GDPR (or the General Data Protection Regulation) is a hot topic at the moment as many organisations begin to prepare for the changes, which will be coming into force next year. The GDPR looks to provide better protection to data subjects (you and I) in a fast-paced digital world where data is king.
The new regulation will supersede the current Data Protection Act and builds on the existing legislation. The way in which organisations use data has changed so much over recent years, and the new approach will modernise the way data is handled and bring this into the 21st Century.
We’ve rounded up some of the key facts about the GDPR which you may need to consider before beginning to implement any changes.
Unicorn’s Top 10 GDPR Facts:
- The new regulation was introduced in 2016, however organisations have until 25th May 2018 to be compliant
- GDPR will look to change the way organisations collect, store, process and protect personal information for their clients, employees and customers
- Leaving the EU will have no impact on whether or not the GDPR regulations come into force, special considerations need to be made for companies trading internationally
- The GDPR applies to all companies across the globe who process personal data of EU citizens
- DPA consent isn’t enough. As stated in article 4 of the GDPR “…any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed”. This means customers will need to opt into an agreement voluntarily with an organisation, which has been clearly explained and states how data will be handled, there must not be an automatic enrolment where customers have to opt out
- Accountability is key, organisations will need to understand any risks they create for data subjects and mitigate those risks. There will need to be a better approach to governance and compliance with robust processes in place
- Organisations will need to have a dedicated Data Protection Officer if they fall into the following categories: a public authority, carry out large scale tracking or carry out large scale processing of special categories of data or data relating to criminal convictions and offences
- Mandatory privacy impact assessments (PIAs) will be introduced, meaning data controllers will need to conduct PIAs where the risk of privacy breaches is high to minimise any risks to data subjects
- Data breaches will need to be notified to the local data protection authority within 72 hours of it being discovered, organisations will therefore need to ensure their technology and employees are able to detect these breaches effectively
- The way in which data can be held by organisations is changing. GDPR means companies can only keep data for as long as it remains absolutely necessary and can only use the data for the original purpose it was collected. If companies wish to use it for a different purpose they will need to obtain permission from the data subject. Data subjects also have the right to be forgotten, which means they can ask to have all of their data deleted, which must be adhered to
Is your organisation preparing for the GDPR? The Information Commissioners Office (ICO) have prepared a helpful 12 step checklist to help you prepare now, which is available here. We are also here to help you and your employees through this change with our new learning pathway which will be added to our Governance, Risk and Compliance eLearning library in August 2017, further information available here.
Although it still feels like 2017 has only just arrived, we’re very nearly into May, which means it’s time for our next Client Forum!
Thanks to a brand new structure (and a little help from a beautiful City venue) our Autumn Forum in October last year was by far our best to date, and we can’t wait to share what we’ve been up to since then.
As part of our commitment to great customer support, we believe it’s important to keep running these forums in order to give you the chance to hear about new products and services, industry trends and future developments first hand. With this in mind, the next Unicorn Client Forum will be held on Thursday 8th June, at the O2 Intercontinental Hotel, 1 Waterview Drive, London.
The Summer Forum will offer a range of sessions from our Senior Relationship Management Team, Product Managers, Executive Team, Clients and Special Guests (keynote). Following the launch of our Learning Ecosphere whitepaper at Learning Technologies back in February, we will continue to address themes of new technology, engagement and changing behaviours in corporate learning.
Throughout the day we will also be offering sessions on Cyber Awareness, GRC (including T&C, GDPR and MiFID II) and showcasing our brand new reinforcement app, Minds-i, following its official launch at ATD in Atlanta.
A full session breakdown and registration portal will be available this week and can be found by contacting your Unicorn Relationship Manager, or the Marketing Team.
**Please note that we will be starting this event late morning to allow you time to vote in the UK General Election. We will have a live feed throughout the day, and anyone concerned about timings can still register for a postal vote by following this link.**
Unless you’ve been living under a rock for the past few weeks, it’s likely that you’ll have come across the ‘Learning Ecosphere’ in some capacity. Launched at last month’s Learning Technologies show, this brand new concept seeks to reimagine the relationship between traditional and new learning methods – and offers businesses the chance to better understand how they can embrace both in order to strengthen their overall learning strategies.
Here, Mark Jones – Commercial Director of Unicorn – gives a brief overview of the Learning Ecosphere concept:
Don’t forget, you can still get your free copy of the Learning Ecosphere Whitepaper here.
Simon Mercer, Unicorn ComplianceServe Product Manager, and Julia Kirkland, Partner at FSTP, presented a recap on what’s happened so far, looked ahead to what are going to be the hot regulatory topics over the next 12-18 months and answered the biggest question of all, how on Earth are we going to do all this?? Julia even sang a little bit. It was beautiful.
Anyway here are the top five takeaways on compliance training and where we go next…
The Senior Managers Regime and accountability will remain firmly on agenda – last week the FCA fed back on the first tranche of it accountability regulation, which took effect in March, stating that many firms have misunderstood the guidance. In a nutshell, the screw is going to keep turning. With 55,000 more firms due to come under SMR by 2018, Julia’s key message to anyone still grappling with the challenges of SMR was do not put it in compliance or HR! It has to be championed by a Senior Manager and driven from the top down. The good news is the FCA is suggesting there won’t be a ‘big bang’ on the next tranche of SMR and Certification implementation, but as we’ve seen from the first phase a year’s gap is nothing in these terms. Which brings us neatly to…
How are you bench marking people ahead of the Certification Regime? – firms who have already had to adhere to SMR regulation only have until next February – that’s five months – to put a robust certification process in place. In a quick show of hands amongst the delegates in the room, only one firm who had moved over SMR had already got their certification regime running. Under certification you are asking people who weren’t previously approved persons to take on more responsibility, knowledge etc, so how are you benchmarking these people? What competencies and/or qualifications are you using as a baseline? What are the KPIs and the core competencies required for a role? How are you going to issue that individual with a certificate? And remember the Senior Manager has the ultimate responsibility for saying they’ve signed that person off. It’s a big deal.
What’s hot in 2017 and what’s relevant to you – Julia outlined how she and her FSTP colleagues had trawled through the FCA’s annual risk documentation and picked out what they believe to be the 12 biggest areas of interest over the next 12 months. She did threaten to rap at this juncture also…regardless this is the list.
- Conduct risk
- MiFID II
- Transaction reporting
- Certification Regime
- Business strategy and stress testing
BUT (and note the capital letters), even though some will be more relevant to certain businesses than others, the majority are interdependent on each other. They cannot be taken in isolation.
Modernising your learning approach – in the past we have dealt primarily with compliance departments, but this is changing. Within the L&D community learning is being modernised to move from push to pull learning and getting to point where learners have access to resources and tools to pull as well as utilise what’s pushed to them. This includes introducing more elements of microlearning, in bite-sized chunks that is much more informal and on demand in line with the 70: 20: 10 approach to learning. Unicorn’s eCreator authoring tool, built into ComplianceServe, has got a really significant role to play in this. In fact, by Christmas all existing ComplianceServe content will have been re-developed in eCreator, with the smaller chunks of micro learning, to follow. The benefit? By downloading the SkillsServe app learning can take place offline to sync when back online.
There is a brand new generic T&C system now built in to ComplianceServe – we’ve been building and integrating custom T&C systems and functions for clients for a long time but now there’s a generic version for smaller organisations to make use of. This includes:
- T&C Guidance – regulation is only going way way, there will be an ever greater need to evidence competency. Guidance is all about what does T&C mean for an organisation, how do you create a T&C scheme in the first place, what things need do you need to set up a T&C system in ComplianceServe
- Pre-defined forms and workflows
- Offline forms – there is too much to do online for some things. Can be completed, scanned and attached as part of site.
- Pre-built pathways – for e.g. monthly one-to-ones, quarterly action plan and final sign off, can be assigned to both regulated and non-regulated staff (couple of forms different)
With the introduction of the new Accountability Regime, the need for effective training and robust processes for evidencing competency has never been greater. Here, we share 3 quick top tips about how to get ahead under the new accountability regime:
1. Microlearning changes behaviours
Changing behaviours is about embedding good practice in people’s day to day activities. Don’t view training as a one-off event; give your employees a variety of easily-digestible learning activities all year round to provide reinforcement and continual improvement
2. Recognise that ‘one size’ doesn’t fit all
Your employees will have differing levels of knowledge, skills and expertise, so don’t treat them all the same the same when it comes to training. Use diagnostic assessments to identify individual knowledge gaps and provide tailored learning pathways to maximise employee engagement and minimise wasted time.
3. Introduce firm-wide CPD
Try introducing a formal Continual Professional Development (CPD) scheme to provide a practical framework to ensure development is addressed in a structured way. Enabling employees to track all their learning activities against the CPD scheme gives visibility of personal progress, improves motivation and provides a comprehensive audit trail.
Got your own smart tips for evidencing competency? We’d love to hear them! Leave us a comment below…
Yesterday we welcomed some 60 guests from across L&D, Training T&C and Compliance to the Oval for our 2016 Unicorn Spring Client Day.
But what particularly tasty morsels did we all leave to chew on? Here’s a quick look at 5 things we learned…
1) You don’t need to be Walt Disney to include animation in your learning
With an A3 pad, a few Sharpie markers, an iPhone recording on a two-second time lapse, a tripod and a fairly simple bit of editing software it was demonstrated how it was possible to bring a learning storyboard to life through simple hand drawn animation.
Animation can bring a different, often less polished and more ‘authentic’ feel, to a scene you’re trying to set, perhaps as an intro at the start of a learning programme or induction.
Using hand drawn imagery and limiting text to the use of a few key words, the pictures creates an instant, meaningful connection with the viewer and will linger much longer in the mind than being forced to read a 1,000 word flat text document explaining the same thing. Why PDF it when you can animate it instead? Your learners will thank you we’re sure 🙂
2) How many ‘mobile moments’ do you have in a day?
Apps were a big discussion point. There was a very apparent appetite to give learners ever increasing flexibility in taking ownership of their own learning and mobile technology was seen as the answer.
Fortunately we agree! This is why we’ve introduced our SkillsServe app in addition to the CPD app and the forthcoming Learning Lounge app.
Mike Hawkyard, Amuzo Games MD, explained how our day is now made up of mobile moments and that society’s behaviour in this country is now to pull your phone out of pocket for 2-3 mins at a time, all the time.
People tend not to sit there for 30 minutes using their phone so when your learner is sat on a train or bus faced with so much choice as to which app they are going to open how do you make sure it’s yours? Mobile learning app games, embedded with one core message, can be a very powerful solution.
3) The best learning games are when games are the learning
Everyone knows games and gamification are probably the the hottest issue in learning right now but understandably the fear of the unknown still remains, especially in the financial sector. You don’t want your learners playing car racing games all day when they should be working, do you?
Peter Phillips, Unicorn CEO, showed examples of how game principles can really enhance engagement in learning but, critically, how you stop them tipping into the distraction zone.
Peter said one of the really important things about getting best out of games for learning is that the learning IS the game. The very best learning games have the game and learning the same thing. Using a matrix with ‘learning’ on the vertical axis and ‘engagement’ along the bottom he showed that where you get great learning and great engagement you get great learning games.
Have you read our ‘The Future of Game-based Learning’ white paper? Download it here now.
4) Client feedback helps drive platform development
Ok it sounds all a bit fluffy but we genuinely couldn’t keep evolving SkillsServe in the way that keeps it at the forefront of learning and development delivery if you didn’t tell us what you think, good and bad.
As Mark Jones, Unicorn Commercial Director, highlighted as he ran through the ‘what’s new’ and ‘what’s coming’ bits, many of the features that have been developed or are in development have come about because as a sector you’ve told us you want them.
You can read the full list at our live Client Day blog here – Unicorn Spring Client Day – but if we tell you graphical reporting and an MI dashboard, multi-language reports, diagnostic tools and a SkillsServe app are all recent additions, you can get the sense of the kind of stuff we’re talking about. Stuff that really makes a difference to your everyday working practices.
Don’t forget the SkillsServe blog where all the latest updates and roadmaps are posted – SkillsServe blog
5) The 21st Century still hasn’t arrived in some firms
We get super excited about all the cool ways new technologies can help us to deliver more effective, engaging learning experiences, but client day served as a timely reminder there is still a huge discrepancy in what some firms are able to deliver that others aren’t.
Whether it’s down mindsets, IT or a combination of both, while some firms can’t wait to bring the latest in learning technologies to their employees others have a reticence to step outside of the traditional. Despite the compelling evidence for the use of video in learning, for example, even getting that allowed is a battle some are still yet to win.
We know there are dedicated people in L&D, T&C and compliance working to educate and inform key individuals further up their company food chain as to what’s possible and how it can impact, but for many this remains a delicate, softly softly approach sometimes involving whole cultural change.
In the meantime we have to keep delivering what they need in the way they need it too.
The objective is to continue to help firms bring about genuine cultural and behavioural change and more effectively meet their regulatory obligations.
The FCA’s new accountability regime for banks, building societies, credit unions and designated investment firms, which came into force last month, again brought into focus that the need for effective training and robust processes for evidencing competence has never been greater.
This is why ComplianceServe has been enhanced and given a new look and feel, to help firms embed the knowledge and understanding of why this regulation matters and drive the behavioural changes that will lead to better outcomes for customers.
At a glance
- ComplianceServe’s fresh new appearance reflects the latest thinking in user experience.
- It is easier and quicker for employees to find the right learning and create personalised training plans.
- ComplianceServe’s new integrated CPD system automatically tracks completed online learning against a generic scheme based on FCA guidelines. It also allows the recording and tracking of other CPD activities such as face-to-face training, attending conferences or accredited body events, research and reading.
- Over the past six months, with the support of industry partners including FSTP and the British Bankers’ Association (BBA), 11 new eLearning pathways have been added to the ComplianceServe library to help firms respond to regulation.
- The new ComplianceServe also provides on-demand refresher training, using highly visual PDF summaries, to overcome the infamous ‘forgetting curve’.
Simon Mercer, ComplianceServe Product Manager, explains: “The new regulation has not only challenged firms to improve their compliance training practices but also provide robust evidence of their employees’ competency at whatever level they work. Staff must really understand what the regulation means and how to apply it and firms must be able to prove they can.
“The key is delivering personalised, ‘snackable’ chunks of learning on demand from their device of choice, while highlighting the potentially serious consequences of non-compliance for employee and employer. It lets them ‘fail’ in a safe environment where they can learn from the experience.”
The 11 new eLearning pathways immerse learners in realistic scenarios relevant to their job roles, with the opportunity to make decisions and see the consequences in a way that shapes new behaviours. The eLearning features various bite-size learning activities, including teaser videos, case studies and quick summaries, which all contribute to elevated engagement levels, knowledge retention and cultural change.
Simon adds: “We know new knowledge is rapidly lost if it’s not applied quickly following a training intervention and where there is no regular reinforcing activity. Instead of the once a year ‘sheep dip’ approach, ComplianceServe allows firms to push short bites of learning, tests and refreshers to learners on a regular basis to ensure understanding improves over time, behaviours change and culture shifts.”
New ComplianceServe learning pathways include:
• The new Regulatory Framework in Banking
• Conduct Rules
• Senior Managers Regime
• Foreign Tax Compliance Act 2010 (FATCA)
• The basics of CASS (Client Assets Sourcebook)
• Consumer Credit – Handling Arrears
• The Certification Regime
• Three Lines of Defence
• Vulnerable Customers
• Transaction Reporting
In 2016 Unicorn’s learning and performance platform, SkillsServe was ranked the world’s top LMS for the financial sector for the second successive year, and fourth overall across all sectors, in the Top 50 LMSs Report 2016*. For more information about ComplianceServe visit www.unicorntraining.com/complianceserve
* This report is compiled annually by Craig Weiss, named as the most influential person in the world for eLearning for the past two years.
Unicorn Training, one of the UK’s longest established and most respected online learning companies, has reported record sales and growth of a third in 2015.
Unicorn sales have exceeded £5.6m (US$8.5m), a 33% rise on 2014, in this calendar year, with more new customers won than ever before as well as the company achieving double-digit growth in recurrent revenue from a loyal customer base.
In 2015 Unicorn’s online learning and performance platform, SkillsServe, was ranked the world’s number one LMS for financial services and fifth overall, and Unicorn will be marking its record year on Stand P14 at the Learning Technologies 2016 conference and exhibition at Olympia on Wednesday 3 and Thursday 4 February.
Peter Phillips, Unicorn co-founder and CEO, said: “Over the past 12 months we have seen sustained growth in demand across all our main activities; platform, bespoke content development and our off-the-shelf compliance library.
“This is particularly true in our core sector, financial services, where demand for high quality regulatory and compliance training, together with increased awareness of the risks of cybercrime, are being driven by rigorous, new UK regulatory standards.”
Unicorn is uniquely positioned to offer turnkey solutions, combining SkillsServe’s sector-leading features with relevant and up-to-date content and outstanding instructional design, backed by long-standing partnerships with such industry bodies as the Chartered Insurance Institute (CII) and the British Bankers Association (BBA).
In addition, having acquired a strategic stake in the world class games studio, Amuzo, at the end of last year, Unicorn is also able to meet the growing demand for mobile just-in-time learning, serious games and on-demand video content.
Peter added: “Looking ahead to 2016, I believe this robust and scalable business model will continue to generate strong growth in our core business.
“Add to this the exciting new opportunities opened up through our partnership with Amuzo and for a company whose purpose for over 25 years has been to provide great learning experiences through the innovative use of technology, these are exciting times.”
For more information about Unicorn Training visit www.unicorntraining.com and to come and see us at Learning Technologies 2016 register for free entry to the Learning Technologies and Learning and Skills 2016 exhibitions and seminars at www.learningtechnologies.co.uk
The new Accountability Framework in banking is one of the hottest topics in the FCA regulated world – with less than 6 months until the deadline Unicorn Product Manager, Simon Mercer, explains how Unicorn’s union with FSTP is helping firms rise to the challenge.
When the FCA launched its 2015-16 Business Plan in March, all eyes inevitably looked straight at the deadlines.
‘Senior Manager’s Regime’, ‘MiFID II’, ‘Mortgage Credit Directive’, ‘Certification Regime’, ‘Code of Conduct’ etc are all major changes to the regulatory framework, with even greater consequences and sanctions for non-compliance.
But, as usual, the deadlines are tight, for example, the new accountability framework for individuals in banks, building societies and credit unions comes into force on 7 March 2016 – now less than six months away.
Earlier this year we joined forces with leading financial services consulting and training specialists, FSTP, to bring a more targeted and streamlined approach to compliance for FCA regulated firms.
Now, with FSTP’s help, we’re adding new eLearning titles to our comprehensive compliance training solution, ComplianceServe, to help organisations embed the cultural and behavioural changes demanded within the new framework.
When it comes to the Accountability Framework there are four supporting courses…
- An Introduction to the New Banking Regime
- An Introduction to the New Senior Managers Regime
- The Certification Regime
- The New Code of Conduct
These titles are designed to meet the demand for ‘snackable’ chunks of learning that can be digested little and often, for a more pervasive learning experience that supports the goal of continuous learning.
Learners have to understand and, most importantly, value the possible implications of their actions in terms of how it affects their promotion prospects, earning power, professional reputation and personal pride. This is why compliance should be treated as part of, not in isolation to, an individual’s whole career development plan.
The by-product of this is the benefit it brings to your business, both commercially, and with regards to regulatory compliance when the FCA calls.
All of these new titles are being added to the ComplianceServe library at no additional cost, and like all our compliance titles, we’ll continue to update them in line with ongoing changes in the regulations.
Utilising FSTP’s capabilities in instructor-led training, we’re also able to provide our clients with a truly blended approach – combining our eLearning modules with face-to face-workshops – for the more complex and risk laden roles i.e. Senior Manager and Senior Responsibility function holders.
Want to know more?
ISO27001 is the only auditable international standard defining requirements for an Information Security Management System (ISMS), to help organisations manage and protect valuable information assets and to give customers complete confidence they are dealing with a robust and secure business, especially key in financial services.
Unicorn first received ISO certification in 2011 and this year saw the business transition to the new ISO27001:2013 standard from the previous ISO27001:2005 benchmark. This new standard has been brought in to reflect the changing demands of IS security in the face of challenges and threats that did not exist in 2005.
This is the last year that firms can get the old standard – all ISO27001 audited businesses have to upgrade to the new standard but Unicorn opted to get ahead of the curve by upgrading a year early. Find out more about ISO27001:2013 here.
In the report Unicorn was commended on the quality of its Information Security Management System and how a process of continual improvement and excellent visibility of incidents is in place, along with improvements with good processes around HR, IT and hosting, and KPIs and management information within this area.
To get ISO27001 certified means reviewing and often improving every aspect of how you operate and includes identifying and mitigating potential vulnerabilities and risks, ranging from recruitment, identifying IT vulnerabilities to ensuring you have a robust business continuity plan.
To maintain certification for ISO27001 requires monthly security audits and annual external assessments.
Stuart Jones, Unicorn Training’s Director of IT, said: “This is a nice procedure to go through once a year because it shines a light on a lot of the hard work that goes into our processes and systems which don’t all get seen by staff or customers but are essential to our ability to grow the business operationally and ensure we continue to deliver the highest levels of information security for clients.”
ISO27001 is made up of 10 detailed control disciplines including information security policy, security organisation, asset classification controls, personnel security, physical security, communication management, access controls, system deployment, continuity planning and compliance.