VinciWorks’ Director for Legal Services shares 2019 compliance priorities for solicitors

Director for Legal Services Pip Johnson
Pip Johnson, Director For Legal Services at VinciWorks

In a recent article published by QBE insurance group on the risks that law firms should look out for in 2019, our Director for Legal Services Pip Johnson shared her insights together with other compliance experts.

Pip flagged the Fifth Money Laundering Directive, which must be implemented into national regulations by this time next year. While the Fifth Directive is not as extensive as the Fourth Directive that came into force in 2017, there are still some changes to take on by the beginning of 2020. These changes include the regulation of cryptocurrencies such as Bitcoin, with some firms already having been asked to accept cryptocurrency payments. The Fifth Directive will also see enhanced due diligence requirements. Of course, Pip also discussed the effect Brexit could have on UK lawyers, with the UK due to implement its own Sanctions regime.

Other key takeaways from the interview:

  • EU Council Directive 2018/822, (DAC 6), that came into force last June requiring intermediaries involved in cross border tax transactions to retain details of potentially tax advantageous matters
  • An expected increase of comlaints to the Information Commissioner’s Office (ICO) for GDPR breaches
  • The upcoming reformed SRA Handbook and the new Accounts Rules
  • How Brexit could effect the UK’s laws and regulations and how they apply to UK law firms

You can read the full report from QBE here.

Data Protection Day 2019: How compliant are you?

Computer protected by a vault

28 January marks the 12th annual Data Protection Day, launched by the Council of Europe in 2006. The day marks the date on which the Council of Europe’s data protection convention, known as “Convention 108” was opened to signature. This was the first legally binding international treaty dealing with privacy and data protection.

Since the last Data Protection Day, the EU has made great strides in ensuring businesses respect and protect individuals’ personal data, with the General Data Protection Regulation (GDPR) coming into force on 25 May. The US looks set to follow suit with the California Consumer Privacy Act, which has a lot of similarities to GDPR, coming into force in January 2020. Further, Google’s recent €50 million fine by France and cyber security breaches reportedly costing UK victims over £190,000 a day shows still have a long way to go to ensure businesses truly protect personal data.

While some organisations are slowly working towards complying with GDPR, others are proactively reviewing their policies, processes and training. To help with compliance, the VinciWorks GDPR resource page is regularly updated with policy templates, five minute knowledge checks and direct access to all our GDPR webinars.

GDPR resources

Micro-course: 6 Principles of Data Protection

GDPR Knowledge Check

GDPR Guide

GDPR Data Protection Policy Template

All GDPR resources

HR & HIPAA – Two new GDPR knowledge checks

VinciWorks’ knowledge checks are five minute courses designed to help you and your staff assess their level of compliance, allowing you to decide on next steps. Feedback is given after each question is answered, allowing users to improve their knowledge while completing the assessment. A score is given at the end of each assessment, meaning users can easily establish how much they have yet to learn.

We have now released two knowledge checks focussing on specific aspects of data protection and the General Data Protection Regulation.

GDPR for Human Resources Staff

Screenshot of VinciWorks' Human Resources knowledge check
Each knowledge check offers feedback after each answer

This GDPR knowledge check was created for human resources staff and tests the following:

  • HR’s role in complying with GDPR
  • Processing and storing employees’ data
  • Consent, subject access requests and conditions for processing data
  • Employee rights with regards to GDPR

Free demo

Continue reading

GDPR and Section 11 of the Criminal Finances Act 2017

Judge sitting at his desk

Section 11 of the Criminal Finances Act 2017 amends the Proceeds of Crime Act (POCA) and affects the regulated sector. The new data sharing regime enables regulated persons to request and share information with their regulated peers, free in most respects from contravening the EU’s General Data Protection Regulations (GDPR). Any disclosure “made in good faith” that does not breach any duties of confidence or “any other restriction on the disclosure of information”.

The purpose is to encourage the sharing of information from different entities in the regulated sector and better enable the collation of multiple reports of potential money laundering into a single Suspicious Activity Report (SAR).
Continue reading

Six ways GDPR compliance has helped businesses

Pre-GDPR consent email
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks

25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?

Your website can be accessed from around the world

US website down due to GDPR compliance
How often have you got this message when trying to access a US-based website from an EU country?

Continue reading

Legal professional privilege and the Data Protection Act 2018

A finger print being taken

GDPR, the mammoth new data protection regulation, came into force across the EU in May this year. Alongside it, the Data Protection Act 2018 was passed by the UK Parliament, replacing the DPA 1998 and giving the UK a single source of data protection legislation.

Designed to be read alongside GDPR, the DPA added to the bits of law that GDPR does not cover and expanded on the areas the UK chose to opt-out from or amend. One of these key areas is legal professional privilege. Legal professional privilege is a fundamental human right which allows clients to have open conversations with their lawyers in order to allow lawyers to provide their clients with the best service.

While the GDPR does not include any provisions for legal professional privilege, the DPA 2018 clearly stipulates that the provisions of the act do not apply to personal data that consists of information in respect of which a claim to legal professional privilege could be maintained. This could refer to legal professional privilege in legal proceedings or information in respect of which a duty of confidentiality is owed by a professional legal advisor to a client of the advisor.

Due to these changes, and what they mean for GDPR rights such as subject access requests, VinciWorks has produced a comprehensive guide to the DPA and legal professional privilege, in addition to our in-depth webinar on the Data Protection Act 2018.

Download guide

Continue reading

On-demand GDPR webinar – Understanding the Data Protection Act 2018

GDPR webinar banner

On 25 May 2018 the long-awaited GDPR came into force across the EU. On the same day, the UK’s Data Protection Act 2018 also became law. While the DPA 2018 incorporates large chunks of GDPR wholesale, it also carved out some specific exemptions that UK businesses need to know about.

On-demand GDPR Webinar – UK’s Data Protection Act 2018

In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about. These include:

  • The interconnected relationship between GDPR and the DPA 
  • The powers and role of the ICO 
  • How Brexit will affect data protection law 
  • Using automated decision making and customer profiling 
  • How to process criminal offence data in the UK 
  • The new criminal offences in the UK 

Watch now

Continue reading

Prepare for GDPR – free on-demand GDPR webinars

GDPR webinar banner

Over the weeks leading up to the General Data Protection Regulation (GDPR) coming into force, VinciWorks has hosted a number of webinars on the topic, answering hundreds of questions in the process. You can get instant access to all our GDPR webinar recordings by clicking on the links below.

Understanding the Data Protection Act 2018

In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about.

Watch webinar

Full-day GDPR webinar

On 24 May, the day prior to GDPR coming into force, VinciWorks hosted a full-day webinar including live Q&As, interviews with GDPR experts and helpful advice on complying with the new regulation.

Watch full webcast

GDPR – Data Protection Impact Assessments

During this webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.

Watch webinar

Continue reading

The human resources guide to employee data protection regulations

Image of a person juggling GDPR iconsNow that GDPR (General Data Protection Regulation) day has passed, the role of human resources officers within an organization has become even more significant. With the new regulations now in place, it is important for individuals working in HR to be aware of the new laws and standards in place for employee data protection in your area. VinciWorks’ guide to GDPR compliance for human resources staff will give you a clearer understanding and general knowledge of what is required.

Download guide

Continue reading

The IT department’s guide to GDPR

Ipad tablet with a lock in the middle

Internet technology departments are extremely valuable when it comes to data protection compliance for an organisation. GDPR (General Data Protection Regulation) ensures that consumer and employee data is more secure than ever. What does that mean for the IT department? They must be careful when collecting and analysing information online. Any information collected that can be used to distinguish one individual from another is personal data. 

To help organisations and IT departments understand what is required from them, VinciWorks has published a host of data protection resources including one specific to internet technology as well as many others. Understanding how to safely and securely collect and analyse data will ensure you meet all compliance guidelines as well as keep your consumers and employees protected.

Download guide

Continue reading