Screenshot from a newspaper article
As GDPR came into force in May 2018, many people questioned the hype around compliance with the regulation

VinciWorks has revisited our popular GDPR mythbusters series to separate the data protection facts from fiction.

GDPR received the kind of hype normally saved for a celebrity meltdown or an Avengers movie. In 2018, the eponymous EU directive, otherwise known as Regulation 2016/679, scored higher in Google search rankings than Beyoncé and Kim Kardashian. GDPR notched up over 300,000 media mentions, three times as many as Mark Zuckerberg managed. It even spawned a sub-culture of memes as EU citizens drowned under a flood of emails informing them of privacy policy updates and “click here to re-subscribe”.

On-demand webinar – GDPR Mythbusters 2019

continue reading
Silhouhette of a spy
The Information Commissioner’s Office (ICO) is deploying agents around the world to clamp down on those failing to comply with GDPR

As a year since the introduction of the EU’s General Data Protection Regulation (GDPR) approaches, we revisit our popular GDPR Mythbusters series to separate the data protection facts from fiction.

GDPR’s reach promised to be global. Companies around the world would fear the shadow of the EU regulators. They would quake in their sandals or snow boots as diligent Europeans pursued international data bandits across baking desserts and frigid tundra in the name of justice; serving enforcement actions on those crooks, wherever they may hide.

Read more: GDPR training for US-based staff

continue reading

As a year since the introduction of GDPR approaches, VinciWorks revisits our popular GDPR mythbusters series to separate the data protection facts from fiction.

Just six minutes after GDPR came into force on 25 May, 2018, two European advocacy groups, Quadrature du Net and None Of Your Business (NOYB), filed complaints against search giant Google. Similar complaints were also levied against the titans of the internet age: Facebook, WhatsApp and Instagram. These actions were not confined to just one jurisdiction. The white knights of data protection made their mark in the halls of national regulators in Paris, Vienna, Brussels and Berlin.

The complaint? Nothing greater than the default advertising settings that come when signing up for a standard Google account. Users must agree for their personal data to be used in order to show them personalised adverts, and Google requires people to agree to those terms and conditions via pre-ticked boxes in what NYOB calls “forced consent.”

On-demand webinar – GDPR Mythbusters 2019

continue reading

The newly implemented General Data Protection Regulations (GDPR) across Europe has been dramatised, as critics have suggested that GDPR is going to cost businesses a lot of money to implement the regulations. However, this isn’t necessarily the case. In-fact, businesses will benefit from GDPR, as the new regulations offer security, co-operation and the opportunity to process data efficiently. If your business implements GDPR in advance, you will be one step ahead of your competition, and on track to create a stable and fair platform for data management.

The Information Commissioner’s Office (ICO) is here to help:

Critics have attempted to scaremonger businesses with the threat of the ICO, the public body responsible for administering the repercussions of a data breach. The ICO does have the legal right to fine an organisation up to €20 million or 4% of the business’ global turnover, but this is rare.

The threat of a fine from the ICO appears intimidating, but this is the ICO’s most severe penalty, and one which they will only impose on the most extreme data breaches. For example, the ICO in 2016 only fined 16 organisations out of the 17,300 cases which they had to deal with.

Elizabeth Denham, the British Information Commissioner, has clearly addressed the role of the ICO and attempted to debunk myths surrounding it. Essentially, the ICO is established to protect a citizen’s data rights, not to punish businesses unfairly. Denham notes that the ICO prefer to guide and help businesses with their GDPR compliance, not to punish them.

Consequently, the ICO administer warnings, corrective orders and reprimands, more so than they do monetary fines. However, warnings and corrective orders can tarnish a business’ reputation, therefore it is wise to avoid these penalties.

The ICO offer advice and guidelines for businesses to help them with administering their protection regulation, so that penalties don’t have to occur. Therefore, the ICO is a supportive public body, which should not be feared by businesses. The GDPR and the ICO simply want to ensure that a citizen’s rights are prioritised, and therefore this should not shock or intimidate any businesses.

Why GDPR compliance is beneficial to a business:

Data management will fall under the scope of many sectors in a business, therefore the transmission of data across a business creates a co-operative and interactive environment. From the security team to the sales team, data management needs to be conducted in a uniform process. Therefore, different teams in the business are now forced to work together to achieve data protection and really make the data valuable.

The articles set out in the GDPR aim to achieve transparency, accuracy and accessibility of personal data in a business. Through advertising qualities such as these, a business appears to be more competent and secure, therefore customers would rather store their personal data in a business which is GDPR compliant, instead of a business which is not. Consequently, the business which is GDPR compliant, achieves a competitive edge.

Implementing GDPR is an incentive to modernise your business. So, not only will data protection allow your business to become transparent, it will also encourage a business to consider their customers’ rights and needs. Customers who are supplying their personal data to businesses, want to trust that particular business. Therefore, businesses need to consider how they can further satisfy their customers.

Which industries will benefit from GDPR compliance the most?

To demonstrate how GDPR compliance can benefit a specific business, we can look to the insurance industry. The majority of insurance companies have welcomed the changes brought about by GDPR. This is because insurance companies hold the personal data of many customers, therefore they have welcomed changes to their data management procedures.

The GDPR demands that data subjects must be able to access their personal data easily through data access requests. Consequently, businesses have been encouraged to consolidate their personal data banks, ensuring they are accurate, up-to date and all kept together in a clear, concise fashion. Therefore, businesses can now locate and utilise this data more easily than before. Insurance companies have referred to the consolidation of personal data banks as “the golden record” or the “Customer 360 view.”

Aviva, the renowned British insurance company, issued notices to their customers via their website to let their customers know that Aviva’s GDPR compliance procedure is under way. Therefore, it appears that Aviva are embracing the GDPR changes and ensuring their data management is cemented to uphold the new protection regulation.

It is essential that businesses are not intimidated by the changes which they will have to make to become GDPR compliant. To avoid data breaches and to ensure your business it as competitive and successful as possible, implementation and GDPR compliance is a must.

GDPR webinar banner

Over the weeks leading up to the General Data Protection Regulation (GDPR) coming into force, VinciWorks has hosted a number of webinars on the topic, answering hundreds of questions in the process. You can get instant access to all our GDPR webinar recordings by clicking on the links below.

Understanding the Data Protection Act 2018

In our webinar on understanding the Data Protection Act 2018, VinciWorks’ GDPR experts Nick Henderson and Gary Yantin explored the newly enacted DPA 2018 and the key differences and derogations from GDPR you need to know about.

Watch webinar

Full-day GDPR webinar

On 24 May, the day prior to GDPR coming into force, VinciWorks hosted a full-day webinar including live Q&As, interviews with GDPR experts and helpful advice on complying with the new regulation.

Watch full webcast

GDPR – Data Protection Impact Assessments

During this webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.

Watch webinar

continue reading

The General Data Protection Regulation has now come into force. The UK’s third generation of data protection law has received Royal Assent and its main provisions commenced on 25 May 2018. The new Act aims to modernise data protection laws to ensure they are effective in the years to come. VinciWorks has hosted a number of webinars to help businesses prepare for the EU-wide law.

On 24, VinciWorks hosted a full-day live webcast to answer questions, interview experts and review the changes to data protection law under GDPR.

Watch #GDPRday highlights

Full-day live GDPR webcast schedule

10:00am – Q&A on lawful basis for processing, Gary Yantin and Nick Henderson, VinciWorks

11:00am – GDPR Mythbusters, Webinar replay

11:30am – So you’ve been appointed DPO. What now? Interview with Andrew Moyser, MHA MacIntyre Hudson Chartered Accountants

12:00pm – Live Q&A on privacy notices and DPIAs, Alyssa Redsun and Nick Henderson, VinciWorks

1:00pm – Data Protection Impact Assessments, Webinar replay

2:00pm – The ICO’s view – what will change after GDPR? Richard Nevinson, Information Commissioner’s Office

2:15pm – GDPR – getting it right, Alex Brown, Simmons & Simmons

2.30pm – Live Q&A – ask us anything (about GDPR), Gary Yantin and Nick Henderson, VinciWorks

3:30pm – Privacy notices, Webinar replay

4:30pm – Dawn raids – preparing for the unexpected, Karla Gahan, VinciWorks

5:00pm – Closing remarks and guidance

View full schedule and presenter bios

continue reading

GDPR webinar banner

Under GDPR, you need an approved ‘condition for processing’ for every data processing activity, but you don’t always need to seek consent. With just a week until GDPR comes into force, Director of Course Development Nick Henderson and Director of Best Practice Gary Yantin hosted another webinar to take a deep dive into understanding the conditions for processing data which underpin all uses of personal data.

The webinar covered:

  • When do we need consent and when do we not?
  • How to rely on legitimate interest
  • Data processing scenarios
  • Answering your questions on the topic

Watch now

continue reading

GDPR webinar banner

With GDPR day less than a month away, Director of Course Development Nick Henderson continued  to help organisations prepare for the new EU wide regulation. During the webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.

Read more: The VinciWorks GDPR training suite

The webinar covered:

  • The seven steps of conducting a DPIA
  • The suggested DPIA timeline
  • What to do if you haven’t yet started conducting your DPIAs
  • Who should be responsible for conducting and monitoring DPIAs
  • Shared tips from attendees

Key findings

  • 55% of attendees said they haven’t consulted externally on their DPIA while 27% said they have and 8% said they haven’t but they should have done
  • Biometric and genetic data are now special categories of data under GDPR and are required to be included in a DPIA
  • It is important to act on the recommendations of the DPIA and often are required to share findings with a third party, such as the Information Commissioner’s Office (ICO)
  • Only 4% of attendees have conducted a DPIA on everything while 30% are planning to begin the process soon

Watch now

continue reading

Calendar showing when GDPR is in force
The EU wide General Data Protection Regulation comes into full force on 25 May

VinciWorks GDPR Training Course

With so much GDPR compliance to get done, figuring out a training schedule for staff can seem like an impossible nut to crack. That’s why VinciWorks have made it as easy as possible to figure out what staff need trained on what, when and how often.

VinciWorks’ flagship online training course, GDPR: Privacy at Work does the hard work for you with a unique course builder and training modules specifically tailored to every role in an organisation. With thousands of possible course combinations available, it’s the sure-fire way to get the right training in front of the right staff at the right time. Our GDPR training suite provides further GDPR courses and knowledge checks.

VinciWorks has developed an entire suite of helpful GDPR resources to guide your organisation on its way to compliance. For a more in-depth look at training requirements for different departments and job roles, review our suggested schedule below that includes what resources to roll out post-GDPR to assess comprehension and understanding.

continue reading