My wife and I were gifted a spa day experience on our last anniversary.  Due to being busy with work and recently moving house we had delayed taking up the opportunity until the voucher had less than a month to go of its 12 month life span.

The venue was part of a hotel estate based around an historical house and set in over 40 acres of woodland.  The spa building itself was set in a beautiful walled garden with an indoor and outdoor pool, gym, steam room, sauna… you know, all the stuff you’d expect.  This is a luxury location, featured in those glossy sunday newspaper supplements – we were looking forward to being treated to a lovely day.

The package we had been given provided two treatments each and a lunch.  We booked our day, deciding to take the earlier treatment slots so we could then relax and enjoy the day discovering the features of the spa.

It was an overcast day, but dry and we set off around 8:30 to drive to the hotel.  The entrance was down a sweeping driveway which showcased the location. Set in mature woodlands with the white manor house nestled in a clearing surrounding by the modern lodges which made up the accomodation.  We parked and struggled to find a sign to the spa – a minor cleaning issue obscuring the lettering.  A spritely walk up the hill revealed parking right outside the spa, just no way to know it was there – oh well, never mind, it was a nice trot.

Before I continue with the experience, I’d like to introduce the foundation of the lessons I learnt.

Tags: , , , , , , , ,

Continue reading

Important or Urgent?

We’re all busy. We get that.

At Gydeline we’re still in startup mode so it’s all hands to the pump all the time.

However, we frequently stop to ask whether we are focused on the correct things. Like most other organisations we are guilty of sometimes focusing on the urgent rather than the important.

We’ve put together this very quick video to explain the difference.

Tags: , ,

Insight on . . .PCI DSS

Most organisations receive payments in some manner. Most organisations also rely on credit and debit card transactions to process these payments. It’s therefore important to be aware of the PCI DSS (Payment Card Industry Data Security Standard). Here’s our overview on what it means.

Insight on PCI DSS
Insight on PCI DSS

Tags: ,

10 tips for running your business without injury

Someone once said to me, regarding their injury whilst training for a marathon:

You’re either recovering from the last injury or trying to avoid the next one

Quite a perspective on the ‘benefits’ of becoming fit enough to run over 26 miles.  However, the reason for many of the injuries suffered is that avoiding them takes effort, planning and discipline. So people don’t do it.  There are many reasons a runner may fail to complete a marathon (he says having never had the desire), but an injury could prevent them from even starting or, possibly, ever being able to take part in an event.

Tags: , ,

Continue reading

Change is the law of Life

For a US President who served less than 3 years in office, John F Kennedy is well quoted. He uttered the words “Change is the law of life” in an address in Frankfurt six months before his assassination.

The quote continues:

Change is the law of life. And those who look only to the past or present are certain to miss the future.

Many people ‘hate’ change, resisting it and resenting it.  However, it is an irresistible force in the universe and instead of fighting it we should embrace it.   It’s good to note that JFK’s did not suggest that we shouldn’t look backwards and reflect on the past. He says that to ONLY do so will mean you miss the best of what’s to come.

Just before these words, Kennedy said:

our liberty, too, is endangered if we pause for the passing moment, if we rest on our achievements, if we resist the pace of progress.  For time and the world do not stand still.

Applying the ‘law of life’ to organisations

Consider those words in the context of running or working in an organisation or business.  If a company relies on it’s past achievements, no matter how good they were, it will get left behind.  Think about Nokia before the iPhone or Sony Walkman before the iPod.  So it is essential to keep an eye on what is changing and grab the opportunities.

It’s not just the marketplace that a organisation needs to monitor.  There is a huge number of changes happening to the regulations and standards that apply to businesses.   Looking back longingly at a less regulated, easy-going times is pointless.  Ignoring them could ‘endanger your liberty”.  These changes to the business environment need to be embraced as it reflects the changing marketplace.

To be honest, regulation and legislation rarely comes before it is needed.  It usually comes to plug a hole of which some have unscrupulously sought to take advantage.  So an eye on your ethical stance on opportunities also needs attention.  If an organisation can avoid relying on ‘loopholes’ it is less likely to suffer at the hand of legislator in the future and the workload that brings.

You may be interested in considering some Compliance Predictions to get the change juices flowing!

The future of compliance

We all like to know what the future holds… well, sometimes.  We should all be interested what is going to influence organisations to step up to the challenge of compliance.  So, I checked my guts, a nearby crystal ball and some rare tea-leaves and here are my compliance predictions for the next 12 months.

A more savvy consumer

The recent Data Protection ‘revolution’ has forced organisations to review why, what and how they use personal data. Whilst considering the General Data Protection Regulation and the UK Data Protection Act 2018, companies have had to become more transparent and clear about their activities.  This will appeal to some consumers.  It is another measure which potential customers can use to judge whether they which to use or work with an organisation.

The ethical stance of an organisation is also taking a place in decision making.  Do they use palm oil? Is it plastic and, if so, can I recycle it? Is this locally made? Are workers paid fairly?  These are all questions that are on the rise and influence consumers.

Community groups step up to their compliance challenge

It’s easy to focus on big business as having the largest impact on compliance.  On the other end of the spectrum are small community, not-for-profit groups which have to work with the same regulations but don’t have the resources or capacity.  Many are already realising that they need to give better attention to Health and Safety, Safeguarding and Data Protection and this needs to become the norm.

Whether the ICO would spend any time either enforcing or assisting this type of organisation is yet to be seen.  However, the “more savvy consumer”, especially parents, will force community groups to take some time to focus on these important matters.

The continued rise of the ethical culture

Some larger organisations have already realised that having strong and attractive ethics in a business can drive better employee satisfaction, attract better recruits , help customer retention and deliver sustained growth.  Embedding compliance practices across all staff and down the supply chain takes effort but can significantly improve efficiency, costs and customer experience.

Are we going to see all companies adopt high-brow ethicals policies? Not likely.  Will we see those that take an more ethical approach perform better in the marketplace?  Now that is a possibility.

Use of social media changes

Recent news reports and fines relating to Facebook, the awareness of how social media can use personal data has already started to grow.  Some of my friends are “taking breaks” from certain platforms.  Some are deleting their accounts.  Far too many, who have left their social media accounts untouched for some time, have not reviewed their privacy and security and, therefore, are leaving historical data unprotected.

This is a hope, more than a prediction admittedly, but people should take the time to look at their social network “footprint” and take the time and effort required to make sure their are only sharing posts with those that they want to see them.

As an example, Facebooks facial recognition options is an interesting dilemma. Should you turn it off as you don’t want to provide that kind of processing rights to Facebook? Or should you turn it on and see if there are any undesirable images of you floating around the internet without your knowledge? (Lots of articles on this).

Suffice to say, we are in a period of transition with marketeers trying to access your newsfeed as the platforms implement more stringent measures whilst try to find new revenue from those that used to promote for free through sharing.  Watch this space!

Digital imagery awareness

Infographic: Smartphones Cause Photography Boom | Statista

2018 will see us take 1.8 Trillion images on cameras and smartphones.  Bet you’re in at least one – and if not, you’ll be on CCTV somewhere.  The rise of digital image capture in the context that your image is personal data will certainly need some attention.

If you don’t have permission to publish a picture with someones image in it should you obscure the recognisable features.  Consider that it isn’t just faces, could be a number plate, tattoo or something else that could identify them.

Technologies to address this will need to embedded in publishing sites.  It may also be necessary to take greater care getting consent to use peoples images in marketing campaigns.

You will find more infographics at Statista

Self-preservation still a huge driver

As much as we would like to see organisations becoming ethically responsible and compliance focused, this is unlikely.  Many will continue to do the bare minimum to ensure that they don’t get caught out.  As long as organisations see compliance as a threat and not an opportunity we will perpetuate the self-preservation mentality and miss out on the benefits the alternative brings.

Regulators finding new ways to enforce

Where regulators do not have a regular interaction with a business, such as payroll reporting, then they need to establish different ways to enforce the required standard.

You would expect a regulator to get involved because of an incident or complaint.  However, unannounced ‘spot checks’ due to industry, geography or for training are now on the rise.  With a law like the Data Protection Act 2018, the Information Commissioners Office could employ on-line analysis tools, even Artificially Intelligent readers that could read websites and learn what an adequate privacy notice looks like or if a consent statement is fulfilling the minimum requirements.  That could significantly change the attitude and approach of organisations.

In conclusion

Predictions? Guesses? Hopes?  Probably all covered above.  It is enough to say that the regulatory and standard compliance challenge is not going anywhere.  In fact it is growing on a weekly basis, especially if you include best practice, official guidance, case law and media frenzies.

The question is ” Are you going to embrace it or fear it?”

Change is the law of life. And those who look only to the past or present are certain to miss the future. – J F Kennedy

Got any ethical or compliance predictions I should have included?  Please comment below.

 

Tags: , , , , ,

A cornerstone of good compliance is having credible policies in place.  Policies in which everyone in your organisation believes and understands. The reality, however, is that most policies are not fit for purpose. Many do not meet the needs of employees, the organisation or regulators.  So, what are the enemies of policy?

Having seen huge numbers of policies via our work with Gydeline and with many global multinational organisations, we’ve put together a list of the 5 greatest enemies of policy.

5. An overly verbose introduction

We’ve all been there. We’re told to review or read a policy and the first 2 pages are full or preamble, context and information which may or may not be directly relevant. By the time the readers get’s to page 3 or 4 (where the important stuff is) they’ve often lost interest and the value of having a policy is lost.

Continue reading

Taking a close look at your GDPR arrangements and those of other parties you use

Having well informed employees and stakeholders is a key part of establishing a culture of compliance within your organisation.

Here we discuss training, not just of the GDPR but of the things that individuals need to do on a daily basis to ensure that personal data is treated properly. Doing this will help ensure you meet the GDPR principle of data protection by design and default.

Tags: , , ,

Continue reading

Copyright 2016–2018 Gydeline Ltd

Registered in England & Wales No. 09559617 | 48 St Nicholas Street, Bodmin, Cornwall, PL31 1AG | VAT No: 226 0817 24