Category Archives: GDPR

Read the latest content related to data protection and preparing for GDPR, as well as product and course updates, and helpful guides.

Upcoming webinar: Is GDPR over? What Brexit means for UK data protection law

Webinar invitation banner

Tuesday 28 January, 12:00pm

On 31 January 2020, the UK will leave the European Union, and GDPR as we know it will come to an end.

From exit day, the GDPR we have become familiar with will disappear from the statute book and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 will come into effect. This will result in hundreds of changes to both the GDPR text in UK law and the Data Protection Act 2018.

In this webinar, our Director of Best Practice Gary Yantin will be joined by Director of Course Development Nick Henderson and DPO Ruth Cohen to help organisations understand what data protection looks like in a post-Brexit world.

The webinar will cover:

  • How Brexit will impact on UK data protection law
  • What changes organisations, DPOs and compliance officers need to make to their policies and procedures
  • The most recent GDPR cases from across the UK and Europe
  • The latest in compliance advice and inside tips
  • Answering all your GDPR and Brexit questions

Register now

Continue reading

Get ePrivacy done. Unleash GDPR’s potential.

Get ePrivacy done

It’s hard to think of something going on longer than Brexit, but the ePrivacy rules might just be it.

What is the ePrivacy regulation?

The existing 2002 ePrivacy regulation covers electronic communications. This means email marketing, cookies on websites, and privacy in electronic communications. The existing one was meant to be updated and implemented with GDPR in May 2018, but… it hasn’t happened. 

The goal of a new ePrivacy regulation is to develop a regulatory framework for machine-to-machine communications and the internet of things.

Continue reading

Will your Christmas cards cause a GDPR breach?

Company Christmas card
Are your company’s Christmas cards GDPR friendly?

It might sound like a Daily Mail headline, but don’t dismiss this as political correctness gone mad just yet. Your company Christmas cards could very well result in a data protection violation.

Santa Claus checks his list twice, and so should you. Keeping marketing lists up to date is vital for GDPR compliance and sending out the annual Christmas card is no different than any other mass mailing. Are there people on the list who’ve objected to receiving marketing information, or former customers your business hasn’t dealt with in years? Strike them off. The last thing you’ll need in the new year is a flurry of data protection complaints.

Continue reading

VinciWorks releases GDPR refresher training with specialised modules

Compliance with the General Data Protection Regulation (GDPR) is an ongoing process. Organisations should regularly review and update their policies and data collection processes, as well as take training. The best way to refresh staff’s knowledge is to enrol them in a new course around once a year, rather than simply ask them to take the same course they took a year ago. With GDPR now having been in force for over a year, VinciWorks will be adding a new course to the GDPR training suite that includes both refresher training and role-specific advanced modules.

How does the course work?

The recommended use of GDPR: A Practical Overview is to put all staff through the basic six modules, and to add advanced modules for specialised staff in certain departments. Personalisation questions at the beginning of the training means staff in roles that require advanced training, such as HR, IT and marketing, can choose to take job-specific modules. The basic modules cover the basics of datakeeping data safeworking from homedata subject rights and data breaches, with review questions included within each module.

Continue reading

The five basic data privacy rules for US compliance

The five data principles

The meaning of data can be as broad as any information, from health records to a lunch order. Different kinds of data are subject to different laws with varying levels of severity. Data about a person’s health, for example, is subject to a strict set of regulations known as HIPAA. Here is some guidance on protecting your clients’ and colleagues’ data through five basic data privacy rules.

The key data principles

While specific rules on data can vary by state and jurisdiction, there are some basic rules that should always be followed. You need to be aware of these because everyone in an organization is responsible for protecting the data held on employees, customers and clients.

Continue reading

British Airways data breach – GDPR fines may reach new heights

British Airways plane

Information Commissioner’s Office (ICO) announces its intention to fine British Airways for a data breach under GDPR

The ICO have just published its Notice of Intent to fine British Airways £183.39 million for infringements of the security principle of GDPR. The breach was disclosed by the airline back in  September 2018.

While the ICO has merely published its intention and no actual fine has been imposed, the fact that the ICO has published a Notice of Intent suggests that it has enough evidence of the breach to keep British Airways on the hook.

The ICO’s investigation found that a variety of information was compromised by poor security arrangements at the company, including login, payment card, and travel booking details, as well as the name and address of customers.

Continue reading

On-demand webinar: GDPR – A Year in Review

GDPR webinar banner

A year has passed since GDPR came into force. In our recent webinar, Director of Course Development Nick Henderson and Data Protection Officer Ruth Cohen looked at how businesses dealt with GDPR. Ruth gave guidance on how to make sure your organisation maintains compliance as the regulation enters its second year.

The webinar covered:

  • A review of the requirements under GDPR
  • How often should staff be trained on GDPR?
  • What measures should be taken to maintain compliance?
  • How to avoid data breaches and what to do in the event of a breach
  • Answering any GDPR questions from registrants

Watch now

Key takeaways

  • 19% of attendees said they are “very confident” the data they work with is sufficiently protected
  • 20% of our attendees are still unsure of what privacy by design and privacy by default mean
  • Organisations should run “fire-drill” like exercise to ensure they are equipped to deal with any data breach
  • Targeted GDPR training is recommended as it enables those in specific roles such as marketing, HR and IT to take the training most relevant to them
Continue reading

How often should staff train on GDPR?

The EU’s General Data Protection Regulation (GDPR) has now been in force for a while. The regulation increases the responsibility and liability of organisations, with hefty fines having already been handed to Google by French authorities and other giants such as Whatsapp and Facebook facing investigations.

How often should staff take GDPR training?

The Information Commissioner’s Office (ICO), the UK’s data protection authority, spells out that staff must be trained, and regularly. The ICO states:

The GDPR requires you to ensure that anyone acting under your authority with access to personal data does not process that data unless you have instructed them to do so. It is therefore vital that your staff understand the importance of protecting personal data, are familiar with your security policy and put its procedures into practice. You should provide appropriate initial and refresher training.

Continue reading

GDPR training requirements – Your how-to guide to data protection training

Nick Henderson, Director of Course Development at VinciWorks
Nick Henderson, Director of Course Development at VinciWorks

GDPR has been law across Europe since 25 May, 2018. It represented a sea-change in how companies must treat data. For any complex regulation, training is one of the best ways to mitigate the risk of things going wrong, and support staff to do it right. Online training is particularly effective when it comes to GDPR training because data protection is about the practical, every-day requirements of keeping data safe and secure.

An ongoing programme of effective GDPR training has many benefits, including:

  • Increased job satisfaction amongst employees who know they are following best practice across the board
  • Improved processes and procedures inside the organisation
  • Reduced maintenance costs
  • Improved consumer confidence and trustworthiness
  • Better data security and reduced risk of a data breach
  • Potential to enhance the reputation of the company as being at the forefront of data protection
Continue reading

Updated GDPR guide to compliance

The General Data Protection Regulation (GDPR) has been in full force across the EU since 25 May 2019. As of 25 January, 2019, eight months to the day since GDPR came into force, national data protection authorities reported nearly 100,000 complaints from concerned citizens. Google has already been fined by French authorities and several social media giants are currently being investigated.

The law applies to all businesses with customers in the EU, no matter where in the world they are based, and mandates much stricter data protection rules than ever before.

GDPR compliance should be an ongoing process and business must regularly review and, when necessary, update their policies, procedures and training to maintain compliance.

As a companion to our GDPR training suite, we have updated our GDPR compliance guide. The guide is suitable for both organisations who are fully compliant and would like to review the requirements of GDPR and those who have yet to reach full compliance.

Download the guide