7 tips for turning your data protection policy into a competitive advantage

7 tips for turning your data protection policy into a competitive advantage

So you’ve implemented a new data protection policy, trained your employees, and you’re confident your business is now in compliance with data protection regulations.

You might think your work is done, but if you stop there, you’re missing out on a golden opportunity to turn your data protection policy into a competitive advantage.

Privacy has never been more important to consumers than it is today, and with the number of high profile data breaches in the news and the impending General Data Protection Regulation, it’s only going to become more important.

In today’s privacy-conscious marketplace, data protection is about more than compliance – it’s about trust. So, what can you do to make the most of this marketing opportunity? Here are our tips:

1. Make information on how you handle data easily available on your website

This is the absolute minimum you should be doing nowadays. Customers want to know what data you’re collecting and why – and you’re legally obliged to make this as transparent as possible.

A terms and conditions page may help you comply with data protection regulations, but clear, prominent messages explaining why you collect data and how it helps you deliver your services will boost consumer confidence in your business.

2. Make it clear what data you’re collecting and why WHENEVER you collect it

Many websites today ask for permission to store cookies, and paper forms have included consent checkboxes for years, but data protection should ideally be part of the conversation during every transaction whether via your website, email, social media, over the phone, or in person.

By always telling customers what data you’re collecting and why, you’ll not only ensure compliance, you’ll also demonstrate how seriously your business takes data privacy and earn the trust of your existing and potential customers.

3. Get consent for anything data will be used for

It’s your responsibility to check that individuals have consented to be contacted by you before you make contact, but this is the minimum you should be doing to earn the trust of your customers.

The proposed General Data Protection Regulation states that explicit consent will need to be obtained for any potential use you’ll make of data – an excellent opportunity to make it absolutely clear how the data you collect helps your business to deliver the best service it can.

4. Be clear about how consumers can opt out and have their data deleted

It’s a legal requirement that businesses allow customers to have their data removed, but many businesses fail to make this process clear – perhaps out of fear that too many customers will avail themselves of the service.

This is counterintuitive when it comes to gaining trust, and in the long term will cost you customers who are suspicious of giving away personal information to a company they don’t have confidence in.

5. Create a data privacy culture among employees

Every employee should receive training in data privacy issues, but it’s especially important for those facing privacy-savvy customers. Expect your staff to face some tough lines of questioning about your data protection policies in the future, which may even be the difference between making and losing a sale, especially when it comes to larger companies.

Being able to explain your processes clearly and demonstrate that data privacy is part of the culture will prove your business can be trusted with the customer’s data before they even need to ask the question.

6. Make sure the customer journey is fluid, especially where their data is involved

Your customers expect you to be well organised and in control, especially when it comes to their data.

Whenever a customer has an enquiry, your employees should use the necessary access controls, such as security questions, to verify who they’re speaking to. Once verified, make sure your employees will be able to easily find what they need – you don’t want customers thinking you don’t know what you’re doing, especially when it comes to their privacy!

7. Respond accordingly in the unfortunate event you suffer a data breach

If you’ve done everything you can to create a data privacy culture, then it’s unlikely you’ll suffer a data breach – but if you do, how you respond could be the difference between irreparable damage to your reputation and a minor blip.

Contact everyone who may have been affected immediately. If customers find out you tried to keep a breach quiet, your reputation will be ruined. As part of your response, put as much resource as you can into offering support services and helping customers to take any steps necessary to secure their privacy.

What VinciWorks offer

If you’re looking for a cost effective way to create a data privacy culture then consider VinciWorks’ Compliance Essentials eLearning courses or our introduction to Data Protection eLearning courses. Delivered online and accessible on computers, tablets and mobile phones, our compliance eLearning courses enable you to shape organisational culture and generate an automatic training record for audit purposes.

4 added values of a data privacy culture that go beyond compliance

Compliance with data protection regulation is often seen as a bane of the IT department’s life, so it’s no surprise that efforts are sometimes focused solely on meeting the minimum legal requirement as quickly and easily as possible.

Regulations can feel like barriers that get in the way of doing business, but there are benefits of creating a data privacy culture that go far beyond compliance.

So, apart from avoiding legal repercussions and fines – which could be up to 4% of global annual turnover once the General Data Protection Regulation (GDPR) comes in – what other benefits might businesses expect?

1. A data privacy culture gives you a competitive advantage

When choosing which businesses to deal with, customers increasingly want to know their data is in safe hands.

Full transparency around the data you collect, what it will be used for and how customers can control it will be one of the core requirements of the GDPR, and customers will look elsewhere if businesses don’t win their trust.

By being one of the first to implement a transparent data privacy culture, you could make the difference between which leads to a potential customer choosing you rather than a competitor.

2. You will (by necessity) develop a better understanding of how your data is used

To be transparent around how your business processes data, you need to have develop an in-depth understanding, including identifying every point at which data is captured, where it is stored, how it is accessed, and how it is destroyed.

Getting to grips with all of this may require initial effort in defining and redefining processes as well as employee training, but will pay dividends in the long run.

Better organised, more centralised and more accurate data makes streamlining processes and meaningful analysis possible and far more straightforward that if your data culture is a free for all.

3. Good data handling builds trust among employees

One of the main focuses of the GDPR is to empower consumers regarding the data businesses hold on them, and the discussion around this has increased widespread awareness of data privacy issues.

Data privacy has therefore become as much an ethical issue for your employees as a legal one. They’ll want to know the business they’re working for respects the privacy of consumers in the way they want demand their own privacy is respected by companies they purchase from.

Implementing a data privacy culture will therefore make your best employees more proud to work for you – and more likely to stay.

4. Your business will be more secure

Though it can sometimes feel like it, data protection regulation doesn’t serve solely to meet the best interests of consumers. Compliant businesses are protected in equal measure, and implementing a data privacy culture makes businesses far less vulnerable to cybercrime.

Why? Because all of the processes, policies and training required in creating a data privacy culture strengthen the biggest data liability in your business: your employees. The vast majority of data breaches are caused by individual errors, some of which are unforced, and some the result of hackers exploiting the naivety of employees through techniques like phishing and social engineering.

Embedding a data privacy culture is the surest way to secure your business against these threats at the same time as complying with data protection regulation.

How VinciWorks can help

Our Compliance Essentials Suite is a cost effective training solution for creating a data privacy culture. Compliance Essentials includes a number of information governance eLearning courses covering data protection legislation, records management and information security.

Compliance Essentials also includes delivery through our Astute eLearning Platform and all courses are regularly updated to reflect changes in legislation and best practice at no extra cost – so when the General Data Protection Regulation is in place, subscribers will not need to budget for additional training.

Combating corruption: what can your business do?

Combating corruption: what can your business do?

We have seen yet another large scale corporate corruption scandal come to light following a BBC Panorama investigation into British American Tobacco.

In a documentary broadcast recently, it was alleged that BAT, the UK’s fifth largest company, paid bribes to government officials in Africa with the intention of undermining anti-smoking legislation and made facilitation payments to damage rival companies.

Former employee turned whistleblower Paul Hopkins said he was told bribery was the cost of doing business in Africa, but bribery in any country contravenes the UK Bribery Act 2010.

So, ahead of International Corruption Day, what can your business do to combat corruption?

Raising awareness

Getting training right is vital in tackling corruption. Companies judged to have failed to prevent bribery from taking place can be subject to potentially unlimited fines as well as reputational damage.

Both committing bribery and being bribed are criminal offences and, as highlighted in the documentary when a government minister was allegedly bought a flight in exchange for undermining an anti-smoking bill, giving and receiving gifts can also constitute bribery.

Raising awareness levels throughout your organisation is therefore a must. To help businesses do this, VinciWorks provide a range of eLearning including three Anti-Bribery and Corruption courses designed to meet the requirements of various job roles.

So, whether a member of staff deals exclusively in the UK, engages in global financial transactions, or simply requires an overview to reduce the risk of being bribed, we have the training solution.

Contact us today to find out more.

Keeping compliance training up to date

Keeping compliance training up to date

So you’ve researched the market, decided on the provider for your compliance eLearning and put your employees through the courses. Job done, right?

Well, not exactly. Getting your staff trained initially on key compliance topics is only the start. How do you keep your employees up to date with latest legislation? How do you safeguard against your employees forgetting vital information or complacency creeping back into their working practices?

Of course, you can ask your employees to complete the training annually; but if the learning materials are the same each year will they be as effective as a new learning experience?

Selecting the right compliance eLearning partner is vital if your long term strategy is to be effective.

So, what should the right compliance eLearning partner offer?

Up to date materials

Keeping materials up to date legislatively and with best practice is the absolute minimum you should expect from a compliance eLearning partner.

But beware: even if content is current at the time of purchase, you could find yourself with out of date – and therefore worthless – materials if legislation changes.

Avoid this happening to you by ensuring your chosen compliance training partner also regularly updates training materials as part of their service.

Fresh look and feel

In the early days of eLearning, the experience was not too different from reading a book. The thought of thirty-plus pages of ‘click next to continue’ is still enough to bring some veteran learners out in a cold sweat.

With today’s technology, there’s no reason this should be the case. The same engaging experiences learners are accustomed to from browsing the web and using mobile apps are now available from eLearning.

If your chosen compliance training provider’s materials look dated and aren’t compatible with all devices, then you could be missing an opportunity to make a real difference to your organisation.

Alternative versions of courses

Every learner is different, and while some may require intensive training covering an entire topic, an overview of specific areas will suffice for others.

There’s no ‘one size fits all’ approach to getting the level of detail right in a course, so your training provider should offer the flexibility to cover just the areas learners need, and no unnecessary filler.

That’s exactly what our immersive courses do, providing interactive scenarios to test learners’ knowledge in key areas, linked to more in depth training should learners need it, and new versions are coming at the start of 2016.

Keeping things current within the training cycle

A lot can happen in the recommended compliance training cycle of twelve months, including legislative changes and incidents which need a response.

Learners can’t be expected to complete full courses in between their annual compliance training, so think about how you’ll respond if they do need a top up.

Our ‘coffee time’ eLearning modules are short, self-contained training nuggets which complement our full courses, perfect for when learners need a refresher in a specific area without taking the entire course.

Your compliance eLearning partner

Looking for a library of compliance training material that is always fresh, always engaging, and always kept up to date?

Are your employees promoting diversity in the workplace?

An unnamed man referred to in court as ‘Tim’ has been awarded £7,500 in a landmark ruling under the Equality Act 2010.

This case of discrimination is significant as Tim was subjected to several isolated incidents of homophobic abuse which were largely evident only through gestures.

In addition, although the gestures were mainly committed by a locksmith’s employee while he was on work breaks, he was still considered to be a representative of his employer.

As a result, Tim was able to bring charges under the Equality Act 2010 of an act of discrimination against a customer.

Discrimination

The Equality Act protects people from discrimination on the grounds of age, sex, sexual orientation, transgender status, religion, disability, race, and other protected factors.

Businesses are responsible for ensuring that not only employees are protected under the Act, but also any customers or third parties affected by their business.

Business responsibilities

Businesses must ensure the dissemination of training to help employees understand what behaviour may be considered insulting under the Equality Act. Importantly, this case shows that how the victim perceives the behaviour is more pertinent than the apparent intent of the perpetrator.

Creating a positive corporate culture – what can you learn from failings at VW?

A spate of recent news stories have raised the issue of corporate culture and the risks to a business when a culture becomes toxic.

Volkswagen earned acres of negative press recently after they were caught cheating emission tests in the US. While the full story is yet to emerge, early reports suggest that a negative corporate culture may be partly to blame.

Former VW executives have described a climate of fear, distance and respect in which the CEO’s ultimate authority was never checked. Even senior executives would be berated openly for their alleged mistakes.

“We need in future a climate in which problems aren’t hidden but can be openly communicated to superiors,” wrote Bernd Osterloh, a member of VW’s advisory board, in a letter to employees, “We need a culture in which it’s possible and permissible to argue with your superior about the best way to go.”

Organisations failing to listen to employees

Even when organisations aren’t silencing their employees, they often fail to listen, which can be equally damaging to an organisation’s culture and creativity.

Recent research (conducted by idea management company Wazoku) suggests that employers commonly fail to listen to employees and are ill-equipped to capture employee ideas and suggestions.

Employees are only likely to put forward ideas if they expect to be heard and respected. The company culture must be open to, and accepting of, new ideas and innovations.

Clearly, an organisation that is ruled by fear is unlikely to get the best ideas bubbling to the top – and unlikely to benefit from these opportunities to innovate.

Your corporate culture

How is your organisational culture defined? Your culture might be defined in a mission statement, or it might permeate your branding, or be reflected in the way your managers relate to employees.

Managers can define the atmosphere and influence the attitudes of their employees, so it’s critical that they understand your company culture and know how to embody your ideals.

Performance management training from Vinciworks

Vinciworks offers a range of eLearning courses to equip managers with the skills they need to excel in the modern workplace.

How can eLearning help you achieve organisational compliance?

Every business understands the need to be compliant, but actually achieving it is a complicated and ongoing process which causes headaches for business leaders.

An overwhelming number of regulations must be followed, and as organisations grow and the number of moving parts increases, so does the level of risk – and the complexity of managing it.

The problem? Compliance can’t be solved for an entire organisation in one fell swoop. Yet businesses still seek out ‘quick wins’ to their compliance problem.

Organisational behaviour

Organisational compliance is only possible when each individual employee understands exactly what is required of them. With regulations frequently changing and employees coming and going, each having their own job role and learning style, this is no easy task.

That’s a big part of the reason why many organisations’ compliance training efforts fail to yield the results they need.

Ideally, you’ll already have an awareness of what training is required for each employee, but even if you do, actually implementing the training can still prove a headache.

Segment learners

In order to achieve regulatory compliance, certain employees will require training which is totally irrelevant to others.

Allocating training based on job role or department does not entirely solve this problem, which is why Astute enables custom segmentation of your learners.

Careful use of Astute’s custom fields allows you to segment your learners, rapidly delivering training to the right employees, at the right time.

Learning Analytics

Knowing which employees have completed what training is vital not only for audit purposes, but also determining your learning and development strategy.

When it comes to analytics, eLearning comes into its own against other training solutions.

Astute’s Learning Analytics go far beyond course completion reports. The Learning Analytics dashboard can be drilled into to give you powerful insights such as:

  • Which teams, departments or segments of employees are more engaged with training
  • Which subject areas would benefit from further training intervention
  • What the impact of your eLearning efforts has been on other key performance indicators
  • And of course, Course completion status for any segment of employees

Having an overview of which areas of knowledge are lacking in your organisation, or which employees are less engaged with training gives you more insight than ever before, which can dramatically boost your compliance efforts.

How prepared are you for EU Data Protection reforms?

How prepared are you for EU Data Protection reforms?

In a recent blog post, David Smith, Deputy Commissioner and Director of Data Protection at the Information Commissioner’s Office wrote about how businesses can prepare ahead of the upcoming EU Data Protection Regulation reforms which are likely to be finalised before the end of this year.

Once finalised, there will be a two-year transition period before all data protection regulation is harmonised among the EU’s 28 member states.

When in place, it’s expected that businesses will be expected to provide greater control over data to customers, and penalties for data protection breaches are likely to increase significantly.

Start to prepare sooner rather than later

Although the final regulation is yet to be agreed, there are a number of steps businesses can begin to put in place to ensure they’ll be well positioned to comply with them once they are finalised.

These include:

  • Establishing clear processes and policies for all data-handling activities and systems which can be audited and communicated should individuals request information on them
  • Considering how those processes and policies will be communicated to staff, and how you’ll keep track of who has been made aware of them
  • Establishing a process for updating those processes and policies so that they can be updated once EU Data Protection Regulation reforms are finalised

Simplifying staff training

VinciWorks specialise in compliance eLearning, and provide a number of courses related to information governance including Data Protection, Freedom of Information, Information Security and Records Management.

These courses enable your business to rapidly-deliver training to staff online – meaning staff can complete their training when it fits in with their schedules.

And, with an eLearning platform such as Astute, which we use to deliver our eLearning, you can easily keep track of who has completed what course.

When regulations do change, ensuring your organisation is compliant will simply be a case of updating your eLearning courses – and of course, we’ll be keeping all of our eLearning courses up-to-date with any changes to regulations.

Six techniques for making compliance more than just a box ticking exercise

The consequences of failing to comply with regulations are well documented, yet we still see a wide variance in risk tolerance in businesses across the UK, from those who ignore the issue to those striving to create a compliant workplace culture.

Putting policies in place is a necessary step towards achieving compliance, but ensuring that policies permeate throughout an organisation to create a culture of compliance, rather than just being seen as a box-ticking exercise, is an ongoing and complex process.

When English Rugby’s three governing bodies asked for our help tackling the long-term risk posed to players by concussion, the aim was cultural change from grass-roots to professional level, ensuring every player, coach and referee adopted new concussion management policies.

To help achieve this, we produced a Concussion Awareness eLearning module which was completed by 100% of professional rugby players, coaches and referees at the start of the 2014-15 season, and has just been shortlisted for three e-learning awards.

Ensuring 100% completion of the module was important, but the real goal was changing the way concussion is treated within the sport. Here are some of the techniques we used to ensure the module was more than just a box-ticking exercise:

Technique 1: Show that the risk is real

Mismanagement of concussion has resulted in life-limiting neurological problems for former rugby players, so it was essential that the Concussion Awareness eLearning module was taken seriously.

To ensure this was the case, the module included a number of recognisable, hard-hitting real life examples of the consequences of concussion mismanagement to players.

In any organisation, failure to comply with regulations puts the organisation and individuals involved at risk. Showing the actual consequences, which can include fines, dismissals or prison sentences, makes sure compliance is taken seriously rather than being seen as just a liability-limiting, box-ticking exercise.

Technique 2: Develop a clear message that learners can take away

Effectively changing culture calls for a campaign with a strong, memorable message.

The Concussion Awareness eLearning module was built around the “Four R’s” of concussion: Recognise, Remove, Recover and Return, which describe the best practise for concussion management, and form the basis of rugby’s concussion management campaign.

By identifying the key messages around desired behaviours and reinforcing them through policies, communications campaigns and training, an organisation’s employees will be able to take them on board and utilise them in their daily work, creating the desired behaviours.

Technique 3: Get interactive

Rugby players are far more motivated by playing rugby than sitting in training rooms, so it was important that the Concussion Awareness module was as interactive and engaging as possible.

Interactive elements utilised included multiple choice questions, video examples of concussions and a symptom identification game, making the module far more engaging than simple text on a page.

In today’s busy working world, full of different tasks competing for learners’ attention, making training interactive is essential to engage learners with subjects and enhance information retention, ultimately leading to a greater cultural impact.

Technique 4: Elicit an emotional response

Training which creates an emotional response is more memorable and far more likely to make a lasting impact on organisational culture – the main goal of the Concussion Awareness module.

That’s why the module starts with a hard hitting video depicting the consequences of mismanaged concussion for a player – a scenario the target audience can easily empathise with – as well as concluding with a scene showing the positive results of managing concussion correctly.

No matter what the subject, delivering content in a way that creates an emotional response will help to ensure employees engage with new policies and training rather than just going through the motions.

Technique 5: Get the buy-in of senior management

When the Concussion Awareness module was launched in 2014, every player, coach and referee received a personalised letter from Rob Andrew, Professional Rugby Director at the Rugby Football Union and former England international.

Showing that the message is coming from the top goes a long way to justifying the need for policies and training, as well as helping to prevent it from being seen as a box-ticking exercise.

In businesses, this can be achieved by sending email, letters, or having senior executives deliver a town hall meeting to encourage staff to take mandatory training seriously.

Technique 6: Tailor the message to the audience

Policies affect different employees in different ways: a middle manager’s responsibilities around a subject like fraud prevention will differ from those of a senior executive or a graduate.

With Concussion Awareness, we created different versions of the module for each of the three target audiences because each has different roles and responsibilities when it comes to concussion.

While generic, cover-all-bases training may keep costs down, making policies and training as specific as possible ensures that employees engage with, take on board and put in place processes that reduce risk of failure to comply with regulations.

With eLearning, this is particularly straightforward to achieve, as all content is digital and can be tailored to meet the needs of specific groups.