VinciWorks releases new anti-bribery course

New anti-bribery training from VinciWorks

Anti-Bribery: Know Your Deal drops users into immersive scenarios to test their knowledge, understanding and ability to uncover risks of bribery in their working life.

Despite the UK Bribery Act having come into force in 2010, bribery is still a hugely problematic issue in corporate life. Billions of pounds of fines are levied every year and frequent reports hit the headlines of investigations and prosecutions from the US Department of Justice and UK Serious Fraud Office.

Bribery cases have ensnared some of the world’s largest companies, biggest sporting bodies and most powerful politicians. The propensity for some people to act corruptly might never change, but our approach to training and compliance can.

In Anti-Bribery: Know Your Deal, users face a set of realistic characters and scenarios from all walks of life, some of whom may be trying to offer, or ask for, a bribe. It is up to users to assess each situation and decide on the best course of action based on company procedures and the law.

Demo the course

Continue reading

GDPR Myth #4: GDPR is not something for the legal sector to worry about

Lawyer writing in a ledger

“We don’t do marketing.” “We already comply with the DPA.” “We outsource our IT.”

Does the legal sector need to worry about GDPR?

These are all bedtime stories some in the legal sector have been telling themselves about GDPR. The truth is, like any business, the legal sector must be ready for GDPR-day in May. There’s a lot of evidence to suggest it isn’t.

Law firms are both controllers and processors of their client’s data, meaning there are quite a lot of rules that must be followed. Current data collection methods, particularly consent, must be reviewed before May. It’s crucial to review the conditions for processing data and identify the correct legal basis. Some conditions, like consent, may not be valid for all processing activities after May.

Continue reading

On-demand webinar: GDPR – 10 steps to take before May

GDPR webinar banner

With GDPR day fast approaching, Director of Best Practice Gary Yantin and Director of Course Development Nick Henderson discussed the steps businesses should take to prepare. This was the first in a series of webinars on the topic of GDPR. You can download a recording of the webinar and the accompanying slides by clicking the button below.

Watch now

Continue reading

VinciWorks’ courses allow users to “test out”

How do you ensure that your staff undertake the training most relevant to them? How can experienced staff learn at their own pace and avoid just repeating the basics? VinciWorks’ two new gamified courses, Anti-Bribery: Know Your Deal and Anti-Money Laundering: Know Your Risk, allow users to “test out” and demonstrate their mastery of the subject matter quickly.

How does “testing out” work?

AML suspicious transactions screenshot
In VinciWorks’ latest anti-money laundering course, users gain extra points by reviewing additional reading material

When completing these courses, users can jump directly to the scored scenarios and achieve the required number of experience points by answering everything correctly. Staff who answer incorrectly or who feel more comfortable reading background material first can choose to review the additional material and accrue enough experience points to complete each module that way.

Continue reading

The UK Modern Slavery Act – what are businesses doing to combat modern slavery?

Human trafficking victim with a sign saying she's not for sale
Despite the UK Modern Slavery Act coming into force in 2015, there are still millions of slaves around the world

UK report finds that almost 50% of FTSE 100 companies do not meet the minimum requirements set out by the Act

The second annual report on large companies’ efforts to ensure there is no modern slavery in their supply chain reveals disappointing results. The report shows that only 57% of the FTSE 100 companies are meeting the minimum reporting requirements set out by the UK Modern Slavery Act. It also reveals Marks & Spencer, Sainsbury and Unilever as the best performers, with Hargreaves Lansdown, Paddy Power Betfair, Pearson and Worldpay shamed as the weakest. With the UK seemingly a long way from solving the issue of modern slavery, this blog examines why modern slavery is still a problem today and what businesses are doing to tackle the issue.

Continue reading

GDPR Myth #3: You can’t send marketing emails anymore

Send button on computer keyboard
Will continuing to send marketing emails put your business at risk of breaching GDPR?

Do the General Data Protection Regulations (GDPR) mean you can’t send any more marketing emails?

JD Wetherspoons, the UK’s largest pub chain, hit the industry headlines last year when it decided to delete its entire marketing list. GDPR has injected a sense of impending doom into email marketers worried that carefully cultivated lists will need to be trashed come GDPR day.

This is not the case. GDPR does not prevent direct marketing taking place, nor does it mean your lists have to be deleted and collected again from scratch. However, it does mean marketers have a greater responsibility in processing personal data, and some issues around consent to market may have to be looked at.

Read more 

VinciWorks adds Subject Access Request module to GDPR course

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Continue reading

New guide to the gig economy warns businesses of compliance risks

The Gig Economy Banner

VinciWorks has published an e-book warning businesses about the dangers of the gig economy.

Compliance Risks and the Gig Economy takes businesses through the potential legal minefield of using gig economy apps for business purposes. From renting a room through Airbnb, buying a service on UpWork or hailing a ride on Uber, when a business interacts with the gig economy, it can have a knock-on effect across compliance areas from employment law to equality to modern slavery. Most recently, already-under-fire Uber has recently been exposed for concealing a massive global breach of the personal information of 57 million customers and drivers in October 2016.

Prime Minister vows to crack down on those taking advantage of workers

Theresa May recently promised to overhaul the rights of millions of workers in the UK. The crackdown, regarded by one business group as “the biggest shake-up of employment law in generations”, includes the PM’s pledge to clamp down on firms using unpaid interns, quadruple fines for non-compliant organisations and launch a “naming and shaming” list of the worst perpetrators.

Millions of brits working independently

With around 14 million Brits taking part in some form of independent work, whether traditional freelance or through a new gig economy app, the potential compliance risks range from equality and discrimination to tax evasion, modern slavery, and even data protection.
Continue reading

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Delete button on a computer keyboard
Does GDPR require businesses to delete all data upon an individual’s request?

What is meant by “The Right to be Forgotten” under GDPR?

The right to be forgotten is one of the key innovations of GDPR, but it’s not exactly a new right, nor is it absolute. It developed in European law in the aftermath of an important court case known as the Google vs Spain ruling. In 2010, a Spanish citizen complained about an outdated court order against him appearing on Google search results. The European Court of Justice agreed this infringed on his right to privacy and ruled that individuals have the right, under certain conditions, to ask search engines to remove links with personal information about them where the information is inaccurate, inadequate, irrelevant or excessive.

The right to be forgotten has been enshrined in GDPR as the right to erasure. This is slightly more encompassing than the original Google vs Spain rules, giving an individual the right to have their personal data erased and prevent it being processed in specific circumstances.

Read more: what should a GDPR compliant privacy policy include?

Continue reading

New micro course – protect your organisation from the next ransomware attack

2017 saw a rise in the number and scope of ransomware attacks, with the highest profile attack, WannaCry, affecting over 230,000 organisations worldwide and causing the NHS to cancel appointments and operations. VinciWorks’ new interactive micro course on ransomware helps users understand exactly what ransomware is and how to avoid being the next victim of such an attack. Ransomware is part of VinciWorks’ cyber security suite that has recently been updated to include six new interactive apps and Phishing Challenge 2.0.

The course covers:

  • Understanding what ransomware is and the dangers such attacks present
  • Key definitions related to ransomware, such as “phishing”, “spear phishing”, “malware” and “Bitcoin”
  • 2017 ransomware attacks and how they happened
  • Visual examples of how attacks happen
  • Guidance on how to avoid being the target of ransomware attacks
  • What to do in case of an attack
  • Assessment to review what has been learnt

Demo ransomware micro course

GDPR Myth #1: Fine of 4% of global turnover for your first GDPR offence

Question mark

Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?

It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.

Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m

However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.

Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.

Continue reading