New course: Cyber Security for Kitchen Appliances

Ghost hovering over a kettle

Is your kettle spying on you?

Research from the Association of Public Registered Information Lawyers has shown that 70% of all cyber security failings happen because of unsecured kitchen appliances in the workplace.

Even though VinciWorks has helped to change the landscape of compliance training for human staff with Cyber Security: Practical Applications, the era of the Internet of Things (IoT) and smart products has led to a new frontier in the cyber wars: the office kitchen.

Cyber Security for Kitchen Appliances is the brand new course from VinciWorks to keep your office, your data and your tea break safe and secure.
Continue reading

Have religious symbols been banned at work?

A group of people from all around the world

What your company needs to know about the new EU court ruling on headscarves at work

What happened?

The Court of Justice of the European Union (CJEU) recently ruled that companies can have a general policy banning all religious and political symbols if it is ‘objectively justified’, as the Court says. The problem is that in 2013, the European Court of Human Rights (ECHR), an entirely separate institution from the Court of Justice, held that employees have the right to manifest their freedom of religion at work.

The ECHR decided that a British Airways check-in worker was prevented from expressing her religious belief when she was banned from wearing a crucifix at work. Even though BA went on to amend their uniform policy to allow her to wear a crucifix, the ruling was thought to have established a precedent which has now been thrown into confusion.
Continue reading

Draft Money Laundering Regulations 2017 released – no CDD exemption for pooled accounts

UK 20 pound notes

On 17th March, HM Treasury released a draft of Money Laundering Regulations 2017, which transposes the Fourth Money Laundering Directive into UK Law. At the same time, the government published a new consultation requesting the public’s view on the draft. Below are the key takeaways.

No automatic exemption from enhanced due diligence for pooled accounts

The Law Society has lost its battle for an explicit assurance that financial institutions can apply simplified customer due diligence to pooled client accounts. SDD will only be permitted when the firms providing pooled accounts are considered low risk.

HM treasury said that “Pooled client accounts could potentially be exploited for money laundering”, citing examples and findings from the Government’s National Risk Assessment on money laundering.

VinciWorks will be updating all of its anti-money laundering courses accordingly and launching a new AML refresher course later in the year.

Continue reading

Does Uber pay VAT? Tax dodging and the gig economy

Uber offices

The gig economy has a compliance problem

The gig economy is creating a multitude of unpaid tax liabilities, and HMRC may be ready to use new tax dodging laws to crackdown on start-ups and their “self-employed” workers.

In 2017 the Criminal Finances Bill and Finance Bill comes into force, making it easier to prosecute the professional services that seek to help tax evaders, as well as the lawyers and accountants devising or selling schemes, to help people avoid tax. So how will a crackdown on tax evaders and tax avoiders impact the gig economy?

HMRC launched a consultation document in 2016 called “Tackling the hidden economy: extension of data-gathering powers to money service businesses.” This promises new powers for HMRC to gather and acquire data from online intermediaries and electronic payment providers to uncover those who are operating in the “hidden economy.”
Continue reading

VinciWorks hosts second continuing competence user group

Over 22 leading firms joined Director of Best Practice Gary Yantin and SRA Policy Executive Richard Williams for the second continuing competence user group. This candid conversation between the firms and the regulator focussed on how firms are implementing continuing competence since the changes to CPD in November, and to share best practice.

Many firms currently implementing changes to CPD

Richard spoke about how many firms are still in the process of implementing continued competence. He voiced the importance that the SRA places on the new approach and advised that there will be an annual declaration as part of a renewal exercise to make sure firms are meeting regulatory obligations. Richard also made clear that the SRA will not be carrying out spot checks on firms, but will use the annual declaration in conjunction with other regulatory data to explore concerns that they may have with the competence or standard of service provided by a solicitor or firm.
Continue reading

Fourth Anti-Money Laundering Directive – key changes for solicitors

Briefcase with a lot of cash

The Fourth Anti-Money Laundering Directive will be implemented by the end of June 2017. Many pages have been written detailing all of the changes and minutia. Below are the key changes that solicitors need to be aware of as part of their day-to-day work.

We will be updating our AML courses accordingly and launching a new version of our AML 360 course later in the year.

Here are the key updates:

Simplified CDD no longer automatic

Previously certain listed companies or public bodies would automatically qualify for simplified due diligence. This exemption is no longer automatic and any decision to undertake simplified CDD must be backed up with evidence and subject to a risk assessment.

Cash thresholds reduced

The limit for eligible cash transactions is reduced from €15,000 (£12,544) to €10,000 (£8,361) and is extended to receiving as well as making payments in cash.

Absolute turnover raised

The link to the VAT registration threshold of £64,000 is removed and the annual turnover limit is raised to £100,000 across all financial activities.

Continue reading

The 8 Principles of the Data Protection Act 1998 and how GDPR will affect them

data protection

Register for our GDPR email updates

The UK Data Protection Act

The United Kingdom (UK) Data Protection Act (DPA) sets out rules for how your personal information can be used by organisations, businesses or the government.

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

The DPA 2018, which came into effect on 25 May 2018, updates and replaces the Data Protection Act 1998. Post Brexit, the act was further amended in January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

The Data Protection Act 1998

The Data Protection Act 1998 was a UK Act of Parliament designed to protect personal data stored on computers or in organised paper filing systems. It replaced the 1984 Data Protection Act, which had barely mentioned digital media and computers. 

The 1998 Act, which enacted provisions from the EU Data Protection Directive 1995, was based on 8 principles that were used by organisations to design their own data protection policies. The eight principles related to the protection, processing, and movement of data, and mostly did not apply to domestic use. The eight guiding principles of the act were as follows:

  • Principle 1 – Fair and Lawful
  • Principle 2 – Purposes
  • Principle 3 – Adequacy
  • Principle 4 – Accuracy
  • Principle 5 – Retention
  • Principle 6 – Rights
  • Principle 7 – Security
  • Principle 8 – International transfers

Data Protection Act 2003

The Data Protection (Amendment) Act, 2003 implemented the European Data Protection Directive 95/46/EC. Together with the Data Protection Act 1998, these acts regulated how employers collect, store and use personal data about their employees (past, prospective, and current) that is held by them. The Acts stated that anyone responsible for holding or using data followed the ‘data protection principles’, and they must make sure that the information they collect is used fairly and lawfully, for limited, specifically stated purposes, in a way that is adequate relevant, is accurate, is handled according to people’s data protection rights, and is kept safe and secure.

What is the Data Protection Act 2018?

The Data Protection Act 2018 is a United Kingdom Act of Parliament that replaced the Data Protection Act 1998. The 2018 Act served to update data protection laws in the UK, and it is the UK’s implementation of the EU’s General Data Protection Regulation (GDPR). The Act sets out rules for the processing of personal data, and implements the parts of GDPR that “are to be determined by member state law” and sets out its own similar framework for the processing of personal data that is not subject to GDPR, such as intelligence services processing, immigration services processing, and the processing of personal data held in unstructured form by public authorities.

The main differences between the 2018 Act as opposed to the 1998 Act are in the right to reassure, inclusions of exemptions from the Data Protection Act, the fact that the Act works in tandem with GDPR, and a revision that allows law makers to erase data if an individual chooses to, which is based on the individual’s right to privacy.

Changes to Data Protection Under GDPR

Data protection law in the UK is based on the 1998 Data Protection Act. However, with continued changes in technology, 20 years on that law looks outdated and not relevant to the data protection concerns we face today. In May 2018, the General Data Protection Regulation (GDPR) will replace the Data Protection Act and will impose many new responsibilities and sanctions on organisations. Despite all the noise around GDPR, the eight principles of data protection laid out in the 1998 Data Protection Act will remain relevant, with changes to some of the key principles. Below is an overview of the eight principles of data protection, with guidance on the changes and what they could mean for your business.

Editor’s note: the eight principles of data protection have now been amended to become the six principles of GDPR.

VinciWorks’ GDPR training suite

The Eight Principles of Data Protection

1. Fair and lawful

Your organisation must have legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they wouldn’t expect. Organisations are required to provide full transparency about how they wish to use the data, as well as ensure their data is only used in ways customers would expect. Detailing precisely what a consumer’s information is being used for allows them to make an informed decision as to whether to share certain pieces of personal information.

Changes under GDPR

Under GDPR, conducting criminal record checks on employees must be justified by law. For example, a school is far more likely to be permitted to carry out such checks on their teachers than a restaurant hiring kitchen staff.

Continue reading

Oxfam scandal – seven vital steps to manage reputational risk

The answer, Bell Pottinger has taught us, is yes. Mrs Thatcher’s favourite PR firm entered administration this week on the back of a disastrous, well, PR campaign. The swirling scandal that brought down an industry giant started with a £100,000 per month contract to run a campaign in South Africa on behalf of the Guptas, a family-run business empire ensnared in the largest web of corruption and political intrigue since the end of apartheid.

New Anti-Money Laundering refresher course for accountants

Introducing VinciWorks’ new AML 360° course for accountants

VinciWorks has just released a new course on anti-money laundering aimed at accountants. The course will focus on money laundering challenges that accountants in particular are faced with. This includes information on the EU Fourth Directive that comes into effect on 26 June 2017, as well as identifying potential red flags specific to accountants.

Our course is tailored for accountants who have already undergone training on anti-money laundering; users will be provided with in-depth knowledge to help keep them up to date with anti-money laundering laws. Real-world, industry-specific scenarios will help guide participants through money laundering questions that face accountants today.

new anti-money laundering 360 course

Continue reading

Take the GDPR data protection challenge

How well do you really know data protection rules?

With the new General Data Protection Regulation (GDPR) coming into force in 2018, organisations are working hard to ensure they meet the new regulations. Companies processing over 5000 personal records per year or employing over 250 staff are now required to appoint a data protection officer, or DPO. Marketing teams will need to ensure they have consent from those they are marketing to and genetic and biometric information is now also considered sensitive data and GDPR.

Play the GDPR data protection game

Data protection challenge screenshot
Our game puts you in the manager’s seat of a company and provides feedback on the decisions you make

Continue reading