The General Data Protection Regulation (GDPR) has been in full force across the EU since 25 May 2019. As of 25 January, 2019, eight months to the day since GDPR came into force, national data protection authorities reported nearly 100,000 complaints from concerned citizens. Google has already been fined by French authorities and several social media giants are currently being investigated.

The law applies to all businesses with customers in the EU, no matter where in the world they are based, and mandates much stricter data protection rules than ever before.

GDPR compliance should be an ongoing process and business must regularly review and, when necessary, update their policies, procedures and training to maintain compliance.

As a companion to our GDPR training suite, we have updated our GDPR compliance guide. The guide is suitable for both organisations who are fully compliant and would like to review the requirements of GDPR and those who have yet to reach full compliance.

Download the guide

Article 5 of the General Data Protection Regulation requires demonstrable compliance with the new regulations. With GDPR now in force, ensuring your staff are aware of your organisation’s data protection policies is now more important than ever.

Data protection changes under GDPR

Are you familiar with GDPR? Does your organisation have a process for data portability? GDPR legislation now allows individuals to obtain and reuse their personal data for their own purposes across different services. Other changes include the requirement for certain organisations to appoint a Data Protection Officer. Further, under GDPR, sensitive information now includes biometric and genetic information. This means that organisations should familiarise themselves with GDPR and ensure staff understand how to process personal data.
Continue reading

 VinciWorks has released a new e-learning course on tax evasion. The course will teach employees how to spot tax evaders, and the reporting procedures required of them. The training will cover the organisation’s policies and procedures, which include provisions of The Act and any other regulatory rules and principles. This includes:

  • An explanation of when and how to seek advice and report any concerns or
    suspicions of tax evasion or wider financial crime, including whistleblowing
    procedures
  • An explanation of the term ‘tax evasion’ and associated fraud
  • An explanation of an employee’s duty under the law
  • The penalties relating to the person and corporate entity for committing an
    offence under The Act
  • The social and economic effects of failing to prevent tax evasion

Continue reading

Data protection

The General Data Protection Regulation (GDPR) is now in force. It presents the most significant change to EU data protection in 20 years, meaning organisations have had to update their policies to ensure they are compliant. Further, all staff who are involved in the processing and storing of data must be familiar with their organisation’s data protection policy. We have therefore provided a data protection policy template to help your staff understand and follow your organisation’s data protection procedures.

Download GDPR policy template

Learn more: The GDPR resource page

GDPR policies and procedures

The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law. Its reach also extends to the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to widen individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.

The General Data Protection Regulation (GDPR) was a major shakeup in data protection laws. GDPR’s reach is global. Any company that offers goods or services to anyone in the EU or UK may be required to comply.

The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable, and leaves room for certain aspects of the regulation to be amended by individual member states.

Many other countries around the world used the EU’s GDPR as a model to make similar regulations. These countries include Turkey, Mauritius, Chile, Japan, Brazil, South Korea, South Africa, Argentina and Kenya. 

In the post-Brexit UK, GDPR is known as UK GDPR. UK-based organisations processing data of EU residents must comply with EU GDPR, just as EU organisations processing the data of British residents must comply with UK GDPR.

UK GDPR and EU GDPR are essentially the same; except UK GDPR refers to British institutions such as the Information Commissioners Office, as opposed to EU institutions.

The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.

What should a data protection policy include?

Who is responsible for the data protection policy?

Staff should know who to approach if they have any questions regarding the data protection policy or anything related to the processing of personal data. Under GDPR, certain organisations are required to appoint a Data Protection Officer (DPO). It will be their role to advise the company on the rules needed to ensure compliance with data protection laws.
Continue reading

VinciWorks’ first course on the Modern Slavery Act, Modern Slavery: Preventing Exploitation, focuses on giving staff a broad overview and introduction to forced labour and other abuses that the new Act was designed to tackle. Our next Modern Slavery Act course is at an advanced level aimed at those who have already completed the introductory course or need more in-depth training. Modern Slavery: Practical Steps for Procurement is tailored to the supply chain side of a business, giving procurement teams real-life scenarios and practical steps to identify and act on modern slavery abuses across all parts of the supply chain.

Countries with a high risk of modern slavery

High risk countries screenshot
Our course highlights the countries where workers have the highest risk of being held as slaves.

Learn from real-life examples

Real example of a girl being trafficked on a plane
Learn how to spot signs of modern slavery from real-life examples

Interactive review questions

Interactive modern slavery test section
Participants can review what they have learnt with interactive scenarios and real examples

Participants will gain an understanding of the supply chain hot spots, such as third party suppliers, outsourcing and international supply chain issues, as well as expanded red flags and abuse indicators. Upon completing the course, participants will be better equipped to ask the right questions to their suppliers. Here are some of the features of the new online course on modern slavery.

Find out more about Modern Slavery: Practical Steps for Procurement

Fill in the form below to receive exclusive updates about the course.

Fill out my online form.
A Young Girl Sews Fabric for a Clothes Retailer
Does your organisation know exactly what is happening in its supply chain?

Produce a Slavery and Human Tracking Statement with Our Template

Under the 2015 UK Modern Slavery Act, all businesses with over £36m in annual turnover conducting business in the UK are required to publish a slavery and human trafficking statement. The statement should detail the steps that your organisation is undertaking to ensure that your global supply chain is slavery free. Continue reading