GDPR is here. Compliance has just begun.

The General Data Protection Regulation has now come into force. The UK’s third generation of data protection law has received Royal Assent and its main provisions commenced on 25 May 2018. The new Act aims to modernise data protection laws to ensure they are effective in the years to come. VinciWorks has hosted a number of webinars to help businesses prepare for the EU-wide law.

On 24, VinciWorks hosted a full-day live webcast to answer questions, interview experts and review the changes to data protection law under GDPR.

Watch #GDPRday highlights

Full-day live GDPR webcast schedule

10:00am – Q&A on lawful basis for processing, Gary Yantin and Nick Henderson, VinciWorks

11:00am – GDPR Mythbusters, Webinar replay

11:30am – So you’ve been appointed DPO. What now? Interview with Andrew Moyser, MHA MacIntyre Hudson Chartered Accountants

12:00pm – Live Q&A on privacy notices and DPIAs, Alyssa Redsun and Nick Henderson, VinciWorks

1:00pm – Data Protection Impact Assessments, Webinar replay

2:00pm – The ICO’s view – what will change after GDPR? Richard Nevinson, Information Commissioner’s Office

2:15pm – GDPR – getting it right, Alex Brown, Simmons & Simmons

2.30pm – Live Q&A – ask us anything (about GDPR), Gary Yantin and Nick Henderson, VinciWorks

3:30pm – Privacy notices, Webinar replay

4:30pm – Dawn raids – preparing for the unexpected, Karla Gahan, VinciWorks

5:00pm – Closing remarks and guidance

View full schedule and presenter bios

continue reading

Free on-demand GDPR webinar – conditions for processing

GDPR webinar banner

Under GDPR, you need an approved ‘condition for processing’ for every data processing activity, but you don’t always need to seek consent. With just a week until GDPR comes into force, Director of Course Development Nick Henderson and Director of Best Practice Gary Yantin hosted another webinar to take a deep dive into understanding the conditions for processing data which underpin all uses of personal data.

The webinar covered:

  • When do we need consent and when do we not?
  • How to rely on legitimate interest
  • Data processing scenarios
  • Answering your questions on the topic

Watch now

continue reading

On-demand GDPR webinar – Data Protection Impact Assessments (DPIAs)

GDPR webinar banner

With GDPR day less than a month away, Director of Course Development Nick Henderson continued  to help organisations prepare for the new EU wide regulation. During the webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.

Read more: The VinciWorks GDPR training suite

The webinar covered:

  • The seven steps of conducting a DPIA
  • The suggested DPIA timeline
  • What to do if you haven’t yet started conducting your DPIAs
  • Who should be responsible for conducting and monitoring DPIAs
  • Shared tips from attendees

Key findings

  • 55% of attendees said they haven’t consulted externally on their DPIA while 27% said they have and 8% said they haven’t but they should have done
  • Biometric and genetic data are now special categories of data under GDPR and are required to be included in a DPIA
  • It is important to act on the recommendations of the DPIA and often are required to share findings with a third party, such as the Information Commissioner’s Office (ICO)
  • Only 4% of attendees have conducted a DPIA on everything while 30% are planning to begin the process soon

Watch now

continue reading

Compliance update special: The biggest compliance scandals of 2018 so far

This year has already been significant in terms of compliance breaches by some of the world’s largest companies. And it’s not just business who’ve seen major failings recently, as we review recent compliance scandals in this years’ Compliance Update: 1 April Special.

Easter bunny fined for sanctions breaches

The Easter Bunny has been fined a record £21m by the Office of Financial Sanctions

Implementation (OFSI) for illegally importing up to 40 million Easter eggs. The eggs were illegally imported from Never Never Land in violation of international sanctions against the rogue state, with The Easter Bunny allegedly committing serious acts of bribery during the import of the eggs to cover up their origins.

Never Never Land continues to remain under severe international sanctions due to its failure to adhere to data protection laws and the continued WMD programme of dictator Captain Hook. With recent EU legislation expanding the scope of sanctions compliance, all organisations are being reminded to ensure their compliance is up to speed and they are not doing business with designated persons such as Captain Hook.

Free sanctions policy template

continue reading

GDPR training requirements: training schedule

Calendar showing when GDPR is in force
The EU wide General Data Protection Regulation comes into full force on 25 May

VinciWorks GDPR Training Course

With so much GDPR compliance to get done, figuring out a training schedule for staff can seem like an impossible nut to crack. That’s why VinciWorks have made it as easy as possible to figure out what staff need trained on what, when and how often.

VinciWorks’ flagship online training course, GDPR: Privacy at Work does the hard work for you with a unique course builder and training modules specifically tailored to every role in an organisation. With thousands of possible course combinations available, it’s the sure-fire way to get the right training in front of the right staff at the right time. Our GDPR training suite provides further GDPR courses and knowledge checks.

VinciWorks has developed an entire suite of helpful GDPR resources to guide your organisation on its way to compliance. For a more in-depth look at training requirements for different departments and job roles, review our suggested schedule below that includes what resources to roll out post-GDPR to assess comprehension and understanding.

continue reading

The digital marketing guide to GDPR

People receiving marketing emails from their smart phones

How to make your digital marketing GDPR compliant:

Due to the requirements under GDPR for obtaining consent to collect and process data, one of the departments in your organisation most likely to be affected by the reguations are marketing professionals. 

Four years into GDPR, GDPR fines are bigger than ever before and always growing: there was a 113% increase in GDPR fines between July 2020 to July 2021, and penalties have grown as well, from 130.69 million in July 2020 to 293.96 million in July 20201. Many of the biggest fines were marketing related, including a €746m fine doled out to Amazon for compiling data on customers and a €225m fine to WhatsApp for failing to provide information in clear and plain language. 

Using information that is publicly available doesn’t mean you’re off the hook: agricultural conglomerate Monsanto were fined €4,000,000 for maintaining records of activists, since they were essentially tracking them in an ongoing way without informing them.

As a marketer who collects information, whether it’s information that’s publicly available or not, it’s more important than ever to make sure you’re doing so in a GDPR-compliant way. The guidance given in this blog will help your marketing team fully comply with GDPR.

Read: GDPR: 10 things to do now

Assessment: how ready are you for GDPR?

Marketing lists

In June 2017, JD Weatherspoons felt the best way for its digital marketing to become compliant with GDPR was to delete its entire marketing list. While this may be the favourable approach for the pub chain, GDPR certainly does not require businesses to delete their entire marketing list.

Organisations can provide customer details to third parties only if they made this clear when the information was being collected. Records of how consent was obtained must be clear if the list is being used for making marketing calls, texts, or emails.

continue reading

On-demand webinar: GDPR – 10 steps to take before May

GDPR webinar banner

With GDPR day fast approaching, Director of Best Practice Gary Yantin and Director of Course Development Nick Henderson discussed the steps businesses should take to prepare. This was the first in a series of webinars on the topic of GDPR. You can download a recording of the webinar and the accompanying slides by clicking the button below.

Watch now

continue reading