How ready are you for GDPR, set to come into force on 25 May? Has your organisation implemented all possible technical measures to protect people’s data? What still needs to be done to prepare for GDPR day? VinciWorks’ GDPR compliance assessment will help your staff assess where they stand in their compliance with the new regulations and what still needs to be done.

Get your own GDPR compliance score

Have you conducted any GDPR focused data audits? Have you updated privacy notices for GDPR? These are just two of the questions that will come up in the assessment. Upon completion, the assessment will return one of four ratings, with an exact percentage score.

Take the GDPR compliance assessment

Continue reading

It’s not true. If you do absolutely nothing to prepare for GDPR, take 25 May off, put your out-of-office on and don’t pay any attention to anything related or connected to GDPR, you’ll be found out pretty quickly.

What happens if I don’t comply with GDPR?

First of all, people will know you aren’t complying because your privacy notices will not be GDPR compliant. They must identify the legal basis for processing data, and if that’s consent, then the consent being taken must comply with GDPR rules.

GDPR consent rules are a lot more specific than previous ways to collect consent, so much so that consent which does not meet GDPR requirements will not be valid after 25 May and you’ll be in breach of GDPR if you rely on it.

Continue reading

With GDPR day fast approaching, organisations across Europe should be working towards full GDPR compliance. However, recent polls during VinciWorks’ webinar, GDPR – 10 steps to take before May, show that businesses still lack clarity and direction on how to prepare for the new data protection laws under GDPR.

Below are some of the key findings of the polls and guidance on how we can make sure we are ready for GDPR, or at least on the way to full compliance, come GDPR day.

Click here to download a free recording of the webinar

Preparing for new rights under GDPR

While less than 5% of organisations had fully prepared for the new right of individuals under GDPR, a worrying 35% feel that they are not at all prepared for the new rights.

Continue reading

With so much attention given to the marketing and IT departments when it comes to GDPR compliance, it’s easy to overlook the other parts of the business that will be impacted. HR is probably one of the most affected areas in a business, as the new rules apply to employee information as well, not just customers. GDPR is about the regulation of all personal data, and HR departments have a lot of it.

GDPR requires you to identify the lawful basis for processing data. This would normally be consent, i.e. the person agrees for their data to be processed. But GDPR complicates this when it comes to employee/ employer relationships. Under GDPR, consent has to be freely given, and not as a condition for another service, such as a job. Due to the imbalance in a relationship between the employee and the employer, it is not clear that relying on consent would hold up under GDPR. Consent can also be withdrawn at any time under GDPR, and without a fallback ready, processing activities would need to stop.

Continue reading

“We don’t do marketing.” “We already comply with the DPA.” “We outsource our IT.”

Does the legal sector need to worry about GDPR?

These are all bedtime stories some in the legal sector have been telling themselves about GDPR. The truth is, like any business, the legal sector must be ready for GDPR-day in May. There’s a lot of evidence to suggest it isn’t.

Law firms are both controllers and processors of their client’s data, meaning there are quite a lot of rules that must be followed. Current data collection methods, particularly consent, must be reviewed before May. It’s crucial to review the conditions for processing data and identify the correct legal basis. Some conditions, like consent, may not be valid for all processing activities after May.

Continue reading