Connect with us

Business

THE EU GENERAL DATA PROTECTION REGULATION IS NOW FINALISED. HERE’S WHAT YOU NEED TO KNOW.

The EU General Data Protection Regulation Is Now Finalised. Here’s What You Need to Know.

You are back in the office after the long holiday break and busy catching up. Did you miss the story about the EU’s General Data Protection Regulation (GDPR) receiving final approval?  Some are calling it a “milestone of the digital age”.

Andy Green

Andy Green

We’ve been following the GDPR on the Varonis blog over the last two years. If you want to catch up very quickly, read our omnibus post that’s a tasty distillation of our wisdom on this subject.

Or if you have some more time, check out our comprehensive GDPR white paper.

With the final draft, a few ambiguities and loose ends were ironed out from the different versions provided by the EU Parliament and the Council.

I’ve put together a few key points that should resonate with Inside Out readers. Keep in mind the GDPR will take effect in 2018, and until then the old Data Protection Directive (DPD) remains the law.

Fines

We have closure on the question of fines: the GDPR has a tiered fine structure.

For example, a company can be fined up to 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach (articles 31, 32), or not conducting impact assessments (article 33).

More serious infringements merit a 4% fine. This includes violation of basic principles related to data security (article 5) and conditions for consumer consent (article 7)– these are essentially violations of the core Privacy by Design concepts of the law.

The EU GDPR rules apply to both controllers and processors that is “the cloud”. So huge that cloud providers are not off the hook when it comes to GDPR enforcement.

Data Protection Officer

It’s official: you’ll likely need a Data Protection Officer or DPO. You can read the fine print in article 35.

If the core activities of your company involve “systematic monitoring of data subjects on a larger scale”, or large-scale processing of “special categories” of data—racial or ethnic origin, political opinions, religious or philosophical beliefs, biometric data, health or sex life, or sexual orientation– then you’re required to have a DPO.

In the US, the closest job title to this is a Chief Privacy Officer.

In any case, the job function of the DPO includes advising on and monitoring GDPR compliance, as well as representing the company when contacting the supervising authority or DPA.

Data Breach Notification

24 or 72 hours?

And the winner is … 72.

Article 31 tells us that controllers are required to notify the appropriate supervisory authority of a personal data breach within 72 hours (at the latest) on learning about the exposure if it results in risk to the consumer. But even if the exposure is not serious, the company still has to keep the records internally.

According to the GDPR, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data – the EU’s term for PII—is considered a breach.

Note my emphasis on unauthorised.

Based on my understanding of the GDPR, this means that if an employee sees data that’s not part of their job description, it could be considered a breach.

Of course, this is not a problem for your company, because your IT department has done a thorough job reviewing file access lists and has implemented role-base access controls.

You can read more about what you have to provide to the data authority in our “What is the EU GDPR” post.

Bottom line: The GDRP notification is more than just saying you have had an incident.  You’ll have to include categories of data, records touched, and approximate number of data subjects affected. And this means you’ll need some detailed intelligence on what the hackers and insider were doing.

Data processors have a little more wiggle room: they’re supposed to notify the company they’re doing the work for—the controller– “without undue delay”.

Under what conditions does a company have to tell the subject about the breach?

You can read the details in article 32, but if a company has encrypted the data or taken some other security measures that render the data unreadable, then they won’t have to inform the subject.

For Countries Outside the EU

We’ve been raising the alarms on extra-territoriality for several months now.

With the GDPR finalised, we can say with certainty the law applies to your company even if it merely markets goods or services in the EU zone.

In other words, if you don’t have a formal presence in the EU zone but collect and store the personal data of EU citizens, the long arm of the GDPR can reach out to you.

As many have been pointed out, the extra-territoriality requirement (article 3) is especially relevant to ecommerce companies.

Social media forums, online apartment sharing, artisanal craft sites, or beers of the world clubs: you’ve been warned!

Other Resources

All the permutations of the GDPR and how it can applies is just too complex to cover in a few blog posts.  Of course, your Data Privacy Officer is the go-to person for advice, along with outside legal experts.

Business

Return to work: Flexibility, preparation and communication are key

Return to work: Flexibility, preparation and communication are key 1

By Matt Weston, Managing Director, Robert Half UK

As lockdown restrictions ease for the foreseeable future, conversations across the business world are starting to turn to how employers can safely and seamlessly prepare for their workforce to return to the office.

Research from Robert Half has found that over half (54%) of employees are worried about working in close proximity to their colleagues, while a similar proportion are eager to return to the office due to loneliness working from home (45%) or concerns about missing out on career opportunities (30%).

Unsurprisingly, after everything companies and their employees have done to successfully adapt their operations and working practices to social distancing rules over the last few months, immediately returning to the old ways of working will likely neither be sensible or practical. With safety being the key priority for the ‘new normal’ of office life – communication, flexibility and preparation should be the main focus areas for employers.

With this in mind, what are the challenges and opportunities that employees anticipate as they prepare for the return to work, beyond government and industry supplied health and safety best practice? Furthermore, how can employers best support their staff during this period?

Keep people at the heart of change

It is important to recognise that your workforce has been working through an intense period of uncertainty and change for months, which can be incredibly unsettling. On top of this, working for weeks in isolation without the usual physical interactions with team members could be potentially detrimental to employee engagement and mental wellbeing.

Having adjusted to keep staff connected with one another from a distance with virtual team building exercises, video calls and daily check-ins, as teams begin working in hybrid models with some in the office and others remote, staff engagement will need to adapt again.

Managing people with greater sensitivity and maintaining positivity throughout will be crucial. To help instil a sense of normality and engagement, encourage maximum collaboration between individuals (in accordance with social distancing rules), and make sure teams feel part of company goals and opportunities through regular meetings and communication – no matter their location.

Continuing to invest in technology and offering flexibility will also be important to ensuring that people can continue to work remotely or on-site, either in accordance with their own wishes or as part of your staggered return-to-office plan.

Communicate, communicate, communicate (and listen)

Reassuring staff that they are able to safely return to the office will require continuous communication. From expectations of the physical office, to expectations of how to operate within hybrid teams, these new expectations and new workplace requirements should be communicated to all staff clearly to avoid confusion.

Regular email updates, updates on the company’s intranet and social media channels, as well as frequent town hall meetings (either online or in a smaller setting) could be key elements of an effective communications approach.

Also, consider a feedback channel to allow staff within the team to offer thoughts on their experience of returning to the office and any suggestions on improving the process. Whether on a company-wide basis or a team-by-team approach, schedule regular check-ins to engage with employees’ questions and concerns.

Maintaining open communication channels with your team will be essential for keeping up employee morale and ensuring clarity. For example, if some employees aren’t comfortable with coming to the office every day, then they should have plenty of opportunities to voice their concerns and have them dealt with promptly, respectfully and fairly.

Staggered return-to-office planning

Depending on the size of business and density of office space, maintaining home working arrangements across teams on an alternating basis could make it easier to implement safe social distancing. This involves select teams working remotely while others work on-site on any given day.

An alternating approach to remote working might also reduce the risk of staff feeling pressured or overwhelmed by an immediate return to the office five-days-a-week. After all, some families might be juggling temporary disruptions to childcare arrangements and public transport systems will likely become crowded again. So, a transitionary period will help everyone adjust to post-lockdown office working.

Finally, if you have developed your technology infrastructure to facilitate remote working, you would do well to continue to leverage these new capabilities as in all probability, a mixture of remote and at-office work will be needed for some time.

Continue Reading

Business

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy  

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   2

Leading payments provider, Contis, has applied for two grants from the RBS & BCR Alternative Remedies Package, totalling £35 million.  

Unlike most applicants who will deploy funds through a single brand, Contis is taking a completely different approach. The funding will be used to drive fintech innovation in the UK by developing an off the shelf, B2B electronic and card payment technology platform for SMEs. With Contis’ powerful tech stack and regulated status, this will empower hundreds of fintechs to support the SME market with groundbreaking technologies, payments and lending capabilities. Contis today services over 800,000 consumer accounts, 14,500 business accounts and processes £4bn in transactions per year, demonstrating a proven track record.   

UK businesses are facing a challenging economic environment with the impacts of Covid-19 and Brexit. As large corporations and entire sectors are affected, SMEs will play a vital role in the recovery. Contis’ approach is completely disruptive, offering three channels to maximise support for SMEs and sole traders, through three unique brands, all powered by APIs from Contis’ modular and configurable engine. 

1.       Canvas for Business 

Contis is a super-vendor in the world of fintech, offering payments through proven banking rails and card scheme capabilities including issuing pre-paid, debit and virtual cards. They’re linked to digital delivery like Apple Pay and Google Pay, and a trusted tech stack that boasts 99.99% uptime.  

With funding from the Capability and Innovation Fund (CIF), Contis’ technology and regulated services will be made available to the whole fintech community, enabling them to provide dedicated SME accounts with the latest leading-edge capabilities delivered via Contis’ wholly owned, secure, cloud-based technology and apps. Contis’ solution has a firm eye on the need for SMEs to compete internationally, particularly after Brexit, and offers FX integration as standard.  

Canvas for Business will increase competition by providing fintechs serving the SME market with technology that outstrips the big banks. Contis will also provide credit referencing capabilities and empower fintechs to lend to their SME client base through Contis’ own credit licence. Without the constraints of legacy systems, it will enable simple connectivity to accounting and payments solutions, as well as to unlimited future innovations.  

2.       Engage for Business 

Over 150 Credit Unions currently use Contis’ Engage service and technology, and hold an estimated £400 million in undeployed cash reserves. Developed with CIF funding, Engage for Business will enable Credit Unions to launch business accounts and payments products for the first time, and allow excess funds to be redeployed in the SME sector through business support loans. This will revolutionise access to funding for sole traders and small businesses. 

3.       Freedom for Business 

With CIF funding, Contis will also offer large scale SMEs a direct-to-market solution where Contis holds the relationship and provides a bespoke offer to meet the business’ exact needs. 

Contis’ application to the Capability and Innovation Fund is focused on creating the widest possible impact for UK SMEs by fulfilling their accounts & payments needs and driving innovation in SME financial services. 

Through the grant, Contis will empower over 200 fintechs and Credit Unions to provide credit, simplify payments integration into everyday business needs, offer digital credit referencing, provide budgeting tools to SMEs, enable automated payments, give predictive insight on cash flow, provide rewards to SMEs on spending, and much more. 

Peter Cox, Founder and Executive Chairman of Contis said: “Our mission is to democratise payments and financial services for all SMEs, so they’re spoilt for choice with innovative and affordable solutions that meet their exact needs. Our approach, based upon proven technologies, will broaden and disrupt the services available to SMEs far beyond the capabilities of existing providers such as the big banks.  

“By driving competition and innovation, while improving the availability of funding, our approach will increase the services on offer to SMEs and make them more affordable, therefore becoming easier for every entrepreneurial person with vision to run their own businesses.” 

Continue Reading

Business

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 3

Nearly a third (32%) of consumers would switch providers if a brand’s website is unavailable for more than 24 hours

A study released today reveals the scale of omni-channel pressure brands now faced as a result of the Covid-19 pandemic, as consumers flock to apps and websites to as the priority destination to transact with brands.

The UK has experienced a huge leap in use of online services thanks to lockdown, with the public appearing to have less concern for the availability of a brand’s physical location. Research by Sungard Availability Services (Sungard AS) uncovers a “window of availability” that UK businesses now have before consumer loyalty changes:

  • If a brand’s website is down for 24 hours – 32 percent of consumers would switch provider
  • If a brand’s app is down for 24 hours – 28 percent of consumers would switch provider
  • If a physical store is closed for 24 hours – 20 percent of consumers would switch provider

The results by industry paint an interesting picture of the availability timeframes brands are expected to adhere to:

  • For online retailers, excluding grocery retailers – 23 percent of consumers would switch provider if they could not access online services for 12 hours, rising to over a third (34 percent) after 24 hours
  • For financial services and entertainment streaming platforms – 21 percent of consumers would switch provider after 12 hours, rising to 33 percent after 24 hours
  • In the case of online grocery shopping – 20 percent would switch provider after 12 hours, rising to one third 33 percent after 24 hours

The findings also highlight that as digital reliance increases, so will consumer expectations towards availability in the future. Over the coming two years, a third (33 percent) of consumers expect online financial services to always be available, rising to 35 percent for streaming services.

“UK consumers have become reliant on the constant availability of online services, and lockdown has only served to heighten this,” comments Chris Huggett, SVP, EMEA at Sungard AS. “What used to be a choice between physical and digital has now firmly accelerated into digital environments across various industries. As online worlds continue to outpace bricks and mortar as the face of businesses, ensuring constant availability and clear communications on downtime will be key for brands to build trust and loyalty.

Continue Reading

Latest Articles

Return to work: Flexibility, preparation and communication are key 4 Return to work: Flexibility, preparation and communication are key 5
Business22 hours ago

Return to work: Flexibility, preparation and communication are key

By Matt Weston, Managing Director, Robert Half UK As lockdown restrictions ease for the foreseeable future, conversations across the business...

How sustainable AI improves the triple bottom line 6 How sustainable AI improves the triple bottom line 7
Technology24 hours ago

How sustainable AI improves the triple bottom line

An investment in green AI enables financial services firms to align people, profit, and planet By Nick Dale, EVP business...

The impact and implications of Covid-19 on financial reporting 8 The impact and implications of Covid-19 on financial reporting 9
Finance24 hours ago

The impact and implications of Covid-19 on financial reporting

By Mark Billington, Regional Director, Greater China & South-East Asia, ICAEW The economic consequences of Covid-19 have been unprecedented, affecting...

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   10 Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   11
Business1 day ago

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy  

Leading payments provider, Contis, has applied for two grants from the RBS & BCR Alternative Remedies Package, totalling £35 million.   Unlike most applicants who...

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 12 Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 13
Business1 day ago

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver

Nearly a third (32%) of consumers would switch providers if a brand’s website is unavailable for more than 24 hours...

Demonstrating the value of collaborative leadership during crises 14 Demonstrating the value of collaborative leadership during crises 15
Business2 days ago

Demonstrating the value of collaborative leadership during crises

By Jean Stephens, CEO, RSM International In 2000, a leading expert in behavioural science, Daniel Goleman, outlined the six key...

Empowerment Accelerates Continuous Improvement 16 Empowerment Accelerates Continuous Improvement 17
Business2 days ago

Empowerment Accelerates Continuous Improvement

By Larry Sternberg, JD, Fellow, Talent Plus, Inc. Empowerment First, let me clarify how I am using the word “empowerment”...

What is loneliness and how can you manage it? 18 What is loneliness and how can you manage it? 19
Top Stories2 days ago

What is loneliness and how can you manage it?

By Iris Schaden Your Business and Personal Coach A mere century ago, almost no one lived alone. Today, many do...

How banks can build digital transformation into business continuity 20 How banks can build digital transformation into business continuity 21
Business2 days ago

How banks can build digital transformation into business continuity

By Andrew Warren, Head of Banking & Financial Services, UK&I, Cognizant Businesses around the world are falling victim to the...

Akerton Partners 22 Akerton Partners 23
Finance2 days ago

Akerton Partners

Akerton Partners S.L. is a Spanish independent mid-market corporate finance advisor founded over a decade ago, in 2008, amid a...