GDPR Myth #4: GDPR is not something for the legal sector to worry about

Lawyer writing in a ledger

“We don’t do marketing.” “We already comply with the DPA.” “We outsource our IT.”

Does the legal sector need to worry about GDPR?

These are all bedtime stories some in the legal sector have been telling themselves about GDPR. The truth is, like any business, the legal sector must be ready for GDPR-day in May. There’s a lot of evidence to suggest it isn’t.

Law firms are both controllers and processors of their client’s data, meaning there are quite a lot of rules that must be followed. Current data collection methods, particularly consent, must be reviewed before May. It’s crucial to review the conditions for processing data and identify the correct legal basis. Some conditions, like consent, may not be valid for all processing activities after May.

continue reading

GDPR Myth #3: You can’t send marketing emails anymore

Send button on computer keyboard
Will continuing to send marketing emails put your business at risk of breaching GDPR?

Do the General Data Protection Regulations (GDPR) mean you can’t send any more marketing emails?

JD Wetherspoons, the UK’s largest pub chain, hit the industry headlines last year when it decided to delete its entire marketing list. GDPR has injected a sense of impending doom into email marketers worried that carefully cultivated lists will need to be trashed come GDPR day.

This is not the case. GDPR does not prevent direct marketing taking place, nor does it mean your lists have to be deleted and collected again from scratch. However, it does mean marketers have a greater responsibility in processing personal data, and some issues around consent to market may have to be looked at.

Read more 

VinciWorks adds Subject Access Request module to GDPR course

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

continue reading

GDPR Myth #2: GDPR requires you to delete all of a person’s data if they ask

Delete button on a computer keyboard
Does GDPR require businesses to delete all data upon an individual’s request?

What is meant by “The Right to be Forgotten” under GDPR?

The right to be forgotten is one of the key innovations of GDPR, but it’s not exactly a new right, nor is it absolute. It developed in European law in the aftermath of an important court case known as the Google vs Spain ruling. In 2010, a Spanish citizen complained about an outdated court order against him appearing on Google search results. The European Court of Justice agreed this infringed on his right to privacy and ruled that individuals have the right, under certain conditions, to ask search engines to remove links with personal information about them where the information is inaccurate, inadequate, irrelevant or excessive.

The right to be forgotten has been enshrined in GDPR as the right to erasure. This is slightly more encompassing than the original Google vs Spain rules, giving an individual the right to have their personal data erased and prevent it being processed in specific circumstances.

Read more: what should a GDPR compliant privacy policy include?

continue reading

GDPR Myth #1: Fine of 4% of global turnover for your first GDPR offence

Question mark

Will regulators actually fine businesses 4% of global turnover for committing a General Data Protection Regulation offence? What are the actual repercussions of failing to comply with GDPR?

It’s a headline-grabbing threat designed to leave you shaking at your keyboard, fearful that one wrong keystroke will siphon off €20m, or 4% of turnover, whichever hurts the most. The current maximum level of fine that can be levied under the Data Protection Act 1998 is peanuts in comparison, £500,000.

Some of the biggest fines levied by the UK’s data protection regulator, the ICO, would balloon under GDPR rules. TalkTalk’s 2016 fine of £400,000 would become nearly £60m

However, GDPR is not about fines. The ICO has made clear that maximum fines will not become the norm, nor will examples be made of big brands for minor infringements. As they’ve said, they prefer the carrot to the stick. The ICO’s record stands to reason. In 2016/17, the regulator dealt with over 17,000 cases. Only 16 resulted in a fine.

Learn more: download VinciWorks’ GDPR guide to make sure your business is ready for GDPR implementation on 25 May.

continue reading

Menopause can be a disability, and firms must make reasonable adjustments

The UK’s Equality and Human Rights Commission (EHRC) has issued guidance to inform firms they could be liable for being taken to an employment tribunal if they do not make reasonable adjustments for staff experiencing menopause.

Adjustments can include time off, flexible hours, relaxed uniform policies and rest areas. Failing to make reasonable adjustments can amount to disability discrimination, as menopause symptoms can have a long term and substantial impact on a person’s ability to carry out usual day-to-day activities.

continue reading

On-demand webinar: Making your organisation more menopause friendly

Many organisations discuss gender equality and promoting women, particularly older and more experienced women. But what does this look like in practice? What are the practical steps to supporting older women in the workplace, and how can barriers to success be overcome?

One highly effective strategy is making your organisation menopause friendly. Older women are one of the fastest growing in today’s workplace, and research has shown that nearly two-thirds of women have taken time off work due to their symptoms, with some even leaving their jobs due to not being supported in their workplace.

In this webinar, VinciWorks compliance experts will take you through the steps your organisation can take to become menopause friendly. From implementing a menopause leave policy to environmental factors affecting a workplace, this session will inform you on why making your organisation menopause friendly is a cost-effective, impactful and necessary initiative.

The webinar featured an interview with Dr Rebecca Lewis from the highly respected Newson Health Menopause and Wellbeing Centre.

This session covered:

  • The basics of menopause as a diversity and inclusion issue
  • Building a coalition for progressive menopause change in an organisation
  • Countering common myths, stigmas and stereotypes
  • Top tips for implementing a menopause leave policy
  • Tackling environmental, organisational and cultural factors on menopause

Watch on-demand

On-demand webinar: AI and compliance in the workplace

Artificial intelligence (AI) is rapidly changing the workplace. Generative AI tools like ChatGPT and Dall-E now allow people worldwide to accomplish more than humans ever dreamed possible. This creates many challenges for compliance departments, which have to deal with various regulatory issues related to the use of AI, from GDPR to discrimination.

In this webinar, we explored the concepts and terms used in discussing AI and bust some of the myths. We discussed best practices for using AI in the workplace with our team of compliance experts and uncovered the risks and opportunities of using AI at work.

This webinar covered:

  • Understanding AI in the workplace
  • AI and data privacy
  • AI and intellectual property
  • AI and discrimination
  • AI and conducting an effective risk assessment
  • AI and cybersecurity
  • Plagiarism in the age of AI

Watch Now

VinciWorks course release notes: In-browser editor, safeguarding training and more

Added in-browser editor to 100 courses

Tailoring courses has just become a whole lot easier. If you’ve ever wanted to customise your organisation’s online training, there’s a good chance you’ve experienced long forms to complete, having to scour long documents and mark up changes, or cumbersome editing tools that require hours of training. Our team has worked tirelessly to build an in-browser editing tool that allows you to make changes to your courses in real-time.

For the first time, you can now tailor your e-learning directly within the course. Edits are clearly visible as you make them and results can easily be shared with your colleagues via a unique link. Learn more here.

continue reading

New Course: Safer Universities training

Whilst university and higher education provide a uniquely enriching and formative experience for most students, it can also bring with it a wide range of challenges, from mental health issues to personal safety and well-being. These can be complicated by the fact that the vast majority of students may have not experienced living independently for the first time, away from their families and their support networks.

All universities and centres of higher education have a responsibility to safeguard their students so that they can take full advantage of the learning experience and development that universities offer in a safe and secure environment. Alongside the support services and structures that universities put in place, clear guidance needs to be offered, so that members of staff and contractors understand the key challenges that students may face, how to recognise warning signs, when and how to act, and the limits of their responsibilities. Failing to offer clear guidance on key considerations such as responsibility, disclosure and indeed appropriate behaviour, can lead staff to fail to act.

In addition, students themselves need similar guidance on these challenges, how to support their fellow students, how to recognise the signals of distress, and a clear understanding of what is appropriate behaviour in much the same way that an organisation would set out its policies on the expectations of the behaviour of its staff.

Our new video-led Safer Universities course explores the challenges that students face, dispels myths and gives clear guidance on the responsibilities of individuals, staff and students, to ensure they can act accordingly and responsibly.

continue reading

New course from Skill Boosters: Domestic Abuse

Domestic abuse can take many different forms and is not always easy to spot – in fact, even the person on the receiving end may not recognise it for what it is. There can be many reasons why people experiencing domestic abuse are reluctant to speak up or seek help, from fears around their personal safety to concerns about being judged by their friends and family, employer or colleagues.

With many people working from home for a protracted period during the Covid pandemic, instances of domestic abuse have increased dramatically and had a devastating impact both on employees’ physical and mental health and on their performance at work. Being able to spot where domestic abuse may be occurring and taking appropriate action to protect and support their staff is therefore a crucial aspect of employers’ duty of care. 

continue reading