Who should train on the Modern Slavery Act?

31 July 2016 marked one year since the Modern Slavery Act came into force. The leading voice behind the act, Prime Minister Theresa May, recognised the occasion with an article in the Sunday Telegraph providing more detail on how her government will lead the way in dismantling modern slavery.

The Prime Minister reports that important progress has been made in the first year with 289 modern slavery offences prosecuted in 2015 alone and a 40% rise in the number of victims identified by the State.

Training and raising awareness within companies

The Prime Minister stressed that raising awareness is a key component of the act. It is also an area that created early confusion. Many companies were not sure of their obligation to raise awareness through employee training.

Section 54 of the Act recommends that companies publish details regarding the training that is available to staff. However there is no official guidance on what the training should include or who should be trained.

With a year of perspective, and as the September deadline approaches (for companies with a financial year ending in March), we can now provide more clarity on this issue. By combing through existing slavery and human trafficking statements and through surveys and conversations, VinciWorks has identified the following trends and best practice for training.

Training should raise awareness and be practical

Most employees are not even aware that modern slavery is an issue. Therefore training must start by presenting facts and figures on the enormity and severity of modern slavery, in the UK and around the world. The remainder of the training should be practical and provide tools for identifying and eradicating slavery from the company’s supply chain.

The topics that we have identified are best practice for training include:

  • Techniques for how to identify slavery in the supply chain
  • Examples of red flags
  • The organisation’s internal reporting procedures

For example, SABMiller’s statement reads:

We are developing a practical training pack which will be rolled out to members of our executive committees and employees from relevant functions across the group to increase practical awareness about human rights risks, the ways in which they relate to our business, and our role in addressing them.

Nearly all companies are providing some training

Despite the fact that the training clause is only a recommendation, VinciWorks found that over 80% of published statements reference training as something that is available to staff.

For example, DAC Beachcroft said:

We will also be rolling out new training which will be available to all staff but made compulsory for those involved in recruiting and sourcing/managing a supply chain so that they are able to identify risk factors, understand the implications and assist us with implementing the Anti-Slavery Policy effectively.

Management and select departments have mandatory training

We conducted a poll of large UK organisations to determine the internal target audience for the training and benchmark best practice. In 36% of the companies we spoke to, the executive team is required to undertake some training and awareness on the issues of slavery. In addition, at 45% of companies, training is mandatory for employees who are at a risk of exposure to slavery and trafficking, such as buyers or those working in high risk areas. In 97% of companies, employees with a lower risk of exposure to slavery are made aware of the existence of training, but it is not mandatory.

Mercedes Benz, for example, write:

MBUK conducts on-line and face to face training for all employees to emphasise the importance of acting with integrity and in line with our own internal Ethical Business Code. Compliance officers incorporate guidance regarding the Modern Slavery Act into regular company training sessions.

training-plan_3

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.