Home » News updates and thoughts » GDPR » Page 2

Category: GDPR

GDPR – 3 pivotal thoughts

Data Protection Training £285

For front line staff, getting 3 pivotal areas understood and adhered can be the difference between GDPR compliance and breach.

  1. Is all filing robust?
  2. When, where and how is information used and shared?
  3. Have all service users actively agreed to this?

Think about the following:

Filing
is everything that contains a personal name filed under lock and key?

  • staff records
  • service user records
  • customer details
  • supplier details
  • invoices – purchase/sales
  • what about laptops – are they encrypted?

Sharing of data
do you know in the ins and outs of how, when and where you share data?

  • with whom
  • by what method
  • how shared data is stored
  • how long shared data is kept for
  • how shared data is destroyed
  • what about?
    • telephone answer messages
    • online and cashless payment systems
    • data back ups
    • emails
    • what about any apps the organisation uses
    • what about any social networks use

Consent

    • have all service users been told about all of all of the above
    • have they agreed to it

If all staff, all honesty answer no to any of these questions you really do need to instigate update training on the latest rules and regulations relating to data protection, GDPR and PECR.

to be fully compliant every system procedure, process, project and initiative needs to assessed to ensure privacy is maintained at every stage. As a bare minimum every member of staff needs to think about the above questions and point out where things may be going wrong.

Our training courses on data protection, GDPR, PECR and Privacy Impact Assessments help.

GDPR & PECR Training 2022

ICO Logo

Following the appointment of John Edwards as the new Information Commissioner we are expecting changes in strategy, direction, guidelines, rules and regulations that impact on data protection, the UK-GDPR and the UK-PECR.

We are keeping a close eye on changes and will incorporate them into our data protection related courses as the appear

Whilst most of the headline news around GDPR/PECR relates to data breaches analysis of action and fines by the Information Commissioners Office (ICO) shows that most breaches are down to human error; poor understanding of data protection laws and poor practice; bad judgments and naivety remain the most common drivers behind breaches.

It is imperative that management and data protection teams keep up to date with the all the changes as they occur. Embed them in their policies and procedures and cascade to staff.

Regular update training for all is a low cost way to stay compliant and avoid the huge fines that apply in the event of GDPR/PECR breaches.

Check out our courses here. Prices start at just £285+vat for a group of 14.

 

 

 

 

Why you need GDPR and PECR training NOW

Fines poster

Most people will have heard of the GDPR, but what about the PECR? Do you what it is or how high the fines for breaching it can be?

Unfortunately ignorance isn’t a suitable defence and most penalties for breaches of the GDPR and PECR can be attributed to staff errors. Poor or no knowledge of the regulations, insufficient understanding of what they, personally, need to do to meet the legislation. Poor quality, incomplete or missing privacy impact assessments or just laziness or it’s too much effort attitude and approach to privacy.

Concrew Trainings courses on GDPR and PECR bring these potentially dry dull and boring subjects to life and help participants understand why every company and every individual needs to understand fully the latest requirements for data protection.

Our courses start at just £285+vat for 14 people. The cost is miniscule relative to the fines the ICO hands out.

Well we would say that now wouldn’t we: ………………………..

Check out these recent ICO fines:

Mermaids Charity– 08 July 2021
The Information Commissioner’s Office (ICO) has fined transgender charity Mermaids £25,000 for failing to keep the personal data of its users secure.

Brazier Consulting Services – 01 July 2021
The Information Commissioner’s Office (ICO) has fined Leeds-based Brazier Consulting Services Ltd (BCS) £200,000 for making unlawful claims management calls.

ColourCoat Ltd – 23 June 2021
£130,000 fine for multiple breaches of Regulations 21 and 24 of the PECR.

Global One 2015 Charity – 15 June 2021
fined £10,000 for sending unsolicited direct marketing messages

Papa Johns (GB) Ltd – 15 June 2021
fined £10,000 for sending nuisance marketing messages to its customers.

OK, I hear you say, but it won’t happen to us………….. We are too large/professional/organised/etc/etc

What about the recent names fined in the last 12 months

The Conservative Party MPN
The Information Commissioner’s Office (ICO) fined the Conservative Party £10,000 for sending marketing emails in the name of RT Hon Boris Jonson MP to people who did not want to receive them.

American Express Services Europe Limited
Direct marketing messages were sent by, or at the instigation, of American Express Services Europe Limited. These messages contained direct marketing material for which subscribers had not provided adequate consent. Fined £72,000

Marriott International
The ICO fined the hotel chain Marriott International Inc. £18.4million for failing to keep millions of customers’ personal data secure.

British Airways
The Information Commissioner’s Office (ICO) fined British Airways (BA) £20m for failing to protect the personal and financial details of its customers.

Singapore subway by Jim used under CC BY-SA 2.0

NOYB to end website cookie banner terror

web site cookie banner exampl

Is your web site and marketing GDPR and PECR compliant?

The Austrian based organisation NOYB – European Center for Digital Rights has commenced its campaign to rid web sites of unlawful cookie banners.

The GDPR and PECR were meant to give users full control over their data and ensure that company/organisational marketing was only received by those who actually request it.

The GDPR and PECR were meant to give users full control over their data and ensure that company/organisational marketing was only received by those who actually request it.

The NOYB current focus is on web sites that make it difficult to reject non-essential cookies, but Concrew Training also notes that many web sites don’t even give you the choice to opt out.

In short these companies and organisations are likely to be in breach of the GDPR and PECR and risk fines of up to 4% of global turnover or Euro 20 Million.

With the NOYB moving to report some 10,000 companies a year no business or organisation can afford for their sales and marketing teams to ignore the GDPR and PECR.

Concrew Trainings’ short courses on GDPR and PECR raise participants’ awareness of the legislation and rules relating to data protection and ePrivacy. Our full day face-to-face and 3 module online courses provide in depth knowledge and understanding.

 

AMEX – fined £90,000 for GDPR PECR breach

GDPR are you complaint

The UK ICO has fined American Express £90,000 for breaching GDPR and PECR. This fine was not related to hacking but rather American Express’ failure to adhere to the regulations when marketing and promoting their products and services.

Concrew Training’s short courses on GDPR, PECR and Privacy Impact assessments cost as little as £200 and could have helped prevent these mistakes. For marketing and data protection specialists are full day courses offer tremendous value.

Read more about the AMEX case here

Are you GDPR compliant?

GDPR 2020 are you compliant?

1446 breaches reported to the ICO in the first quarter of 2020/21. With lockdown and people working from home what will quarter 2 figures be? Do you and your team adhere to GDPR best practice? Do you know what best practice is?

Many organisations buy in low cost online GDPR training. Staff read a few pages of text and answer some basic questions and then having “passed” the evaluation go back to their normal behaviour.

The box has been ticked, the training given and knowledge assessed BUT behaviour seldom changes.

Our face to face training brings home the hard facing realities of what people need to do to ensure GDPR is considered for every task and action.

Is ALL your sensitive data locked away

Do doors to private rooms really stay locked

Is sensitive information lingering in your email boxes, in/sent/filed/deleted ?

Is your privacy policy GDPR compliant? when did you last look at it?

What about your storage and destruction policy, do you share it? is it easily understood?

The vast majority of breaches are down to human error, people not understanding the rules and not following them. Worse still they may know they are breaking the rules but are too scared to say anything – your systems, policies, procedures, resources might actually be preventing GDPR compliance.

Its easier and cheaper to stick a work in progress file in a tray than lock it up, until a breach occurs that is

Our GDPR training will help you, management and staff get back on track.