On-demand webinar: GDPR – A Year in Review

GDPR webinar banner

A year has passed since GDPR came into force. In our recent webinar, Director of Course Development Nick Henderson and Data Protection Officer Ruth Cohen looked at how businesses dealt with GDPR. Ruth gave guidance on how to make sure your organisation maintains compliance as the regulation enters its second year.

The webinar covered:

  • A review of the requirements under GDPR
  • How often should staff be trained on GDPR?
  • What measures should be taken to maintain compliance?
  • How to avoid data breaches and what to do in the event of a breach
  • Answering any GDPR questions from registrants

Watch now

Key takeaways

  • 19% of attendees said they are “very confident” the data they work with is sufficiently protected
  • 20% of our attendees are still unsure of what privacy by design and privacy by default mean
  • Organisations should run “fire-drill” like exercise to ensure they are equipped to deal with any data breach
  • Targeted GDPR training is recommended as it enables those in specific roles such as marketing, HR and IT to take the training most relevant to them
Continue reading

How often should staff train on GDPR?

Updated April 2022

The EU’s General Data Protection Regulation (GDPR) has now been in force for a while. The regulation increases the responsibility and liability of organisations, with hefty fines having already been handed to Google by French authorities and other giants such as Whatsapp and Facebook facing investigations.

GDPR training for employees

All staff who are involved in the processing and storing of data must be familiar with their organisation’s data protection policy and follow it. Training is one of the key measures a company can take to help their staff understand and follow their organisation’s data protection procedures and comply with the GDPR regulation. But a one-off generic course is not enough. Training should be relevant and speak to each user’s unique role and responsibilities.

How often should staff take GDPR training?

The Information Commissioner’s Office (ICO), the UK’s data protection authority, spells out that staff must be trained, and regularly. The ICO states:

The GDPR requires you to ensure that anyone acting under your authority with access to personal data does not process that data unless you have instructed them to do so. It is therefore vital that your staff understand the importance of protecting personal data, are familiar with your security policy and put its procedures into practice. You should provide appropriate initial and refresher training.

Continue reading

GDPR training requirements – Your how-to guide to data protection training

Nick Henderson, Director of Course Development at VinciWorks
Nick Henderson, Director of Course Development at VinciWorks

GDPR has been law across Europe since 25 May, 2018. It represented a sea-change in how companies must treat data. For any complex regulation, training is one of the best ways to mitigate the risk of things going wrong, and support staff to do it right. Online training is particularly effective when it comes to GDPR training because data protection is about the practical, every-day requirements of keeping data safe and secure.

Does GDPR require employee training?

All staff who are involved in the processing and storing of data must be familiar with their organisation’s data protection policy and follow it. Training is one of the key measures a company can take to help their staff understand and follow their organisation’s data protection procedures and comply with the regulation. But a one-off generic course is not enough. Training should be relevant and speak to each user’s unique role and responsibilities.

Is GDPR training mandatory?

While GDPR training may or may not be mandatory, depending on your jurisdiction and the type of organisation, the bottom line is that GDPR compliance is mandatory. Training that is relevant to each user’s specific role and responsibilities and that includes realistic scenarios and the option to customise can go a long way in ensuring that staff understand and have the tools they need to comply with the regulation.

Benefits of GDPR Training

An ongoing programme of effective GDPR training has many benefits, including:

  • Increased job satisfaction amongst employees who know they are following best practice across the board
  • Improved processes and procedures inside the organisation
  • Reduced maintenance costs
  • Improved consumer confidence and trustworthiness
  • Better data security and reduced risk of a data breach
  • Potential to enhance the reputation of the company as being at the forefront of data protection
Continue reading

Updated GDPR guide to compliance

The General Data Protection Regulation (GDPR) has been in full force across the EU since 25 May 2019. As of 25 January, 2019, eight months to the day since GDPR came into force, national data protection authorities reported nearly 100,000 complaints from concerned citizens. Google has already been fined by French authorities and several social media giants are currently being investigated.

The law applies to all businesses with customers in the EU, no matter where in the world they are based, and mandates much stricter data protection rules than ever before.

GDPR compliance should be an ongoing process and business must regularly review and, when necessary, update their policies, procedures and training to maintain compliance.

As a companion to our GDPR training suite, we have updated our GDPR compliance guide. The guide is suitable for both organisations who are fully compliant and would like to review the requirements of GDPR and those who have yet to reach full compliance.

Download the guide

GDPR Compliance Myth #11: There’s no such thing as free will

Thinking statue
When it comes to GDPR, do users have free will?

Is free will an illusion? Determinist philosophers might think so. Ancient Greek thinkers Leucippus and Democritus were two of the first to theorise that all processes in the world were due to a mechanical interplay at an atomic level, precluding the idea of human beings exercising any kind of free will in a universe operated by deterministic forces.

Aristotle, however, stated that we have the power to do or not to do, and free will can exist when we are aware of the particular circumstances of our actions. However, he still left unanswered the question of defining the choices we make based on causes outside of our control.

On-demand webinar – GDPR Mythbusters 2019

Continue reading

On-demand webinar: GDPR Mythbusters 2019 – Are you compliant?

As we approach a year since GDPR came into force, in a recent webinar we revisited our popular GDPR Mythbusters series with a new round of questions and answers about data protection. Our Director of Best Practice Gary Yantin and Director of Course Development Nick Henderson answered the following questions:

  • Are huge GDPR fines a myth?
  • Does anyone actually care about GDPR compliance?
  • Does enforcement really go beyond EU borders?
  • Does GDPR apply to me if I’m not based in the UK?
  • Does GDPR require me to appoint a DPO?

Watch now

Continue reading

GDPR Compliance Myth #10: Like the Bible, GDPR is not meant to be taken literally

Creation of Adam painting

Was the General Data Protection Regulation handed down on tablets of stone? Were its articles intended to be revered, venerated and feared for all time? Or, as many businesses might prefer, is GDPR more of a set of guidelines, good ideas for living a moral life that don’t really matter if they aren’t actually followed?

One could be forgiven for mistaking some GDPR compliance professionals for wandering clerics; preaching the gospel of data protection and warning of the world to come. Yet, like every prophecy, the date of the apocalypse came and went, and nothing much happened… Or did it?

On-demand webinar – GDPR Mythbusters 2019

Continue reading

GDPR Compliance Myth #9: No one really cares about GDPR compliance

Screenshot from a newspaper article
As GDPR came into force in May 2018, many people questioned the hype around compliance with the regulation

VinciWorks has revisited our popular GDPR mythbusters series to separate the data protection facts from fiction.

GDPR received the kind of hype normally saved for a celebrity meltdown or an Avengers movie. In 2018, the eponymous EU directive, otherwise known as Regulation 2016/679, scored higher in Google search rankings than Beyoncé and Kim Kardashian. GDPR notched up over 300,000 media mentions, three times as many as Mark Zuckerberg managed. It even spawned a sub-culture of memes as EU citizens drowned under a flood of emails informing them of privacy policy updates and “click here to re-subscribe”.

On-demand webinar – GDPR Mythbusters 2019

Continue reading

GDPR Compliance Myth #8: GDPR enforcement doesn’t go beyond EU borders

Silhouhette of a spy
The Information Commissioner’s Office (ICO) is deploying agents around the world to clamp down on those failing to comply with GDPR

As a year since the introduction of the EU’s General Data Protection Regulation (GDPR) approaches, we revisit our popular GDPR Mythbusters series to separate the data protection facts from fiction.

GDPR’s reach promised to be global. Companies around the world would fear the shadow of the EU regulators. They would quake in their sandals or snow boots as diligent Europeans pursued international data bandits across baking desserts and frigid tundra in the name of justice; serving enforcement actions on those crooks, wherever they may hide.

Read more: GDPR training for US-based staff

Continue reading

GDPR Compliance Myth #7: Huge GDPR fines never really happen

  • Firebreathing dragon
    Are GDPR regulators really fire-breathing beasts?

As a year since the introduction of GDPR approaches, VinciWorks revisits our popular GDPR mythbusters series to separate the data protection facts from fiction.

Just six minutes after GDPR came into force on 25 May, 2018, two European advocacy groups, Quadrature du Net and None Of Your Business (NOYB), filed complaints against search giant Google. Similar complaints were also levied against the titans of the internet age: Facebook, WhatsApp and Instagram. These actions were not confined to just one jurisdiction. The white knights of data protection made their mark in the halls of national regulators in Paris, Vienna, Brussels and Berlin.

The complaint? Nothing greater than the default advertising settings that come when signing up for a standard Google account. Users must agree for their personal data to be used in order to show them personalised adverts, and Google requires people to agree to those terms and conditions via pre-ticked boxes in what NYOB calls “forced consent.”

On-demand webinar – GDPR Mythbusters 2019

Continue reading