Free GDPR ready data protection privacy policy template

Privacy Policy written on a wall

A privacy policy must set out the different areas where user privacy is concerned and outline the obligations and requirements of the users, the website and website owners. Furthermore, the way your organisation processes, stores and protects user data and information should also be detailed in a privacy policy. The policy should be made available on your organisation’s website.

What is a GDPR privacy policy?

A GDPR privacy policy is a legal document that outlines how an organisation collects, uses, stores, and protects personal data in compliance with the General Data Protection Regulation (GDPR). The GDPR is a set of data protection regulations implemented in the EU to enhance the privacy rights of individuals and establish consistent data protection standards across the EU member states.

In a GDPR privacy policy, organisations provide transparent information about the personal data they collect, the purposes for which it is collected, how it is processed, and the legal basis for processing. The policy also covers details about data retention, data subject rights, security measures, data transfers outside the EU, and contact information for the data protection officer.

What needs to be included in a privacy policy?

Here are the main points that should be addressed in a privacy policy:

Use of the cookies

Your policy should first define what cookies are and then explain what the organisation used the cookies for. It should stress that they are used to enhance the user experience and any tracking software used should also be stated.
Continue reading

GDPR training “Data Protection: Privacy at Work” available in German

Opening screen of data protection course in German
Our fully customisable data protection course is now available in German

VinciWorks’ GDPR data protection course is now available in German. The course combines the latest in policy and law with best practice guidelines. It provides real-world scenarios, interactive features and review questions to test understanding of key points. By completing this course users will learn how to comply with data protection laws for their specific role in the organisation. The online training is based on the General Data Protection Regulations (GDPR).

German Data Protection Amendment Act

While GDPR will be coming into force across Europe on 25 May 2018, Germany has already enacted a new data protection law to prepare for the new regime. The German Data Protection Amendment Act (GDPAA) enters into force on 25 May 2018 and contains some key national differences with GDPR.
Continue reading

Modern Slavery Act enforcement bulletin

Modern slavery child victim

Action against modern slavery is ramping up. In just the month of May 2017, the Modern Slavery Helpline dealt with nearly 200 potential victims in the UK. In the first five months of this year, 1,179 potential victims of modern slavery were identified.

Yet this number is a drop in the ocean compared to the tens of thousands of men, women and children being held as slaves right now in the UK. The Modern Slavery Act 2015 not only brought in tougher laws and sanctions against slavery, but encourages businesses to ensure they are not participating in labour abuse in their supply chains.

The Modern Slavery Act – Section 54

Section 54 of the Modern Slavery Act mandates companies with an annual turnover greater than £36m publish an annual slavery and human trafficking statement. Companies with a financial year-end date of 31st December were required to produce and publish their statement by 30th June. Many still haven’t.
Continue reading

VinciWorks hosts first risk summit

VinciWorks Risk Summit
General Counsel and Heads of Risk attended VinciWorks’ first risk summit

On 12th September more than 30 senior counsel and heads of risk gathered to discuss the risk horizon at VinciWorks’ first risk summit in the Soho Hotel.

Delegates from international law firms, accountancy firms and corporates shared their insights into the issues that they hope will grab their board’s attention as they plan their risk management strategies. The event was chaired by VinciWorks CEO Howard Finger.
Continue reading

New Data Protection Bill – key points explained

If you are already preparing for GDPR, and with VinciWorks GDPR Guide to Compliance and our Data Protection: Privacy at Work course, you already should be, then most of what is in the Data Protection Bill will not be news to you. However this will explain the key points of the new Data Protection Bill that are different from GDPR.

Running to over 200 pages, with 194 clauses, 18 schedules and 112 pages of explanatory notes, the government describes the Bill as a “complete data protection system.” That system already exists however, and it’s called the General Data Protection Regulation.

The Bill is essentially Brexit-proofing GDPR by bringing in the European standard of data protection, along with allowed UK exemptions, no matter if, when or how the UK leaves the EU. Also the Bill is necessary to implement a single data protection regime as GDPR, as a European Directive, only applies to areas of law under EU competency. The Bill itself says things like: “Terms used in Chapter 2 and in the GDPR have the same meaning in Chapter 2 as they have in the GDPR.” So there’s no reason to throw out all the GDPR compliance work you might have done so far. Indeed, now is the time to speed it up.
Continue reading

VinciWorks updates its course Data Protection: Privacy at Work

As the countdown to GDPR implementation progresses, we have refreshed our course Data Protection: Privacy at Work to ensure users benefit from the latest in policy and practice.

New modules have been added and existing ones updated to take account of the coming data protection regime; both across Europe and in the UK specifically with the introduction of the new Data Protection Bill.

New modules

Global Data Protection Module

An in-depth, line by line comparative analysis of data protection legislation and regulations across more than 70 major countries. View a summary of data protection rules compared to GDPR for one country at a glance, or compare and contrast multiple jurisdictions to ensure staff all around the world understand their data protection obligations.
Continue reading

Criminal Finances Act coming into force 30th September

Tax evasion

On 30th September 2017, the Criminal Finances Act comes into force, as does the requirement for businesses to have reasonable procedures to prevent the facilitation of tax evasion. The law is broad and the net is wide; a business can be prosecuted if a contractor puts a client in touch with a dodgy accountant or the entire modus operandi of the business is to stash away taxable cash.

VinciWorks conducted a survey of 250 UK businesses to find out just how much tax evasion risk companies are exposing themselves to. A quarter of companies still do not have any policies in place to prevent financial crime and one in ten companies in the legal and financial services sector haven’t put in place a whistleblowing policy.
Continue reading

Download a free tax evasion policy template

Tax Evasion

Are your staff sufficiently prepared for the Criminal Finances Act? Ensuring everyone is familiar with your organisations’ procedures to prevent facilitation of tax evasion will go a long way to protect your company from prosecution. We have therefore created a tax evasion code of conduct policy template based on the Criminal Finances Act that can easily be edited and made available to all staff, clients and stakeholders.
Continue reading

New course – Tax Evasion: Failure to Prevent corporate version

VinciWorks has just released a new version of its tax evasion course specifically geared to the corporate sector. While the first version of Tax Evasion: Failure to Prevent is tailored for businesses in the regulated sector, the new version has been modified to better accommodate scenarios that often face companies in non-regulated industries.

Key changes

More content relevant to diverse industries

VinciWorks corporate users are based in industries as diverse as hospitality, retail and manufacturing. The corporate version of the course provides content that is more directly relevant to the kinds of issues people face in non-regulated sector industries.

Chose from six corporate scenarios

Scenarios for corporate tax evasion course

There are now six specifically corporate scenarios to choose from, with up to three included in the course. Scenarios, like everything else in the course, is fully customisable. You can upload your own scenarios or VinciWorks can help you design learning scenarios that are relevant to your company and industry.
Continue reading

New LMS feature: duplicate your nag

Nagware allows managers to automatically send out an email to remind staff to begin or complete a learning activity. Administrators can select when to  start sending the nag emails, often to send them and a trigger for when to begin to send the nag emails.

We have just added a new feature that means a “nag” can easily be duplicated so that a new nag doesn’t need to be started from scratch.

Duplicate Nag
Administrators can now easily duplicate a “nag” without having to copy and paste the details of a previous nag

Receive automatic update notifications

VinciWorks is committed to keeping all users informed of any updates to our Learning Management System. You can join our LMS update notifications mailing list by clicking on the button below.

Sign up now