safety training:

Fire Safety
At a classroom induction on his first day, Charlie is told how the fire alarm system works in the building. When he meets his new manager she shows him (on-the-job) the nearest call point, the escape route, and the assembly area. In the first week, Charlie takes an online course in fire safety awareness which explains how the fire triangle works and provide historical examples to emphasise the importance of a prompt evacuation. Within six months, Charlie takes part in a fire drill and is involved in a feedback session. He decides he’d like to be a fire warden, so he sits a more advanced online course for fire wardens. Once he has passed this, the responsible person for fire runs a session for him and other new wardens which includes some time in a classroom and some practical (on-the-job) work around the building.

Manual handling
On-the-job – at induction Jim is walked around the workplace and shown some simple handling tasks he can do, and told which tasks he shouldn’t do until he has more experience. During the first week, his supervisor keeps an eye on him and reminds him when he needs to use the equipment. After a couple of weeks, Jim goes to a ½ day structured classroom course which explains the principles of muscles and levers and good handling technique, including team lifts. After the course, Jim’s supervisor assesses him on the job for team lifting. After six months, Jim’s supervisor suggests he sits an e-learning course. This provides a refresher of what he learned before and also teaches him about manual handling risk assessment. On successful completion, Jim has an on-the-job discussion with his manager and makes some suggestions for improvements to the workspace that will make handling tasks easier.

Work at height
At her induction classroom course, Janet is told not to do any work at height until she has had further training. In the first week, she does an online course which explains that this includes not climbing on furniture, for example using a chair to reach a high shelf, or climbing on a desk to change a lightbulb. In her first month, an experienced colleague who has been through a classroom train-the-trainer course shows Janet on-the-job how to do a ladder pre-use inspection, and checks she understands how to use the ladder safely. After a year Janet is sent on an external PASMA certified course to learn how to assemble and use a mobile access tower. The PASMA course includes classroom and practical elements. The first time she uses an access tower her experienced colleague observes on-the-job and provides feedback.

The future
Online learning is now widely available at low cost, but the quality varies so look out for courses which have been approved by external bodies such as RoSPA. Decide on your training needs first: know your hazards, decide what training people need to manage the hazards, and then decide how best to combine online learning courses with traditional approaches.

To view our library of e-Learning courses, click here
If you’d like a Free Trial of our courses, complete the form below and we’ll arrange access.

General Data Protection Regulations (GDPR)

“The new General Data Protection Regulations (GDPR) will give us one of the most robust, yet dynamic, set of data laws in the world.” UK Digital Minister, Matt Hancock.

Data Protection is changing and soon.  Will your organisation be ready to comply with these significant and extensive changes?

You have probably heard the term GDPR but, does your business fully understand the changes to be made to data protection laws and, the consequences for non-compliance?

What is GDPR?

GDPR (EU) 2016/679 is a regulation where the European Parliament Council for the European Union and the European Commission intend to strengthen and unify data protection for all in the EU.

Why the change?

The reason is twofold.  Firstly, the new regulations are designed to provide greater control for individuals over how their personal data is used.  Internet giants such as Google, Amazon and Facebook all frequently swap data.  The Data Protection Bill hopes to build trust in an ever-developing digital age.  Secondly, the regulations aim to provide a clearer and safer environment to work in.  The regulations which have taken four years to draft, introduce tougher fines and penalties for breaches and is intended to streamline laws across the EU.

When?

The Go Live date for GDPR is 24th May 2018!

So, time is of the essence.  Are you doing enough to stay in step with data protection?

A recent survey conducted on I.T. professionals by Imperva, revealed that 43% stated that they were assessing the required changes, approximately one third said they weren’t preparing for any changes and 28% were ignorant of any changes their employers were making in preparation for GDPR.

These are worrying statistics.  The rules of the game are changing and that means our behaviour and systems need to change in line, or face the consequences and the consequences are severe!

Does GDPR apply to your organisation?

If you use and hold data then the answer is, yes!

How many data lists do you have stored away in your business?  How much personal data is being held and is it being held securely?  Do you have a process in place to show an individual what data you hold on them and, if necessary, can you delete that data?

GDPR covers ‘controllers’ and ‘processors’.  A controller states how and why data is processed and a processor is the party who actually processes the data.

Controllers must ensure that data is used in a lawful manner and then delete this after use. A record of consent must be given before personal data is utilised.  Personal data includes IP addresses, economic, cultural and mental health information.  People have the right to know if data is being processed and how long it is stored for. Also, they have the right to ask for it to be deleted.

So, if you have staff in your organisation who think it is alright to carry data on memory sticks or leave laptops on trains with information saved on local drives, then you are failing to keep up with current best practice let alone be ready to comply with GDPR next year.

What are the consequences of non-compliance?

If your company choose to ignore the basic principles for processing data, your business will bear the reputational and financial consequences.  Fines for non-compliance are set at 4% of turnover or €20 million (whichever is the greater) and 2% or €10 million, for less serious failures such as failing to keep an up to date audit trail of your assurance policies and procedures.

According to analysis by NCC Group, fines levied by the Information Commissioner’s Office against businesses in 2016, would have been £69 million and not £880,500 had GDPR been in place.

Where do you start? 

Each organisation may face different priorities depending on the sector you are in, but a good starting point is your data storage.  Do you know where all your data is stored and critically, who has access to it?  Look at all your departments across your organisation and assess the data that is stored.  Ask who has access to that data and should they have access to it?

It is crucial to get all your staff on board.  This is a team effort.  Your whole organisation should be working together to change old practices and mindsets, and adhere to new policies.

How can GDPR Training help with compliance to the new regulation?

Training your staff is paramount and this should be ongoing.  Your personnel need to be informed regularly and any new systems or suppliers assessed appropriately. Keep GDPR at the top of your agenda!

If your staff do not understand the basic principles of data processing, VinciWorks’ cyber security training can help raise awareness of the potential threats to your business and how digital information can be compromised.  It shows how individuals can develop good security practices with recommendations for avoiding malicious activities.

VinciWorks’ GDPR compliance training course outlines the new General Data Protection Regulation. The course covers how GDPR is different from the Data Protection Act, what the changes mean for those who process personal data and what is required to remain compliant.

By providing GDPR training to your staff, you are ensuring that they understand the importance of GDPR to their role and to the organisation. These include the financial and reputational risks as well as the risk of disciplinary action if they were responsible for a data breach which harms the organisation. It is vital that staff know what to do if there is a data breach and how all data across the organisation is affected by the new Regulation.

The GDPR training also needs to be relevant. Employees should feel that the training material relates to them with links to relevant policies and procedures. VinciWorks’ GDPR compliance training is fully editable, so you can amend the content to make it relevant to your own approach to GDPR.

On-demand GDPR webinar – Data Protection Impact Assessments (DPIAs)

GDPR webinar banner

With GDPR day less than a month away, Director of Course Development Nick Henderson continued  to help organisations prepare for the new EU wide regulation. During the webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.

Read more: The VinciWorks GDPR training suite

The webinar covered:

  • The seven steps of conducting a DPIA
  • The suggested DPIA timeline
  • What to do if you haven’t yet started conducting your DPIAs
  • Who should be responsible for conducting and monitoring DPIAs
  • Shared tips from attendees

Key findings

  • 55% of attendees said they haven’t consulted externally on their DPIA while 27% said they have and 8% said they haven’t but they should have done
  • Biometric and genetic data are now special categories of data under GDPR and are required to be included in a DPIA
  • It is important to act on the recommendations of the DPIA and often are required to share findings with a third party, such as the Information Commissioner’s Office (ICO)
  • Only 4% of attendees have conducted a DPIA on everything while 30% are planning to begin the process soon

Watch now

Continue reading

British Overseas Territories must adopt public registers of beneficial ownership

A stack of coins with a figurine standing by it

What is a public register of beneficial ownership?

A public register of beneficial ownership is a centralised database or registry that contains information about the individuals or entities that ultimately own or control a company or legal entity. It aims to increase transparency and combat illicit activities such as money laundering, tax evasion, and corruption.

What is a declaration of beneficial ownership?

A declaration of beneficial ownership is a legal document or statement that discloses the individuals or entities who are considered beneficial owners of a company or legal entity. It is a means of providing transparency and fulfilling regulatory requirements in relation to ownership and control.

In the declaration, the company or entity typically identifies and discloses the individuals or entities that have a significant level of ownership or control over the organisation, even if their names do not appear on the official legal documentation. Beneficial owners are those who enjoy the benefits of ownership, such as receiving profits or having control over decision-making, regardless of the legal ownership structure.

Amendment to the Sanctions and Anti-Money Laundering Bill

On 1 May, Foreign Office minister Alan Duncan announced that the government would not oppose a Labour amendment to the Sanctions and Anti-Money Laundering Bill currently going through parliament that will introduce public ownership registers in Britain’s overseas territories.

The 14 overseas territories, including the British Virgin Islands and the Cayman Islands, will be forced to introduce the public registers by 2020 or have them imposed by the UK government. The amendment will not apply to the Crown Dependencies of Guernsey, Jersey and the Isle of Man as Parliament cannot legislate for them, but Conservative MP Andrew Mitchell who introduced the amendment along with Labour MP Margaret Hodge hoped the crown dependencies would also embrace the registers.

Continue reading