As we approach a year since GDPR came into force, we will re-visit our popular GDPR Mythbusters series with a new round of questions and answers about data protection. Join us for a new webinar where our GDPR experts will tackle questions such as:
In a recent article published by QBE insurance group on the risks that law firms should look out for in 2019, our Director for Legal Services Pip Johnson shared her insights together with other compliance experts.
Pip flagged the Fifth Money Laundering Directive, which must be implemented into national regulations by this time next year. While the Fifth Directive is not as extensive as the Fourth Directive that came into force in 2017, there are still some changes to take on by the beginning of 2020. These changes include the regulation of cryptocurrencies such as Bitcoin, with some firms already having been asked to accept cryptocurrency payments. The Fifth Directive will also see enhanced due diligence requirements. Of course, Pip also discussed the effect Brexit could have on UK lawyers, with the UK due to implement its own Sanctions regime.
Other key takeaways from the interview:
EU Council Directive 2018/822, (DAC 6), that came into force last June requiring intermediaries involved in cross border tax transactions to retain details of potentially tax advantageous matters
An expected increase of comlaints to the Information Commissioner’s Office (ICO) for GDPR breaches
The upcoming reformed SRA Handbook and the new Accounts Rules
How Brexit could effect the UK’s laws and regulations and how they apply to UK law firms
28 January marks the 12th annual Data Protection Day, launched by the Council of Europe in 2006. The day marks the date on which the Council of Europe’s data protection convention, known as “Convention 108” was opened to signature. This was the first legally binding international treaty dealing with privacy and data protection.
Since the last Data Protection Day, the EU has made great strides in ensuring businesses respect and protect individuals’ personal data, with the General Data Protection Regulation (GDPR) coming into force on 25 May. The US looks set to follow suit with the California Consumer Privacy Act, which has a lot of similarities to GDPR, coming into force in January 2020. Further, Google’s recent €50 million fine by France and cyber security breaches reportedly costing UK victims over £190,000 a day shows still have a long way to go to ensure businesses truly protect personal data.
While some organisations are slowly working towards complying with GDPR, others are proactively reviewing their policies, processes and training. To help with compliance, the VinciWorks GDPR resource page is regularly updated with policy templates, five minute knowledge checks and direct access to all our GDPR webinars.
VinciWorks’ knowledge checks are five minute courses designed to help you and your staff assess their level of compliance, allowing you to decide on next steps. Feedback is given after each question is answered, allowing users to improve their knowledge while completing the assessment. A score is given at the end of each assessment, meaning users can easily establish how much they have yet to learn.
We have now released two knowledge checks focussing on specific aspects of data protection and the General Data Protection Regulation.
GDPR for Human Resources Staff
Each knowledge check offers feedback after each answer
This GDPR knowledge check was created for human resources staff and tests the following:
HR’s role in complying with GDPR
Processing and storing employees’ data
Consent, subject access requests and conditions for processing data
Section 11 of the Criminal Finances Act 2017 amends the Proceeds of Crime Act (POCA) and affects the regulated sector. The new data sharing regime enables regulated persons to request and share information with their regulated peers, free in most respects from contravening the EU’s General Data Protection Regulations (GDPR). Any disclosure “made in good faith” that does not breach any duties of confidence or “any other restriction on the disclosure of information”.
The purpose is to encourage the sharing of information from different entities in the regulated sector and better enable the collation of multiple reports of potential money laundering into a single Suspicious Activity Report (SAR). Continue reading →
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks
25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?
Your website can be accessed from around the world
How often have you got this message when trying to access a US-based website from an EU country?
GDPR, the mammoth new data protection regulation, came into force across the EU in May this year. Alongside it, the Data Protection Act 2018 was passed by the UK Parliament, replacing the DPA 1998 and giving the UK a single source of data protection legislation.
Designed to be read alongside GDPR, the DPA added to the bits of law that GDPR does not cover and expanded on the areas the UK chose to opt-out from or amend. One of these key areas is legal professional privilege. Legal professional privilege is a fundamental human right which allows clients to have open conversations with their lawyers in order to allow lawyers to provide their clients with the best service.
While the GDPR does not include any provisions for legal professional privilege, the DPA 2018 clearly stipulates that the provisions of the act do not apply to personal data that consists of information in respect of which a claim to legal professional privilege could be maintained. This could refer to legal professional privilege in legal proceedings or information in respect of which a duty of confidentiality is owed by a professional legal advisor to a client of the advisor.
Due to these changes, and what they mean for GDPR rights such as subject access requests, VinciWorks has produced a comprehensive guide to the DPA and legal professional privilege, in addition to our in-depth webinar on the Data Protection Act 2018.
On 25 May 2018 the long-awaited GDPR came into force across the EU. On the same day, the UK’s Data Protection Act 2018 also became law. While the DPA 2018 incorporates large chunks of GDPR wholesale, it also carved out some specific exemptions that UK businesses need to know about.
In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about. These include:
The interconnected relationship between GDPR and the DPA
The powers and role of the ICO
How Brexit will affect data protection law
Using automated decision making and customer profiling
Over the weeks leading up to the General Data Protection Regulation (GDPR) coming into force, VinciWorks has hosted a number of webinars on the topic, answering hundreds of questions in the process. You can get instant access to all our GDPR webinar recordings by clicking on the links below.
Understanding the Data Protection Act 2018
In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about.
During this webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.
Now that GDPR (General Data Protection Regulation) day has passed, the role of human resources officers within an organization has become even more significant. With the new regulations now in place, it is important for individuals working in HR to be aware of the new laws and standards in place for employee data protection in your area. VinciWorks’ guide to GDPR compliance for human resources staff will give you a clearer understanding and general knowledge of what is required.