Category Archives: GDPR

Read the latest content related to data protection and preparing for GDPR, as well as product and course updates, and helpful guides.

The logo of the Information Commissioner's Office

GDPR changes in the UK: reform of the ICO

The UK government is planning significant changes to the UK’s data protection regime. From re-orientating the Information Commissioner’s Office (ICO) to new ways for businesses to process data, these far-reaching GDPR reforms are set to have a significant impact on business. We covered these changes in depth in a previous article and webinar

High on the government’s agenda as outlined in their consultation is reform of the ICO – the Information Commissioner’s Office. This has been on the cards for sometime, with the government keen to align the ICO towards delivering the National Data Strategy. The Department for Digital, Culture, Media and Sport (DCMS) has outlined their proposed changes to the regulator.

Continue reading

On-demand webinar: Data Protection — What the UK wants to change

The UK government’s consultation on reforming data protection, launched on 9 September, sets out a radically different framework for data protection than GDPR. From re-orientating the Information Commissioner’s Office to new ways for businesses to process data, these far-reaching reforms are set to have a significant impact on business.

Although the plans have been announced in consultation and not every proposal may make it into law, the direction of travel has been clear for some time. The UK plans to make it much easier for most businesses to use data, and get the most from data, while still ensuring strong levels of protection.

In this short video, our Director of Learning and Content takes us through what the potential changes are and how they might affect the way we process data.

Watch now

Significant changes planned for UK data protection law

Here’s what you need to know about the UK’s plans to radically alter GDPR

The UK government’s consultation on reforming data protection, launched on 9 September, sets out a radically different framework for data protection than GDPR. From re-orientating the Information Commissioner’s Office to new ways for businesses to process data, these far-reaching reforms are set to have a significant impact on business.

Although the plans have been announced in consultation and not every proposal may make it into law, the direction of travel has been clear for some time. The UK plans to make it much easier for most businesses to use data, and get the most from data, while still ensuring strong levels of protection.

“The government wants to remove unnecessary barriers to responsible data use. A small hairdressing business should not have the same data protection processes as a multimillion-pound tech firm. Our reforms would move away from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard.” Department for Culture, Media and Sport.

Continue reading

On-demand webinar: GDPR — Back to the Office

Webinar invitation banner

As COVID-19 restrictions are lifted and businesses begin to return to the office, companies are taking a variety of approaches to managing the transition. While some are staying at home for now and others have gone back full time, most are opting for a hybrid working policy. While this might be a sensible and fair solution for the time being, having staff work both at home as well as the office raises several data security and GDPR compliance concerns.

In this webinar, we were joined by Dechert LLP’s Director of Risk and Compliance Mohbub Rahman to explore the key things you need to remember to keep data safe during the latest transition.

The webinar covered:

  • How companies are transitioning back to the office
  • How hybrid working works
  • Data protection risks in a hybrid working environment
  • How hackers and scammers took advantage during the pandemic
  • Best practice for data security with hybrid working

Watch now

Continue reading

GDPR: UK gains adequacy decision from the EU

But European Commission warns adequacy could be revoked ‘immediately’

The UK has adequate standards of data protection, the EU Commission ruled yesterday, allowing businesses to breathe a sigh of relief. This decision means that data can continue to flow between the UK and EU, despite the UK now being a ‘third country’. Several other countries including Uruguay, Canada and New Zealand are considered to have adequate standards of data protection by the EU. Without an adequacy decision, data flows between the UK and EU would have been severely disrupted, requiring a wholesale review of clauses and contracts to ensure data could be transferred as it is now between the EU and third countries such as South Africa, India and China.

While the adequacy decision has been adopted for four years, Didier Reynders, the European commissioner in charge of data protection, said the adequacy decision could be withdrawn “immediately” if the commission had serious concerns. 

Continue reading

GDPR compliance: In conversation with a data governance expert

On the three year anniversary of GDPR coming into force, VinciWorks hosted a webinar to look at the last three years of GDPR. We explored the effect the regulation has had on the way we collect and process data and discussed what we can expect in the next 12 months.

During the webinar we shared a conversation between our Director of Learning and Content Nick Henderson and Richard Hogg, who is the global Information Governance Director for White & Case LLP. Hogg, who has 20 years of global experience in the field, is responsible for global information governance across the firm. He previously worked at IBM, where he played a critical role in their journey to preparation for GDPR, and he speaks regularly on topics of privacy and information governance. Richard shared his expert perspective on GDPR and his views on the future of data protection.

GDPR – Three years on: Watch the full webinar here

Continue reading

GDPR: Standard Contractual Clauses published by European Commission

Your questions answered on the international data transfer component of GDPR

On Friday, 4 June 2021, the European Commission published the long-awaited Standard Contractual Clauses (SCCs) to help European companies transfer data outside of the EEA.

Organisations can carry on using the current SCCs for a further 3 months and 20 days, until 24 September, 2021. Then there will be 18 months and 20 days to get the new SCCs in place. This means that GDPR organisations must ensure that all vendor contracts and intra-group agreements contain the new SCCs by 24 December, 2022.

Continue reading

GDPR compliance: In conversation with a DPO

On the three year anniversary of GDPR coming into force, VinciWorks hosted a webinar to look at the last three years of GDPR. We explored the effect the regulation has had on the way we collect and process data and what we can expect in the next 12 months.

During the webinar, we shared a conversation between our Director of Learning and Content Nick Henderson and our Data Protection Officer Ruth Mittelmann Cohen in which Ruth shared the inside scoop regarding the ins and outs of being a DPO. They discussed a DPO’s responsibilities, the challenges of being a DPO, as well as best practice with regard to GDPR within an organisation. In this blog, we’ll share with you some of the insights from that conversation and see what we can learn from it about GDPR best practice within organisations.

GDPR – Three years on: Watch the full webinar here

Continue reading

On-demand webinar: GDPR – Three years on

VinciWorks events banner

The EU’s General Data Protection Regulation (GDPR) has now been in force for three years. During that time, fines have reached a total of over €280 million, the UK has left the EU and the ICO has announced that there will be a new Commissioner from October.

On the three year anniversary of GDPR coming into force, we were joined by White & Case LLP’s Global Information Governance Director Richard Hogg and VinciWorks’ DPO Ruth Mittelmann Cohen to look at the last three years of GDPR. We will explore the effect the regulation has had on the way we collect and process data and what we can expect in the next 12 months.

The webinar covered:

  • What can we learn from recent GDPR fines?
  • Does Brexit affect data protection regulation in the UK?
  • Best-practice guidance
  • How to implement effective training year-on-year
  • What does the future hold for GDPR in the UK?

Watch now

Continue reading

What can we learn from the ICO’s GDPR fines?

Since the EU’s General Data Protection Regulation (GDPR) came into force three years ago, there have been fines reaching a total of over €280 million, the UK left the EU and the ICO has announced that there will be a new Commissioner from October.

The ICO (Information Commissioner’s Office) is the UK’s independent authority set up to uphold information rights. The organisation aims to promote openness by public bodies and data privacy for individuals. Part of their role is to help ensure organisations meet their information rights obligations and take action when they don’t.

What can we learn from some of the GDPR offences committed and ICO penalties levied over the past few years? How can we avoid becoming the next casualty? Let’s look at a few examples and break them down. 

Ticketmaster 

What happened?

Ticketmaster, the popular online ticket purchasing platform, was fined £1.25 million in November 2020 for failing to keep its customers’ personal data secure. The data breach was caused by a cyber-attack on a chat-bot installed on its online payment page. The attack exposed names, payment card numbers, expiry dates and CVV numbers of up to 9.4 million of Ticketmaster’s customers across Europe and the UK.

Continue reading