VinciWorks’ knowledge checks are five minute courses designed to help you and your staff assess their level of compliance, allowing you to decide on next steps. Feedback is given after each question is answered, allowing users to improve their knowledge while completing the assessment. A score is given at the end of each assessment, meaning users can easily establish how much they have yet to learn.
We have now released two knowledge checks focussing on specific aspects of data protection and the General Data Protection Regulation.
GDPR for Human Resources Staff
Each knowledge check offers feedback after each answer
This GDPR knowledge check was created for human resources staff and tests the following:
- HR’s role in complying with GDPR
- Processing and storing employees’ data
- Consent, subject access requests and conditions for processing data
- Employee rights with regards to GDPR
Section 11 of the Criminal Finances Act 2017 amends the Proceeds of Crime Act (POCA) and affects the regulated sector. The new data sharing regime enables regulated persons to request and share information with their regulated peers, free in most respects from contravening the EU’s General Data Protection Regulations (GDPR). Any disclosure “made in good faith” that does not breach any duties of confidence or “any other restriction on the disclosure of information”.
The purpose is to encourage the sharing of information from different entities in the regulated sector and better enable the collation of multiple reports of potential money laundering into a single Suspicious Activity Report (SAR).
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks
25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?
Your website can be accessed from around the world
How often have you got this message when trying to access a US-based website from an EU country?
GDPR, the mammoth new data protection regulation, came into force across the EU in May this year. Alongside it, the Data Protection Act 2018 was passed by the UK Parliament, replacing the DPA 1998 and giving the UK a single source of data protection legislation.
Designed to be read alongside GDPR, the DPA added to the bits of law that GDPR does not cover and expanded on the areas the UK chose to opt-out from or amend. One of these key areas is legal professional privilege. Legal professional privilege is a fundamental human right which allows clients to have open conversations with their lawyers in order to allow lawyers to provide their clients with the best service.
While the GDPR does not include any provisions for legal professional privilege, the DPA 2018 clearly stipulates that the provisions of the act do not apply to personal data that consists of information in respect of which a claim to legal professional privilege could be maintained. This could refer to legal professional privilege in legal proceedings or information in respect of which a duty of confidentiality is owed by a professional legal advisor to a client of the advisor.
Due to these changes, and what they mean for GDPR rights such as subject access requests, VinciWorks has produced a comprehensive guide to the DPA and legal professional privilege, in addition to our in-depth webinar on the Data Protection Act 2018.
On 25 May 2018 the long-awaited GDPR came into force across the EU. On the same day, the UK’s Data Protection Act 2018 also became law. While the DPA 2018 incorporates large chunks of GDPR wholesale, it also carved out some specific exemptions that UK businesses need to know about.
In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about. These include:
- The interconnected relationship between GDPR and the DPA
- The powers and role of the ICO
- How Brexit will affect data protection law
- Using automated decision making and customer profiling
- How to process criminal offence data in the UK
- The new criminal offences in the UK
Over the weeks leading up to the General Data Protection Regulation (GDPR) coming into force, VinciWorks has hosted a number of webinars on the topic, answering hundreds of questions in the process. You can get instant access to all our GDPR webinar recordings by clicking on the links below.
Understanding the Data Protection Act 2018
In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about.
Full-day GDPR webinar
On 24 May, the day prior to GDPR coming into force, VinciWorks hosted a full-day webinar including live Q&As, interviews with GDPR experts and helpful advice on complying with the new regulation.
Watch full webcast
GDPR – Data Protection Impact Assessments
During this webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.
Now that GDPR (General Data Protection Regulation) day has passed, the role of human resources officers within an organization has become even more significant. With the new regulations now in place, it is important for individuals working in HR to be aware of the new laws and standards in place for employee data protection in your area. VinciWorks’ guide to GDPR compliance for human resources staff will give you a clearer understanding and general knowledge of what is required.
Internet technology departments are extremely valuable when it comes to data protection compliance for an organisation. GDPR (General Data Protection Regulation) ensures that consumer and employee data is more secure than ever. What does that mean for the IT department? They must be careful when collecting and analysing information online. Any information collected that can be used to distinguish one individual from another is personal data.
To help organisations and IT departments understand what is required from them, VinciWorks has published a host of data protection resources including one specific to internet technology as well as many others. Understanding how to safely and securely collect and analyse data will ensure you meet all compliance guidelines as well as keep your consumers and employees protected.
When your organisation is using third parties, it is essential to complete your own due diligence equal to the risk faced from the said relationship. With businesses and partnerships around the world growing, it is essential to make sure all your relationships and third parties are legal and legitimate. VinciWorks’ guide to risk based third party due diligence will give you a clearer understanding of how to conduct a detailed and genuine risk assessment.
Article 5 of the General Data Protection Regulation requires demonstrable compliance with the new regulations. With GDPR now in force, ensuring your staff are aware of your organisation’s data protection policies is now more important than ever.
Data protection changes under GDPR
Are you familiar with GDPR? Does your organisation have a process for data portability? GDPR legislation now allows individuals to obtain and reuse their personal data for their own purposes across different services. Other changes include the requirement for certain organisations to appoint a Data Protection Officer. Further, under GDPR, sensitive information now includes biometric and genetic information. This means that organisations should familiarise themselves with GDPR and ensure staff understand how to process personal data.