January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
As a follow up to our recent GDPR event, we have compiled a few frequently asked questions and answers to help you further understand what is expected when GDPR is introduced on the 25th May 2018.
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
Event partners Ward Hadaway walk us through the latest in data security and protection law with two very insightful presentations delivered across the three events.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
As a follow up to our recent GDPR event, we have compiled a few frequently asked questions and answers to help you further understand what is expected when GDPR is introduced on the 25th May 2018.
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
Event partners Ward Hadaway walk us through the latest in data security and protection law with two very insightful presentations delivered across the three events.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Talk by Polina Zvyagina, Airbnb (San Francisco), at Stanford Engineering on February 25 2019, Session #6: 'Growing ‘Bitcoin Cities’ Across the Globe from Slovenia || GDPR Compliance Case Study || EU Digital Economy Policy'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
General Data Protection Regulation specifies how customers data can be used and protected. The primary objective of the GDPR is to give citizens control of their personal data. Failing to comply with GDPR can cost you 4% of global turnover or €20 million or whichever is greater.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
How GDPR will change Personal Data Control and Affect EveryoneThomas Goubau
The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonisation of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover.
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
This briefing was held as part of User Vision's 'Breakfast Briefing' series in Feb 2018. It looks at what GDPR means for businesses and for the UX of digital experiences.
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
This briefing was held as part of User Vision's 'Breakfast Briefing' series in Feb 2018. It looks at what GDPR means for businesses and for the UX of digital experiences.
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
As stewards of personal data for more than 1.2 million Rotarians and friends of Rotary worldwide, Rotary takes data privacy and protection seriously. To ensure compliance with the European Union's new privacy law, the General Data Protection Regulation (GDPR), we will apply these standards globally. Find out more about these efforts and how they affect data privacy and protection for Rotary.
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
What does GDPR actually mean to you as a business, what are the rights of individuals and how do you have to apply them, around Subject Access Request, Right to Erasure / be Forgotten, Consent and Opt In and Out and Personally Identifiable Information and Personal Data
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
These are the slides used in the presentation I gave alongside Haydn Thomas and Andrew Cross from Lightful.
The presentation was to help charities understand the most pressing implications of GDPR as well from an operational and marketing standpoint.
You can find out more about our organisations here:
https://tech-trust.org/
https://www.lightful.com/
https://www.meetup.com/netsquaredlondon/
Similar to Charity Law Updates for 2018: Making the Most of Change (20)
We are pleased to share this month's edition of the IBB Wealth Magazine. An interesting and helpful read in the current economic climate, covering topics such as pensions, retirement and investments.
IBB Wealth's Guide to the Mini-Budget 2022. IBB Law
IBB Wealth, part of IBB Law LLP, gives a comprehensive guide to the Mini-Budget Growth Plan 2022, following the Chancellor's announcement on Friday (23 Sept), hailed to be a ‘new era’ for the UK economy with the biggest package of tax cuts and reforms in generations.
For more information please contact :
Kellie Lewis, Client Relationship Manager, on 01895 544001 or kellie@ibbwealth.co.uk, or
Graeme Cowie, Director, on 01895 544001 or graeme@ibbwealth.co.uk.
Alternatively please visit www.ibbwealth.co.uk.
Research Statistics 2019: Coercive and Controlling Behaviour in RelationshipsIBB Law
In November 2018, IBB Law commissioned Atomik agency to conduct independent quantitative research amongst 2003 adults (998 women and 1005 men responded) aged 18 - 65 across the UK to assess just how prevalent coercive controlling relationships are behind closed doors, the types of behaviour victims have been subjected to, their awareness about the legislation and any potential barriers they feel to reporting ‘the crime’.
Controlling or Coercive Behaviour in Relationships: Making Legislation Work M...IBB Law
Mention domestic abuse and many will immediately think of visible bruises, scars and marks on a victim. Yet domestic abuse is not only physical. Psychological, emotional and financial abuse are all types of domestic abuse categorised under coercive or controlling behaviour. Each can result in a victim being isolated from their friends and family; being controlled over aspects of their everyday life, such as where they can go, who they can see, what they can wear and when they can sleep; and controlling their finances.
For more information on the topic raised in this report please contact IBB Law's Family and Matrimonial legal experts via the link below:
https://www.ibblaw.co.uk/service/family-matrimonial
Divorce and Matrimonial Team
IBB Law
The Bury
Chesham, Buckinghamshire
HP5 1JE
Tel: 03456 381381
IBB Wealth's Guide to the Spring 2022 Forecast Statement following the update from the Chancellor last week.
An analysis of the key tax changes and outlining the practical implications for you, your family and business.
Statutory Redundancy Payment Calculator (6 April 2019 to 5 April 2020)IBB Law
IBB Solicitors' employment law experts have created a Statutory Redundancy Payment Calculator.
IBB's employment team has employment lawyers who are experts in supporting employees facing redudancy, unfair dismissal or discrimination at work.
For more information please contact our experienced employment solicitors on 03456 381381 or email employment@ibblaw.co.uk.
We are based in Uxbridge, West London and you are free to drop in.
Our employment lawyers can provide you with detailed and up-to-the-minute advice on a wide range of services including:
Negotiating Senior Executive Exit Packages
Redundancy Advice For Employees
Employment Tribunals Claims
Settlement Agreements
Restrictive Covenants Advice for Employees
Wrongful Dismissal
Unfair Dismissal
Constructive Dismissal
Race Discrimination
Sex / Gender Discrimination
If you would like to discuss your employment situation or would like a review of your employment contract then call us today in confidence on 03456 381381, or email your details to employment@ibblaw.co.uk.
Retirement Planning Guide - Life After WorkIBB Law
IBB's Wealth Management Planners have created a new Retirement Planning Guide.
For advice on wealth management and retirement planning as well as other issues such as inheritance tax planning, please visit: https://www.ibblaw.co.uk/service/ibb-wealth
For more information please contact Kellie Lewis, Client Relationship Manager, on 01895 544001 or kellie@ibbwealth.co.uk or Graeme Cowie, Director, on 01895 544001 or graeme@ibbwealth.co.uk. Alternatively please visit www.ibbwealth.co.uk.
The content of the articles featured in this publication is for your general information and use only and is not intended to address your particular requirements. Articles should not be relied upon in
their entirety and shall not be deemed to be, or constitute, advice. Although endeavours have been made to provide accurate and timely information, there can be no guarantee that such information
is accurate as of the date it is received or that it will continue to be accurate in the future. No individual or company should act upon such information without receiving appropriate professional advice
after a thorough examination of their particular situation. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of any articles. Thresholds, percentage rates and
tax legislation may change in subsequent Finance Acts. Levels and bases of, and reliefs from, taxation are subject to change and their value depends on the individual circumstances of the investor.
The value of your investments can go down as well as up and you may get back less than you invested. Past performance is not a reliable indicator of future results.
IBB Wealth has created a guide on planning your retirement.
IBB Wealth are financial advisors who specialise in wealth management for all stages of your life.
We are based in Uxbridge, West London but support clients in Surrey, Buckinghamshire and all surrounding areas.
For advice on retirement planning please visit: http://ibbwealth.co.uk/index.html
IBB Wealth
Capital Court
30 Windsor Street
Uxbridge
UB8 1AB
t: 01895 544 001 / e: info@ibbwealth.co.uk
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
2. C H A R I T I E S A N D D A T A
P R O T E C T I O N :
G D P R
R O S I E B R A S S
S E N I O R S O L I C I T O R , I B B S O L I C I T O R S
3. S U M M A R Y
What is the GDPR?
Terminology
Data Protection Principles
GDPR Myth Busting
What steps should you be taking towards
compliance?
Key Reflections
4. W H A T I S T H E G D P R ?
• GDPR: the General Data
Protection Regulation
2016
• Replaces the Data
Protection Act 1998
• Will apply from 25 May
2018
• UK Data Protection Bill
‘adopts’ GDPR
5. T E R M I N O L O G Y
• GDPR regulates use of information about individuals (‘personal
data’)
• Individuals are referred to as ‘data subjects’
• ‘Processing’ means doing anything with personal data
• Organisation which controls the purposes and manner of
processing is the ‘data controller’
• Organisation which processes personal data on behalf of the
data controller is the ‘data processer’
• The Information Commissioner’s Office (‘ICO’) is the UK
Regulator
6. D A T A P R O T E C T I O N P R I N C I P L E S
• Personal data must be:
• Processed fairly, lawfully and in a transparent manner -
lawfulness, fairness and transparency
• Collected for specified, explicit and legitimate purposes and
not further processed in a way incompatible with those
purposes -purpose limitation
• Adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed - data
minimisation
• Accurate, and where necessary, kept up to date - accuracy
7. D A T A P R O T E C T I O N P R I N C I P L E S I N T H E
G D P R
• Personal data must be:
• Kept in a form which permits identification of data subjects
for no longer than is necessary for the purposes for which
the personal data are processed - storage limitation
• Kept in accordance with data subjects rights – rights of data
subjects
• Processed in a way that ensures appropriate security of the
personal data – integrity and confidentiality
• Only transferred to a third country or international
organisation if the provisions of the GDPR are complied with
- transfers
8. M Y T H 1 : G D P R I S A R E V O L U T I O N
I N D A T A P R O T E C T I O N L A W
“The new regime is an evolution in data protection
not a burdensome regulation”.
(Steve Wood, Deputy Information Commissioner)
9. . . . B U T T H E R E A R E S O M E
R E V O L U T I O N A R Y T R A I T S
• Mandatory for some charities to appoint a Data Protection
Officer
• Mandatory reporting of data breaches to the ICO
• Mandatory Data Protection Impact Assessments in some
circumstances
• Increased data subject rights
• Overarching theme of accountability - requires data controllers
to be responsible for, and demonstrate, compliance
10. M Y T H 2 : G D P R I S M O S T L Y A B O U T
I M P O S I N G H U G E F I N E S
“Thinking that GDPR is
about crippling punishment
misses the
point….Issuing fines has
and always will continue to
be a last resort”.
(Elizabeth Denham, the
Information
Commissioner)
11. M Y T H 3 : Y O U M U S T B E C O M P L I A N T
B Y T H E I M P L E M E N T A T I O N D A T E
• Work on it and get as far
as you can by May 2018
• Put in place plans with due
dates and tasks assigned
• Do not forget about data
protection in June - GDPR
is not a one-off exercise
12. M Y T H 4 : Y O U M U S T H A V E C O N S E N T
I F Y O U W A N T T O P R O C E S S
P E R S O N A L D A T A
Consent
Necessary to fulfil
contract
Legal obligation
Necessary to protect
vital interests
Legal power/public
function
Legitimate interests
13. M Y T H 5 : D A T A B R E A C H R E P O R T I N G
• All personal data breaches need to be reported to the ICO
• All details need to be provided as soon as the breach occurs
• If you do not report a breach in time, a fine will always be
issued
14. M Y T H 6 : I T ’ S J U S T A F U N D R A I S I N G
I S S U E
• Requirements apply to
personal data about
employees, members,
service users etc
• No volunteer exemption
• Must be on the trustees’
agenda
• Need a cross functional
steering group to implement
GDPR
15. M Y T H 7 : A L L I N D I V I D U A L S H A V E A N
A B S O L U T E R I G H T T O B E
F O R G O T T E N
16. W H A T S T E P S S H O U L D Y O U B E
T A K I N G T O W A R D S C O M P L I A N C E ?
Undertake a data audit and mapping exercise
Consider the grounds of processing
Update your policies, procedures and documents
17. K E Y R E F L E C T I O N S
Education on top
of awareness
Principles based
regulation
GDPR is not the
only factor
22. 22
Information Commissioner’s Office and Fundraising
Background
Following complaints in July 2015, the ICO investigated a number
of charities’ use of personal data in fundraising
13 charities were fined between £6,000-£18,000 in December
2016 and April 2017.
The ICO identified three issues where charities had not informed
data subjects of how data would be used:
Sharing with other charities
Data-appending phone or full address information
Automated profiling to deselect less wealthy individuals
Data-sharing has now largely ceased
Charities need to improve Privacy Policies and notify data subjects
about data appending or reviewing wealth potential at data capture
23. 23
Decide the purpose for data processing
There are six conditions to choose from:
1. Consent
2. Necessary for contract
3. Legal obligation
4. Vital interests
5. Lawful authority, in the public interest
6. Legitimate interest
The same data may be processed at different times under different
conditions, but a condition must be chosen every time.
24. 24
I hereby confirm my understanding of and acceptance of the following information.
Donningly Council (the 'Council') will utilise the personal data I have provided in this
form and via any evidence I have submitted in support of my claim in order to process
my claim for housing benefit, council tax benefit, both of these or other applicable
benefits which may be available to myself in accordance with the Council's personal
data usage policies. The Council may check the personal data against other sources
within the Council and other relevant third party public sector organisations as
necessary in order to prevent and detect crime, protect public funds and make sure
the personal information is accurate. The Council may also require to check personal
data I have provided, or information in relation to myself, which has been provided to
the Council by a third party with other information held by the Council. The Council
may also get information about me from third parties or give information about me in
accordance with the law. For the purposes of the Data Protection Act 1998 the data
controller processing your personal data is Donningly Council. The Council processes
all personal data in accordance with the Data Protection Act 1998 and the law.
Having read and understood the above information I hereby provide declaration that
the data on this form is correct and comprehensive and understand that if I give the
Council information that is incorrect or incomplete the Council may commence legal
action against me potentially leading to or including court action.
Language should use Plain English
25. 25
Do everything with GDPR in mind
1. Privacy is the default
2. Privacy is embedded into design
3. Full functionality
4. End-to-end security
5. Visibility and transparency
6. Respect for user privacy
Data Protection by Design
26. 26
Report a breach within 72 hours, if delayed you must explain
why.
Your ICO Report should include:
• nature of breach
• number and categories of subjects
• number of records
• provide the name of your DPO
• likely consequences of breach
• measures already taken to mitigate the breach
But report not required if unlikely to cause prejudice to subjects’
rights and freedoms.
If the breach doesn’t justify reporting to the ICO, detail it in the
internal breach log.
Security and avoiding breaches
28. 28
Undergo an Information Asset Audit
Review Policies and Procedures
Review Privacy Notices
Commence Data Protection Impact Assessments
Review Security measures
Consider Subject Access rights
Review use of CCTV, biometric data, etc
Decide whether to appoint a Data Protection Officer at board
level
Consider conditions for communicating to supporters and past
supporters
Implications for voluntary sector
30. 30
Data protection landscape in 2023
In five years time…
• Some significant fines for commercial companies?
• Small organisations stung for lack of awareness and
compliance
• Increased awareness of risk in data management
• The media and public more aware of their data rights
• An expectation for granularity of communication choices
• Increase in number of subject access requests
• Lower tolerance for unsolicited emails, calls or texts
• Increase in unaddressed mail
• Reduction in size of charity mailing lists
• Great examples in not-for-profit world of honest, open
communication
31. 31
Kingston Smith services
KS ClearComm
GDPR compliance review
Outsourced Data Protection Officer role
GDPR compliance training
Kingston Smith Fundraising and Management
Full fundraising governance briefings to governors
Fundraising governance audits
Fundraising policies and procedures audits
Support to use GDPR to improve fundraising processes
Mark Burnett, Head of Privacy, ClearComm, mburnett@ks.co.uk, 07817 779006
Dan Fletcher, Director (Fundraising), KSFM, dfletcher@ks.co.uk, 020 7566 3826
32. 32
Charities Update 2018 – Making the most of
change
Mahmood Ramji
Luke Holt
NFP Partners
23 January 2018
34. 34
Charities Update 2018 – SORP (again!)
SORP clarification paper issued in April 2017
Key areas: -
- Confirmation of comparatives required (net
assets by fund)
- Clarification of Eers NI in relation to key
management disclosures
No new SORP for 2019
Expect to be a further “Update Bulletin in 2019” due to FRS
102 triennial review
Next SORP expected to be 2022
36. 36
Charities Update 2018 – Charity Fraud
Former Mencap PA pleads guilty to fraud at Crown
Court
Former chief of education charity on trial for alleged
fraud
Charities 'lose hundreds of thousands to fraud each
month'
823 employee frauds against charities in last 6
months
“ActionFraud”
Former chief executive of Birmingham Dogs Home
and his wife admit £900,000 fraud
Recent headlines
37. 37
Charities Update 2018 – Charity Fraud
In 2006 Assoc of Chief Police Officers - £0.5 billion
In 2010 National Fraud Authority AFI - £0.75 billion
In 2012 National Fraud Authority AFI - £1.1 billion
In 2013 National Fraud Authority AFI - £1.17 billion
In 2016 National Fraud Authority AFI - £1.9 billion
2017 Early indications suggest £2.3 billion (£400m inc)
Some 2.5% of the estimated value of the sector
For frauds identified, average losses are 5.6% of
expenditure!
38. 38
Charities Update 2018 – Charity Fraud
“There are only two types of organisation. Those
that have been hit by fraud, and those that are
going to be."
Alan Bryce, Strategic Counter-Fraud Lead, Charity Commission
39. 39
Charities Update 2018 – Charity Fraud
Don’t be complacent – it can and will happen
Charities are an easier target:
– Use of volunteers
– Culture of openness and trust
– Separation of trustees and operational team
– Small operational team/finance function
– Income streams are often less predictable
– Partnership working and reliance on others
– Resource strapped (people and money)
40. 40
Charities Update 2018 – Charity Fraud
Common frauds and controls to protect against
–Supplier mandate fraud
–Batch supplier duplication
–Procurement fraud
–Fraudulent staff costs
–Cyber fraud – email takeover
42. 42
Charities Update 2018 – Cyber Fraud
How it happens?
Ineffective information security governance
Poor access controls
Identity details not held securely
Weak data and data management controls
Vulnerable applications
Penetrable website
Inadequately controlled accounting systems
End-user computing weakness e.g. uncontrolled
critical spread sheets
43. 43
Charities Update 2018 – Cyber Fraud
How to protect against?
Technology protection
Information security governance
Access management
Identity management
Data encryption
Secure data warehousing, storage, classification
Automated application controls
Vulnerability/penetration testing
Exception and user access reporting
44. 44
Charities Update 2018 – Cyber Fraud
Just starting out on cyber fraud controls?
Review access privileges
Risks of data theft – email, usb, cloud storage
Revise and re-publish information security policy
Re-train staff
Test staff responses to “phishing” e-mails
Initiate regular penetration tests
Review third party contracts and controls
Consequences/established internal process for
breaches
47. 47
Charities Update 2018 – Lords Select Committee
Lords Select Committee on the Charity
sector
Trustee Skills
Diversity and turnover
Payment of Trustees
Funding for “core costs”
Impact reporting
Volunteers
Regulation by the Charity Commission
48. 48
Charities Update 2018 – the Charity Governance Code
Charity Governance Code – there have been 3 issued in the
last twelve years (2010 was the second edition) – Jul 2017
Developed by a broad steering group of sector specialists
Latest edition has raised the bar in response to the challenges
that the sector has faced over the last two years
Follows a “foundation principle”, matched with seven key
principles
Each principle then explained by a rationale, key outcomes and
recommended practice
Smaller and larger code for the first time
“Apply or explain” not “Comply or explain”
49. 49
Charities Update 2018 – the Charity Governance Code
Principle One – Organisational purpose
Principle Two – Leadership
Principle Three – Integrity
Principle Four – Decision making, risk and control
Principle Five – Board effectiveness
Principle Six – Diversity
Principle Seven – Openness and accountability.
50. 50
Charities Update 2018 – Why does Governance matter?
Avoids the inefficient Board of Trustees:
51. 51
Charities Update 2018 – new areas of the Governance Code (Larger)
Mergers and collaborations
Nine year maximum term for Trustees (unless explained)
Openness on Senior Staff salaries
Being risk adverse recognised as a risk in itself
Board review annually, external review triennially
Board size (generally 5-12 seen as best practice)
More emphasis on the role of the Chair & Vice Chair
Increased oversight of subsidiaries and third parties
Registers of interest, hospitality and gifts amongst others
Impact reporting throughout
Wearing two hats – Trustee and general volunteer
52. 52
Charities Update 2018 – Governance reviews by Kingston Smith
The 3rd edition of the Code represents an excellent
time to review your Charity’s governance structure
Review against the Code (7 principles in general)
Details review using the Code framework (including deep
dive into 2 code principles in more detail)
A “full” governance review including Terms of reference,
mem & arts, standing orders and interviews etc
53. 53
Charities Update 2018 – Independent examinations (CC32)
Summary of changes (CC32)
Additional information/new requirements in relation to:
Provision of other services
Reserves policy
Going concern
Related party transactions
Independent examination of groups
Correcting accounting records
All new reporting format (including qualified)
Already applicable – for all reports signed from 1/12/17
55. C H A R I T I E S A N D T H E I R
R E G U L A T O R :
N E W P O W E R S A N D R E C E N T
A C T I O N
P A U L R I D O U T
P A R T N E R , I B B S O L I C I T O R S
56. S U M M A R Y
The objectives of the Charity Commission
The Commission’s regulatory approach
When will the Commission get involved?
What are the Commission’s priority areas?
What powers does the Commission use?
What are the latest regulatory hot topics?
57. T H E O B J E C T I V E S O F
T H E C H A R I T Y
C O M M I S S I O N
promote
compliance
public benefit
public trust
and
confidence
effective use
of resources
enhance
accountability
58. T H E C O M M I S S I O N ’ S
R E G U L A T O R Y
A P P R O A C H
Promoting
compliance
with legal
obligations
More rigour
in holding
charities to
account
Upholding
definition of
charity
More
public
trust and
confidence
59. W H E N W I L L T H E
C O M M I S S I O N G E T
I N V O L V E D ?
Do we need
to get
involved?
What is the
nature and
level of risk?
What is the
most effective
response?
60. W H A T A R E T H E
C O M M I S S I O N ’ S P R I O R I T Y
A R E A S ?
fraud and financial abuse
safeguarding
terrorism
other non-compliance that damages
public trust and confidence
61. W H A T P O W E R S D O E S
T H E C O M M I S S I O N U S E ?
E X I S T I N G
P O W E R S
information or documents
suspend trustee/employee
freezing orders
restricting transactions
appoint interim managers
removing trustee/employee
directions
schemes
62. N E W
P O W E R SJuly 2016
remove a trustee who is disqualified, but still holds office
consider conduct by a trustee outside the charity that is under
investigation
remove a trustee who resigns
extend the suspension of a trustee
direct that certain actions should not be taken
direct the winding up of a charity and transfer of assets to
another charity
October 2016
• discretionary power to disqualify a person from trusteeship
64. S O M E R E C E N T A C T I O N S
Catalyst Trust
“doubtful accuracy” in accounts
Loans to connected parties
Non-cooperation with Commission
Cup Trust
£46 million Gift Aid claim
Discretionary disqualification
65. S O M E R E C E N T A C T I O N S ( c o n t ’ d )
National Hereditary Breast Cancer Helpline
• Charity at risk of financial distress
• Shops running at a loss
• Unauthorised payments to Chair
• Official warning issued
66. C O N T A C T U S
Paul Ridout, Partner
T: 01895 207862
E: paul.ridout@ibblaw.co.uk
Rosie Brass, Senior Solicitor
T: 01895 207290
E: rosie.brass@ibblaw.co.uk
IBB Solicitors
Capital Court
30 Windsor Street
Uxbridge
UB8 1AB
Editor's Notes
Much better than its previous version
Foundation principle is that Trustees will look for best interest of the charity, understand their role in the charity and public benefit.
Smaller is for those outside the audit threshold (£1m income or less) – so not applicable to RNRMC (larger code needed)
Just guidance (allbeit the Charity Commission is supporting it by removing CC10, its own Governance guidance), it is NOT LEGALLY BINDING, hence apply or explain not comply or explain.
Seven principles, many of which we will delve into in more detail this afternoon.
Those in red – Effectiveness, openness and accountability (I think are those that most closely resemble the basis for your discussions during your morning session, so I will not be spending any time on those areas this afternoon).
There will be some cross over with this morning, but I know that you used the NCVO governance wheel (which is loosely based on the old 2nd edition code), so there are updates in this third code and also brand new areas that require consideration.
So why do people like myself and many others believe in good governance being of Paramount
Any of your who have seen me present before – know that I like an elaborate cartoon representation for comic effect – so here is this afternoons!
But seriously – obviously this is an exaggeration, but I bet if I started to explain some of the characteristics of some of these Board members, I’d start to ring some bells around the room, or even start to get some heads nodding (for those of you who are brave enough!)
The Politician – Loud, opinionated and always the first to claim their expenses?The Naysayer – we can’t possibly do that, No no noThe know all – my way or the highway, the “king or queen of the Veto”
The historian – never without a pair of rose tinted glasses.
The truth is that there is probably parts of each of the above in many of us, but governance is about working together, collectively to deliver a charitable mission.
Embracing the different personalities and using those to your advantage – to grow and develop
Mergers and collaborations
Nine year maximum term for Trustees (unless explained)
Openness on Senior Staff salaries
Being risk adverse recognised as a risk in itself
Board review annually, external review triennially
Board size (generally 5-12 seen as best practice)
More emphasis on the role of the Chair & Vice Chair
Increased oversight of subsidiaries and third parties
Recognised as being aspirational – continued improvement
Mergers and collaborations
Nine year maximum term for Trustees (unless explained)
Openness on Senior Staff salaries
Being risk adverse recognised as a risk in itself
Board review annually, external review triennially
Board size (generally 5-12 seen as best practice)
More emphasis on the role of the Chair & Vice Chair
Increased oversight of subsidiaries and third parties
Recognised as being aspirational – continued improvement
Mergers and collaborations
Nine year maximum term for Trustees (unless explained)
Openness on Senior Staff salaries
Being risk adverse recognised as a risk in itself
Board review annually, external review triennially
Board size (generally 5-12 seen as best practice)
More emphasis on the role of the Chair & Vice Chair
Increased oversight of subsidiaries and third parties
Recognised as being aspirational – continued improvement