General Data Protection Regulation – what is your GDPR compliance score?

Keyboard being password protection by a combination lock

How ready are you for GDPR, set to come into force on 25 May? Has your organisation implemented all possible technical measures to protect people’s data? What still needs to be done to prepare for GDPR day? VinciWorks’ GDPR compliance assessment will help your staff assess where they stand in their compliance with the new regulations and what still needs to be done.

Get your own GDPR compliance score

Have you conducted any GDPR focused data audits? Have you updated privacy notices for GDPR? These are just two of the questions that will come up in the assessment. Upon completion, the assessment will return one of four ratings, with an exact percentage score.

Take the GDPR compliance assessment

Continue reading

GDPR Myth #6: No one will know if I don’t comply with GDPR

Phone showing GDPR comes into force on 25 May
The General Data Protection Regulation comes into force across the EU on 25 May 2018

It’s not true. If you do absolutely nothing to prepare for GDPR, take 25 May off, put your out-of-office on and don’t pay any attention to anything related or connected to GDPR, you’ll be found out pretty quickly.

What happens if I don’t comply with GDPR?

First of all, people will know you aren’t complying because your privacy notices will not be GDPR compliant. They must identify the legal basis for processing data, and if that’s consent, then the consent being taken must comply with GDPR rules.

GDPR consent rules are a lot more specific than previous ways to collect consent, so much so that consent which does not meet GDPR requirements will not be valid after 25 May and you’ll be in breach of GDPR if you rely on it.

Continue reading

VinciWorks’ GDPR training suite

Prepare your whole organisation for GDPR with VinciWorks’ GDPR training suite

The General Data Protection Regulation (GDPR) officially came into force on 25 May 2018. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU is required to comply. To help organisations prepare all their staff for GDPR, VinciWorks has expanded its GDPR training suite, adding new courses and a knowledge check, and updating its course, GDPR: Privacy at Work. We have also created a GDPR resources page, full of useful resources that can be purchased together with the training suite.

Continue reading

VinciWorks releases new GDPR course

The General Data Protection Regulation (GDPR) is a major shakeup in data protection laws across all Member States of the EU. It came into force on 25 May 2018, and as a Regulation, was automatically applied in every Member State.

GDPR: The Basics is a 15 minute course that guides users through the changes being applied as a result of GDPR. GDPR: The Basics complements our existing online GDPR course, GDPR: Privacy at Work.

Screenshot from GDPR micro course

Continue reading

GDPR registers with Omnitrack

Omnitrack product banner

How does your organisation collect and process any cyber security or data breaches or concerns as they come up? How does your organisation plan on keeping track of subject access requests or your data protection impact assessment as you prepare for General Data Protection Regulation (GDPR) day and beyond?

Under GDPR, new rights, such as the “right of data portability”, means data subjects can request for their data to be transferred directly to another system for free, as opposed to having to pay for this under the UK Data Protection Act 1998. Further, under GDPR, it will also have to be provided in a way that makes it easy for a computer to read (e.g. via a spreadsheet). Another new right, The right to erasure, allows individuals to request the deletion or removal of their personal data, including information published or processed online.

How can GDPR registers help?

Globally, organisations are bound by complex and ever-changing legal and compliance obligations. Without a structured and secure data collection system, organisations waste time and resources ensuring compliance and uncovering business intelligence. Omnitrack is VinciWorks’ solution to collecting, storing and managing data. It allows managers to be instantly notified of any data breaches or concerns, subject access requests, policy or procedure updates, and any compliance concerns or questions surrounding GDPR.

Continue reading

Study: tackle sexual harassment by focusing on outcomes, not process

#MeToo campaign
The #MeToo campaign helped raise awareness of the alarming number of people that have been sexually harassed in the workplace

How do you ensure all your staff feel comfortable in their workplace, without being spoken to, touched, or treated inappropriately by their colleagues or managers?

At the end of 2017, the people behind the #MeToo movement were named Time Magazine’s Person of the Year 2017. What started as a drip of revelations and flushing out of open secrets in the media and entertainment industries became a flood at the end of the year, with once powerful men across nations and industries being exposed for the sexual predators, abusers and bullies they are.

Continue reading

Polls show companies are not yet ready for GDPR

Clock counting down to GDPR

With GDPR day fast approaching, organisations across Europe should be working towards full GDPR compliance. However, recent polls during VinciWorks’ webinar, GDPR – 10 steps to take before May, show that businesses still lack clarity and direction on how to prepare for the new data protection laws under GDPR.

Below are some of the key findings of the polls and guidance on how we can make sure we are ready for GDPR, or at least on the way to full compliance, come GDPR day.

Click here to download a free recording of the webinar

Preparing for new rights under GDPR

Chart showing how prepared people feel for the new GDPR rights

While less than 5% of organisations had fully prepared for the new right of individuals under GDPR, a worrying 35% feel that they are not at all prepared for the new rights.

Continue reading

GDPR and FinCEN: an explosive combination

A lock on a computer keyboard

New US Anti-Money Laundering rules will cause a data deluge while the EU General Data Protection Regulation turns data combustible.

May 2018 is not a long way off, and it’s going to be an explosive month for compliance. Two earth-shattering changes are coming. Firstly, on 11 May, new client due diligence (CDD) rules for beneficial owners come into effect. Secondly, on 25 May, GDPR goes live. The first change requires mass amounts of data to be collected, while the second change greatly restricts how that data can be used and introduces eye-watering fines for getting it wrong.

What’s changing for CDD in the US?

The United States Financial Crimes Enforcement Network (FinCEN) is requiring financial institutions operating in the US to process and vet sanctions data, negative-news data, corporate associations, individual associations and more on ultimate beneficial owners (UBO). Essentially, institutions will need to be able to track the entire relationship from customer to UBO, and all the corporate vehicles in between them.

Continue reading

GDPR Myth #5: HR policies and practices won’t be affected

HR Polices and Procedures book
To what extent will HR policies and procedures be affected by GDPR, which comes into force on 25 May?

With so much attention given to the marketing and IT departments when it comes to GDPR compliance, it’s easy to overlook the other parts of the business that will be impacted. HR is probably one of the most affected areas in a business, as the new rules apply to employee information as well, not just customers. GDPR is about the regulation of all personal data, and HR departments have a lot of it.

GDPR requires you to identify the lawful basis for processing data. This would normally be consent, i.e. the person agrees for their data to be processed. But GDPR complicates this when it comes to employee/ employer relationships. Under GDPR, consent has to be freely given, and not as a condition for another service, such as a job. Due to the imbalance in a relationship between the employee and the employer, it is not clear that relying on consent would hold up under GDPR. Consent can also be withdrawn at any time under GDPR, and without a fallback ready, processing activities would need to stop.

Continue reading

VinciWorks releases new anti-bribery course

New anti-bribery training from VinciWorks

Anti-Bribery: Know Your Deal drops users into immersive scenarios to test their knowledge, understanding and ability to uncover risks of bribery in their working life.

Despite the UK Bribery Act having come into force in 2010, bribery is still a hugely problematic issue in corporate life. Billions of pounds of fines are levied every year and frequent reports hit the headlines of investigations and prosecutions from the US Department of Justice and UK Serious Fraud Office.

Bribery cases have ensnared some of the world’s largest companies, biggest sporting bodies and most powerful politicians. The propensity for some people to act corruptly might never change, but our approach to training and compliance can.

In Anti-Bribery: Know Your Deal, users face a set of realistic characters and scenarios from all walks of life, some of whom may be trying to offer, or ask for, a bribe. It is up to users to assess each situation and decide on the best course of action based on company procedures and the law.

Demo the course

Continue reading