VinciWorks

Four GDPR fines every business can learn from

Since GDPR came into force, there have been:

160,000 breach notifications made to authorities
- 247 notifications per day in 2018
- 178 notifications per day just in the first half of 2019
A total of £100m in fines

Here are some of the recent fines that regulating authorities have issued and guidance on how to make sure your business stays on the right side of GDPR.

Four GDPR fines we can learn from

British Airways – £183m (under appeal)

What happened?

The airline was victim to a cyber attack where the personal data of 500,000 customers was stolen by hackers through a fake website. The ICO said the incident took place after users of British Airways’ website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers, the ICO said. The incident was first disclosed on 6 September 2018 and BA had initially said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Why are they being fined?

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

What Brexit means for UK data protection law

10 things you need to know about Brexit and GDPR

What’s happening on Friday 31 January 2020?

From Friday 31 January 2020, European rules and regulations stopped having effect in the UK by virtue of the fact that the UK’s membership in the EU will end. Britain has now entered a transitional period which will last until 31 December 2020.

To prepare for this change, the government passed a flurry of Brexit-related legislation in recent years. The one relating to data protection is the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019.

How much of an impact will Brexit have on business?

While there is sure to be some level of impact for everyone, the impact of Brexit on each business will depend on the type of business and, most importantly, in which jurisdiction they collect and process data. Due to the Brexit transition period, the impact is unlikely to be immediate.

Course & Product Updates Thought Leadership US Privacy
0
57 sec read

New course release – Data privacy knowledge check

VinciWorks has released a new five minute course to help organizations test their staff’s data privacy knowledge. The knowledge check has also been added to our data privacy training suite. Knowledge checks consist of different scenarios to help employees understand which course of action to take in different situations. We recommend knowledge checks are added to existing data privacy training plans as a refresher course.

The five minute data privacy knowledge check covers:

What counts as personally identifiable information (PII) and best practice
The principles of handling data
Scenario questions to test your ability to correctly handle certain situations
When and how to report a breach
Dealing with Confidential Disclosure Agreements (CDA) and Non-Disclosure Agreements (NDA)

Demo the course

On-demand webinar: Is GDPR over? What Brexit means for UK data protection law

27% of our listeners have suffered a data breach since GDPR came into force

On 31 January 2020, the UK will leave the European Union, and GDPR as we know it will come to an end.

From exit day, the GDPR we have become familiar with will disappear from the statute book and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 will come into effect. This will result in hundreds of changes to both the GDPR text in UK law and the Data Protection Act 2018.

In this webinar, our Director of Course Development Nick Henderson and DPO Ruth Cohen helped organisations understand what data protection looks like in a post-Brexit world.

The webinar covered:

How Brexit will impact on UK data protection law
What changes organisations, DPOs and compliance officers need to make to their policies and procedures
The most recent GDPR cases from across the UK and Europe
The latest in compliance advice and inside tips
Answering all your GDPR and Brexit questions

Watch now

Course & Product Updates Health and Safety
0
6 min read

VinciWorks’ mental health course shortlisted for InsideOut award for Best Use of Technology

Note: Due to the COVID-19 pandemic, the awards evening was postponed and the winner of the award will now be announced in September 2020.

VinciWorks’ new mental health course has been shortlisted for this year’s InsideOut award in the Best Use of Technology category. Future of Works Insights is organising the awards. The organisation provides global insight, intelligence and the latest trends in corporate wellness from around the world through white papers, reports, research, webinars, case studies and more.

What are the InsideOut awards?

On 26 March 2020 in London, Future of Work Insights will host the inaugural InsideOut Mental Health Awards, celebrating our mental health and those organisations and individuals who champion it. The evening itself will be very different to any other awards ceremony and will provide a unique experience of celebration, networking, entertainment and dancing with the industry’s finest. You can purchase tickets to attend the event here. VinciWorks will be competing with Santander and the Derbyshire Healthcare NHS Trust Foundation in the Best Use of Technology category.

Thought Leadership
0
9 min read

The 2020 equality agenda

What’s new in diversity and inclusion this year?

The new decade is bringing new considerations for diversity inclusion in the workplace. The Equality Act is now 10 years old, and while there aren’t any substantive legislative updates, other changes in the law in the last decade could mean it’s time for a refresh of your equality-related policies and procedures.

Mixed-sex civil partnerships

Civil partnerships were invented in 2004 as a way to give same-sex couples legal protections broadly similar to marriage, albeit with a few differences. At that time marriage was illegal for same-sex couples across the UK. In 2014, the same-sex marriage ban was lifted in England and Wales, as well as in Scotland, although it remained in force in Northern Ireland.

This created inequality in the law, as civil partnerships had been created exclusively for same-sex couples, who then had the option to choose either a civil partnership or a marriage, while mixed-sex couples could only choose a marriage.

The legal differences between the two institutions include how they are formed and their grounds for dissolution, and campaigners took the case to the Supreme Court who agreed that civil partnerships should also be available to mixed-sex couples.

Why mental health training matters in 2020

The estimated cost of mental ill-health to UK employers each year is between £33 billion and £42 billion, totalling around 91 million lost working days. About 10% of these losses were due to staff replacement costs, 30% down to people being off sick (absenteeism) and 60% of the cost due to reduced productivity at work (presenteeism).

Two-thirds of UK CEOs considered the mental health of their employees as a priority, but only 16% had a defined strategy in place to help them.

Omnitrack feature update – Add conditional logic on multi-select fields

VinciWorks continues to develop its Omnitrack form builder to make using our data collecting and reporting tool even easier and more efficient.

What is the Omnitrack form builder?

Rather than spending hours creating and sending out long and tedious Microsoft Excel, Word or PDF forms, the Omnitrack form builder allows administrators to easily build forms with conditional logic. All the data collected from the forms can easily be aggregated into graphical charts that are updated in real-time.

Conditional logic – How have we improved the form builder?

Conditional logic allows administrators to easily ensure only the most relevant questions appear each time a form is being completed. For example, when completing a form for DAC6 reporting, a transaction that doesn’t involve a cross-border element between EU countries will result in considerably fewer questions in a form than a transaction that does.

On-demand webinar: The Fifth Anti-Money Laundering Directive – What Now?

On 10 January 2020 The Money Laundering and Terrorist Financing (Amendment) Regulations 2019 came into force. This statutory instrument updates the UK’s existing anti-money laundering legislation to take account of the Fifth Directive. With the UK due to exit the European Union just three weeks after, what will the future of money laundering regulation look like?

In this webinar, our experts gave guidance on the application of the Fifth Directive in the UK and what to watch out for in the post-Brexit UK money laundering regime.