TeamKinetic

Build better volunteer communities with FREE volunteer management software

Author: Chris Martin (Page 1 of 10)

Understanding the Good, the Bad and the Ugly of the internet for volunteer managers

TeamKinetic believes that the internet has the potential for transformation in our world comparable to the Gutenberg’s printing press , but if the last few years have taught us anything, it’s that the internet reflects both the very best and very worst of human nature. What do volunteer managers need to know about the internet to keep their volunteers safe?

I’ll provide some useful resources to give some context and understanding of the darker side of the internet and how we have used this to try and inform our policies and procedures as an organisation and what we think you should consider as an organisation as you become more reliant on digital platforms.

The internet provides almost limitless opportunity for grassroots social action, citizen journalism, voluntary engagement and so many other potentially positive outcomes, but we are naive if we do not recognise and consider the risks.

Jon Ronson, journalist and author recently wrote “So you’ve been publicly shamed” on how the networked effect of the internet can lead to individuals being ostracised.  His entertaining and occasionally dark work examined some of the difficult issues around user-generated content and how people’s mistakes are amplified and stored for eternity in the memory of cyber-space. Ronson’s storytelling introduces the reader to the inherent risk for normal people to get caught up in exceptional events and how little control they have over these events once a post goes viral.

Sarah Jeong, now of the New York Times Editorial Board, Vice and The Verge has written extensively on the internet’s inherent problems and her book, “The Internet of Garbage” gives informed insights on the risks and unintended consequences of poor policy and practice and how that can impact organisations and their users.   Jeong discusses at length some of the nuanced problems the modern internet has created for itself and how copyright law is being misused as a method of content suppression and removal, due in part to lack of other recourse to individuals who find themselves at the centre of a viral internet storm.

I mention these two texts as they are accessible and informed, and for those who are looking to understand the internet, they will help non-technology people appreciate the inherent risks of a highly networked world, the very real risks that can affect everyday users and voluntry organisations alike.

TeamKinetic is aware that our volunteer management platform has the potential to recruit volunteers in almost any situation. It is effective and easy to use and can be administered remotely with high efficiency to deploy individuals or teams of volunteers at short notice.  These characteristics are great if you run a charity, an event or a university internship program, but they are equally great if you are recruiting individuals to partake in less positive endeavours.   The creators of any platform which allows users to create content and communicate with each other must be aware of the risks as well as the benefits.

Recent legislation such as GDPR, goes some way to help individuals protect their privacy and increase their control over websites and platforms they engage with. It also gives businesses and organisations the chance to audit exactly what information they collect, why they collect it, and what they are going to do with it. This was a revealing process for us and was very worthwhile. All legislation, however well intentioned, runs the risk of “unintended consequence“. As responsible curators of TeamKinetic we have to embrace some basic values by which to manage our site.

What are our ideals and values?

As an organisation, we have put honesty at the centre of our company values. This is a type of statement that is easy to say, but much harder to live by. We aspire to offer honesty in our pricing, in our customer service and our product.

Our role in supporting the organisations that use TeamKinetic to manage their volunteers goes beyond the provision of software. We want to build a community of volunteers and volunteer managers that can share practice and policy, develop professional connections and work to strengthen the sector as a whole through the development of consistent standards in the wider information technology infrastructure of volunteering.

We want to be able to share expert knowledge and insight based on our user data and experience to help the sector become better at recruiting, deploying and recognising their volunteer’s hard work. We commit to making our data available to researchers, and the resulting insights and findings will be freely available to all who have a valid interest in the voluntary sector.

Finally, we want to create an amazing experience for all our users, that means the best technology, built in a way that is easy to use and importantly every user is protected by good policies and excellent support. Our volunteer-centric approach to development will remain the centre of our business operation.

We hope you will join us on our continued mission to be part of the ‘good’ internet and we look forward to your thoughts on how we can do this.

Goodbye Volunteers Week, we will miss you! Here are 3 simple things you can do to say “Thank you” more effectively to your volunteers.

Volunteers Week 2018 – 1st to the 7th June

Volunteers week is a great celebration of the effort and value volunteers provide.  But let’s not let it end here!  We need to keep on celebrating and thanking our volunteers, helpers, doers and anyone that makes it happen.

TeamKinetic shares 3 simple insights from its Volunteer Managment Software on how to say those two important words “thank you”

Tell your Volunteers what impact they have made.

Saying ‘thanks’ is a good start, but if you want to supercharge the impact of your thank you, look at how you can convey the difference that volunteer has made.

Now it’s not always possible to send out personalised messages to every volunteer, but you can quickly summerise what volunteers mean to your service or organisations and what has been achieved collectively.

Using TeamKinetic, many of our customers are able to send personalised, impactful thank you messages directly to Volunteers immediately after the volunteer has finished their work.  We have seen volunteers twice as likely to volunteer again when someone says thank you and takes the time to explain what a difference they made.

Put a little thought into your “Thank You”

Every volunteer manager knows they rely on superstar volunteers. The person who will turn up no matter what.  Where you have someone special, let them know. It does not have to be expensive or time-consuming, you just have to get a little creative.

If you’re not the creative type, why not look at some of the great ideas suggested by the Scouts.

TeamKinetic’s real-time reporting makes it super simple to know who your superstars are. It’s simple to see which individuals you simply could not live without from our Volunteer dashboards.

Be authentic, be consistent.

People can soon tell if the Thank you,  they receive is just an automated message, that is set to repeat.  Don’t be a robot!  Put some personality into your Thanks.

Having said that, there are some really useful messages that you can set to run automatically and can make your volunteer offer more consistent.   Wish your volunteer a happy Birthday, Tell them when they have been with you for a year or when they pass a milestone such as 100 hours volunteered.

TeamKinetic has been busy developing its milestones function.  This will make it even simpler to build up a range of fantastic, motivating and inspiring messages to keep your volunteers hooked on helping.

All that is left to say, is Thank You for reading, I hope it makes a difference to your volunteers and I look forward to hearing what works for you and your teams.

Happy Volunteers Week

 

Liverpool FC Foundation are bringing volunteering into the digital age to support their work in Merseyside and beyond

LFC Foundation

Liverpool FC Foundation is the first professional football club’s community programme in the world to launch a digital volunteer portal for their outreach programme.

The club’s Foundation has joined a host of other sport and voluntary organisations already supported by TeamKinetic, which aims to make it easier for volunteers to make a difference in people’s lives and communities. The portal will improve the recruitment and deployment of volunteers across all of Liverpool FC Foundation’s activities.

For 20 years LFC Foundation’s outreach programme has benefitted many of the communities in Merseyside and beyond. Through various initiatives and programmes, the foundation has embedded itself within the community. This includes supporting young and old, military veterans, those in need of some emotional support or even those just looking for something to do in the holidays. These programmes all share a focus on one or more of three fundamentals of community, skill and wellbeing.

Coach and Players working together

LFC are using TeamKinetic’s volunteer management software, which has already logged nearly one million voluntary hours of various organisations. These hours are making a difference in people’s lives and communities and LFC Foundation’s involvement will only increase the impact this makes.

Dawn Georgeson, Volunteer Project Lead at Liverpool Football Club, said:

“The new online volunteering portal provides volunteers with increased access to the opportunities available and enables them to sign up at their own leisure. This makes the process of volunteering more convenient and the process of tracking the opportunities is much clearer for them. The software will also support LFC Foundation by reducing the time spent on administrative tasks and paperwork. This will then be complemented by the intelligent reports the system makes available. All round the software is supporting the role of volunteer managers.”

Chris Martin, Founding Director at TeamKinetic, said: “TeamKinetic has a long history in sports volunteering, so it is really exciting when we can work with a partner such as Liverpool FC and look to make a real difference to those at the community level and enable them to do more. Liverpool FC is world renowned and we’re delighted to welcome them on board and keen to see how we can we can help them use their brand to do even more good work. We look forward to supporting Dawn and her team, who have been doing a great job and we are confident that TeamKinetic will only add to their success.”

GDPR Frequently Asked Questions for TeamKinetic

This document will continue to develop over time as we respond to more questions from our customer and users.  Please feel free to subscribe to stay up to date.

1. Do we need to get renewed consent from every volunteer and provider?

We will be asking all volunteers and providers to review their consent settings for communications and the sharing of their data with volunteer opportunities. You can see this email here 

Renewed consent and acceptance of the new EULA will be required when logging in.

We think the consent we have already obtained from volunteers and providers provides us sufficient cover under the ‘legitimate use’ to ensure we do not need to delete users accounts.

2. How long do you keep data after someone has unsubscribed or withdrawn consent?

Unsubscribed relates to email/SMS correspondence, and users are removed immediately from all mass communication and newsletter emails. They will still receive transactional emails specifically related to them and their volunteering. If a user withdraws consent or asks to be removed their volunteer data is immediately anonymised and their personal data is moved to a table only accessible by a system administrator. This moved data is stored for a further 7 days before being permanently removed. We do this to enable us to restore a volunteer profile deleted in error. Data in backups will disappear after our 30 day retention period. Data from backups is restorable but an hourly charge is levied.

3. What is your process if anyone exercises their right to be forgotten.

We will immediately start the removal process for any volunteer requesting to be forgotten or who asks to be removed. The data removal follows the same pattern as above in point 2.

4. How long would it take to delete their data entirely?

Volunteer data is made anonymous immediately. Personal data is immediately unavailable to volunteer administrators and providers. Data in backups will be removed after our 30 day retention period.

Data in backups is only accessible by our network administrators and not by any users at any level of our applications.

5. Do you have an archive of all the data we hold in the database?

All data is transactionally backed up daily and stored encrypted. Backups are maintained for 30 days.

6. Is the data anonymised at any point?

If a request for removal is received then volunteer data is immediately anonymised.

7. Is your data encrypted?

Password data is stored using a one-way hash using a randomised SALT with a length sufficient to prevent practical brute force or collision attacks.

All data at rest in backup or in transit is encrypted using a minimum 30 character length password.

8. Can the TeamKinetic privacy policy be found on the database by volunteers?

Yes. Our full terms and conditions and specifically our privacy policy can be found at https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm#privacy.

9. When were your terms and conditions and privacy policy last updated?

Attached to this post are links to:

Our very latest End User License Agreement that was updated May 2018. We ask Volunteers and Providers to Acknowledge this new document when they logon. You can view it at;

https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm

The email we will be sending to all user regarding their current communication settings that you can view at;

https://teamkinetic.co.uk/vk/shared_includes/gdpr-email.htm

And our new Privacy policy document was updated May 2018; you can view at;

https://teamkinetic.co.uk/vk/shared_includes/termsandconditions.htm#privacy

I have also included the new Schedule that I will be sending as an addendum to all customers to outline our responsibilities to you under GDPR.

10. Is the website hosted on UK based servers?

All our hosting servers are UK based.

11. Do you have an ICO certification number?

You can find our details at https://ico.org.uk/ESDWebPages/Entry/ZA036104

Registration number: ZA036104
Date registered: 14 January 2014
Registration expires: 13 January 2019
Data controller: TeamKinetic Ltd
Address:
Office 14 Parkway 2
Parkway Business Centre
Princess Road
Manchester
M14 7HR

12. Where do you explain to the volunteer that data is shared with other parties

Our email to all volunteers will reiterate that data is shared with providers and potentially external administrators where a volunteer opts to volunteer on an opportunity outside their application.

For all new volunteers, this consent is explicitly captured during the initial sign up process.

13. What fields can a provider see on a volunteer

Providers can see (but not edit);
Age
Contact phone number
Email address
Gender
Special requirements and disabilities (if the volunteer has chosen to share)
Criminal record check status
Unlocked custom registration fields

14. Can “Admin” users set some “Custom Fields” to be visible to “Providers” or not visible?

Our next release in June 2018 has enabled custom fields to be locked to admins only.

15. Can you make custom registration fields compulsory?

Yes, custom fields can be made compulsory.

16. How long do we store data on volunteer and providers?

TeamKinetic believe volunteering is a lifetime pursuit and as such see no reason to remove a volunteer profile on behalf of a volunteer due to inactivity.

We do believe it is important for a volunteer or provider to have the ability to remove themselves as and when they see fit

We appreciate that some organisations will not share our view, so we will provide a tool that will allow Admin users to search the database for inactive users based on Admin set criteria of time. This will provide a list of inactive volunteers the admin user will be able to remove from the system on mass.

17. Is there any further information of TeamKinetic and GDPR

You can read my last blog on this subject at https://teamkinetic.co.uk/blog/tag/gdpr/

And you can download our whitepaper on this subject at https://teamkinetic.co.uk/vk/shared_includes/are-you-ready-for-gdpr.pdf

18. Do we maintain Data Processing Records

Yes. We have a record of all Data Processors details and access to the data is maintain under strict regulation. We have detail records for the purpose of processing, descriptions of categories, detail data flow diagrams and full documentation of all third party data processors we work with. This is complemented by our policies on security, continuity and privacy.

19. Does TeamKinetic have a Sub-processor or level 2 processor change request process?

TeamKinetic shares very limited data with sub-processors and that data is anonymised. All sub-processes are legally bound by TeamKinetic to meet our data standard as outlined in schedule 6.


All customers are asked to review the schedule below. This will be sent in a separate email to all existing customers as an addendum to our current agreement and will require signing as soon as possible.

Schedule 6 Data Protection
1. Data Protection

1.1 For the purposes of this clause, the following definitions apply;
(i) ‘Data Controller’, ‘Data Processor’ and ‘process’ have the meanings given to them in the Data Protection Act 1998 and from May 2018 the General Data Protection Regulation 2016/679;
(ii) Service Users shall mean those who sign up to use the Services.
(iii) ‘Personal data breach’ has the meaning given to it in article 4(12) of the General Data Protection Regulation 2016/679;
(iv) ‘ Personal Data’ shall mean the personal data of the Service Users including their name, contact details, email, address, disability information, gender and employment or education experience.
(v) ‘Privacy Laws’ means the Data Protection Act 1998, Directive 95/46/EC, the General Data Protection Regulation 2016/679 qne the Privacy and Electronic Communications Regulations 2003; and
(vi) ‘Privacy notice’ means a notice providing individuals with information about the purpose for which and manner in which their personal data will be processed and the organisations that will be undertaking that processing.

1.2 With respect to the parties’ rights and obligations under this Contract, it is acknowledged and agreed that the Customer is the Data Controller and the Supplier is the Data Processor in relation to the Personal Data.

1.3 Where processing Personal Data on behalf of the Customer the Supplier agrees to;
(i) provide the Services in compliance with all relevant Privacy Laws;

(ii) not do anything (or permit anything to be done) which would put the Customer in breach of its obligations under Privacy Laws;

(iii) only process the Personal Data in accordance with the Customer’s instructions and only for the purpose of delivering the Services and not for any other purpose;

(iv) only process the Personal Data in such manner as is described in the Contract and, in any event, only process the Personal Data to the extent that is necessary to deliver the Services;

(v) implement and maintain the technological and organisational measures to protect the Personal Data against accidental or unlawful loss, alteration, destruction, or unauthorised disclosure, dissemination or access, or alteration;

(vi) not disclose or transfer the Personal Data to any third party (save where disclosure has been specifically authorised by the Customer under this Contract) and only provide access to the Personal Data to your personnel where such access is necessary for the provision of the Services

(vii) take reasonable steps to ensure the reliability of any of your personnel who have access to the Personal Data, ensure that those personnel are aware of their obligations set out in this clause 1 and have undergone adequate training in the care, use and protection of personal data in compliance with the Privacy Laws.

1.4 Upon the Customer’s request, the Supplier agrees to permit the Customer or its authorised agents to inspect the Supplier’s premises, data processing activities and systems, and/or have access to, and be provided with copies of any information (including without limitation the Personal Data) to enable the Customer to be satisfied the Supplier are complying with the obligations under this Schedule 6.

1.5 The Supplier must not sub-contract or assign any of its right or obligations under this Contract without the Customer’s prior written consent.

1.6 Where the Customer provides written consent to sub-contracting of the Services under clause 1.6, then the Supplier agrees to impose a binding legal obligation on their sub-contractor to comply with the obligations in this Schedule 6 where that subcontractor has access to, or will be otherwise processing, the Personal Data. For the avoidance of doubt, any such subcontract shall not relieve the Supplier of its obligation to comply fully with this Schedule 6 and the Supplier shall remain fully responsible and liable for ensuring full compliance with this Schedule 6 in all respects.

1.7 The Supplier will not transfer any Personal Data processed under or pursuant to this Agreement outside of the European Union without the Customer’s prior written authorisation. Where the Customer authorises the transfer of Personal Data outside of the European Union, the Supplier agrees to comply with any instructions the Customer may issue which are necessary to achieve compliance with the Privacy Laws.

1.8 The Supplier agrees to notify the Customer as soon as practical, and in any event within five working days, if the Supplier receives;

i. a request from an individual to access their Personal Data or to exercise the rights of individuals under Privacy Laws including the rights of rectification, restriction, blocking, data portability and/or erasure;
ii. a complaint relating to the processing of Personal Data under this Agreement;
iii. notification that an individual wishes to withdraw their consent, or otherwise objects, to the processing of their Personal Data under this Agreement; or
iv. any communication from the Information Commissioner or any regulatory authority in connection with the Personal Data.

1.9 The Supplier agrees to comply with our instruction regarding the response to and handling of a complaint, request, notification or communication described in clause 1.9 and provide such reasonable assistance to the Customer as is required to ensure that the Customer can comply with its obligations under the Privacy Laws.

1.10 The Supplier agrees to notify the Customer promptly, and within 24 hours, in the event of an actual or suspected personal data breach involving the Personal Data processed under this Agreement. The Supplier agrees to co-operate with the Customer fully to investigate such a breach by furnishing the Customer with information as may be reasonably required about the breach and the Supplier’s processing activities. The Supplier also agrees to comply with the Customer’s reasonable instructions regarding the management of and response to the breach and any steps necessary to prevent an equivalent breach in the future.

1.11 The Supplier agrees to comply with the Customer’s instructions as to the period for which the Personal Data shall be retained and regarding secure destruction or return of the data to the Customer following expiry of the Term.

1.12 The Supplier agree to indemnify and keep indemnified the Customer against all claims, demands, actions, proceedings, charges, costs and expenses (including legal costs and expenses) which may be brought against us in respect of or in any way arising out of or in connection with;
i. your breach of the obligations in this Schedule 6; or
ii. a claim that we are in breach of our obligations under the Privacy Laws as a result of any of your actions.

 

TeamKinetic Academy: Facebook Live Training Dates for TeamKinetic 1.0

facebook-live-brand-awareness

With so many new features and products in TeamKinetic 1.0 (TK1.0) we thought it would be best to invite you all to a series of master class sessions with Steve and the team.  This new version has the potential to take your volunteer management to a new level.

Join us on Facebook to see our interactive demos and join in the conversation directly with Steve.  As you know we love to talk through how and why we have made some of our changes. We also love to hear yours and your volunteers thoughts and feedback and this heavily informs our next versions.

These sessions are designed to be short and easy to follow, with loads of opportunity for you to ask questions.

References Wednesday 25th April 13:30
TeamLeaders Friday 27th April 13:30
Setting Maximum Sessions Wednesday 2nd May 13:30
TeamKinetic Chatter – Opportunity Chat Rooms Friday 4th May 13:30
Managing External Opportunities Wednesday 8th May 13:30
Reporting Update Friday 11th May 13:30

If you can’t make one of these sessions, don’t worry, we will be keeping the video on Facebook, as well as adding it to our YouTube channel and where appropriate putting them into the help documents.

Of course, you can always get in touch via the support tickets, email, phone or chat function. We want to know what you think, so please get in touch.

We look forward to seeing you this Wednesday for the first session

To find out more information on TeamKinetic, please feel free to get in contact with one of our Team by:

Email:                    james@teamkinetic.co.uk

Phone:                    0161 914 5757

For over ten years TeamKinetic has been developing innovative technological solutions for third sector organisations. We pride ourselves on our volunteer-centric approach and intuitive design.

Volunteer Management Software that WORKS for Third Sector Organisations.

 

Are you ready for GDPR?

A whitepaper to help you get ready for GDPR and find out what it means for your data.

Whitepaper – Are you ready for GDPR – Download the paper here.

What should you be doing now?

If you haven’t started preparing your organisation for compliance then the next 3 months are crucial. If you have started getting ready for the GDPR deadline,  keep going.

Make sure your board is bought in to the importance of the project. Having the support you need from the top is vital to the GDPR compliance process.

ONCE THE GDPR COMES INTO FORCE, YOUR BUSINESS MUST:*

  1. Keep a record of data operations and activities and consider if you have the required data processing agreements in place
  2.  Carry out privacy impact assessments (PIAs) on products and systems
  3.  If applicable to your organisation, designate a data protection officer (DPO)
  4.  Review processes for the collection of personal data
  5.  Be aware of your duty to notify the relevant supervisory authority of a   data breach
  6. Implement “privacy by design” and “privacy by default” in the design   of new products and assess whether existing products meet GDPR standards

 

What are TeamKinetic doing right now

See what we have already put in place, to be ready for 25th May 2018.

https://teamkinetic.co.uk/blog/2018/02/07/teamkinetic-updates-new-eula-and-data-policy/

We continue to work with our customers to ensure compliance and understanding.

Are you ready for GDPR?

Deadline – 25th May 2018

Information sourced from UKFast, Berwin,Leighton,Paisner and Onside Law

Contents

Let’s refresh

Why has the GDPR come about?

What about Brexit?

What should you be doing now?

Data security is EVERY business’s business

Key changes to consent

Key changes to breach notifications

Are the rules different for electronic communications?

What is TeamKinetic doing right now?

Disclaimer: The information in this whitepaper is for your general guidance only and is not and shall not constitute legal advice. If you need advice on your rights or responsibilities or any legal advice around data protection matters, please obtain specific legal advice and contact an adviser or solicitor.

Let’s refresh…

What is the GDPR? The General Data Protection Regulation (GDPR) is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently existing throughout the EU’s member states and facilitates the secure, free-flow of data.

Why do you need to know about it?

As of April 2016, businesses have been preparing for the legislation coming into effect on 25th May 2018. Although we are in the process of leaving the EU, working towards GDPR compliance remains crucial.

If you fail to comply with the Regulation you could find yourself being fined up to 4% of your company’s global annual turnover and your reputation damaged beyond repair.

That is 4500% increase on current fines that can be issued by the ICO!!

Now that the deadline is just 3 months away, is your organisation ready?

Why has the GDPR come about?

There is a need in Europe and beyond for a standardised data protection framework that addresses the rapid technological advancements that have taken place in recent years, putting the personal data of the masses at risk.

Where do vulnerabilities lie?

Everywhere. All organisations are at risk of a cyber-attack, despite common misconceptions that some industries are more secure than others.

The results of a survey carried out by the Information Commissioner’s Office (ICO) of 173 councils at the end of 2016 reveals that more than 15% of councils do not have data protection training for employees processing personal data and a third do not carry out privacy impact assessments (PIAs) as required by the GDPR.

The survey’s release coincided with the news that the ICO had fined Norfolk Council £60,000 for a data breach in which social work files were discovered in a cabinet bought in a second-hand shop by a member of the public.

Capgemini: The Currency of Trust, February 2017

74% of UK SMEs had a security breach in 2016.

While leaving vulnerable information in a cabinet or on a train may seem like a problem from 1997 rather than 2017 – when cloud technology means physical files never need to leave the office – the overarching security challenge remains.

Professionals across the public and private sectors must be aware of the nature of the data they are accessing from their home networks and ensure they are doing so securely.

Computer Weekly: Many Councils Still Unprepared for GDPR, March 2017

What about Brexit?

Despite the vote to leave the EU, UK businesses must continue to work towards GDPR compliance. Not only has the UK government stated that it is good business practice to do so, but the legislation applies to all businesses working within the EU and with EU data. A failure to comply can lead to significant fines and irreparable damage to a company’s reputation.

The latest thinking is that the UK could replace the 1998 Data Protection Act (DPA) with legislation that mirrors the GDPR, enabling the UK to achieve free data flow with the EU post-Brexit. The government has warned that it may take two to three years for the European Council (EC) to decide that the UK has an adequate data protection regime.

While the impact of the Investigatory Powers Act on the UK’s GDPR compliance has yet to be fully understood, it is possible that the mass surveillance and data retention practices carried out under the Act could cause issues when the EC comes to decide whether the UK’s practices are adequate. The existence of these two extraordinarily contradictory legislations could result in a UK equivalent of the Privacy Shield agreement held between the US and the EU to facilitate secure transatlantic data flow.

If your business activities are contained within the UK or elsewhere within Europe, you will have to observe the protections afforded by the GDPR for citizens.

What happens if my business is not complaint?

The GDPR introduces a two-tier fine system that emphasises just how small a financial deterrent existed under the Data Protection Act (DPA).

As of the 2018 deadline, any data controller or processor that fails to comply with the Regulation will face the following fines:

 

Tier 1

If a data breach occurs that puts highly important data at risj, the data controller/processor will be fined upto €20M (£17.25M) or 4% of the previous year’s global annual turnover, whichever is greater.

Tier 2

Any other data breach could lead to fines of up to €10M (£8.6M) or 2% of the previous year’s global annual turnover, whichever is greater.

 

It is estimated that if breaches remain at the same level as in 2015, the fines given will raise 90 fold from €1.4 billion to €122 billion

Key changes to consent

Do you ask your customers for permission before you use their data? Do you go a step further and tell them what it will be used for? If the answer to either – or both – of these questions is no, you could be in trouble if you don’t start changing your ways before the GDPR deadline.

 

Why is consent important?

Consent enables your business to lawfully process data.

Organisations applying the GDPR’s standards are giving individuals greater control over their information and, in turn, building trusting relationships that ultimately keep customers coming back for more.

Any business found to be misusing personal data will be fined according to the highest level of the two-tier system and – most poignantly – is at serious risk of damaging its own reputation. When is consent required? You must have the data subject’s consent to lawfully process their data. However, just to confuse things, there are instances that will call for consent to be acquired via alternative methods; we’ll clarify this shortly. Consent is also needed under ePrivacy laws if you’re in the business of tracking communications and installing software and apps on devices.

If you want to use someone’s personal data they must give you explicit consent to do so. This means in practise no pre-ticked boxes, a user must always choose to tick the box.

If you want to use an individual’s personal data for multiple purposes, they must give consent for each purpose, separately

 

Who might need an alternative method of gaining consent?

Most commonly, data controllers in a position of power such as public authorities and employers who are likely to find getting valid consent challenging and so must consider the alternative options.

For example, if you are a highly successful eCommerce business is bringing on board a new supplier of garden furniture, you will need a contract with them that clarifies the role of each party and enables you to lawfully process their data.

Whether you are the data controller or processor, you must always record how consent was given, who from, when, how, and what the interested parties were told.

You must not bundle your consent request with your standard terms and conditions.

 

Does your consent process meet GDPR standards?

Carry out a thorough review of existing consent processes and asses whether they meet the Regulation’s requirements. if they do, there is no need to request consent from the subject again.

Key changes to breach notifications

Europe had a phenomenally inconsistent data protection landscape. It meant that when a Switzerland-based business suffered a data breach affecting people in Greece, Italy and Spain, the organisation would need to comply with the breach notification standards of each of the three member states.

This lack of uniformity throughout Europe means that while some member states, such as Spain and Germany, are recognised for their rigorous data breach privacy laws, there are also member states with minimal to no regulations in place.

In this environment, organisations in lax member states have not needed to notify an authority of a breach.

The GDPR smooths all this out with the introduction of a single breach notification requirement.

 

What is a personal data breach?

A personal data breach is not simply the loss of data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

When must the relevant supervisory authority be notified?

The relevant supervisory authority must be informed of any data breach that puts an individual’s rights and freedoms at risk. This includes a loss of confidentiality and financial loss.

Data controllers must inform the supervisory authority without undue delay and within 72 hours of learning of a personal data breach. They must state:

  1. Its nature
  2. The approximate number of people affected
  3. The contact information for the organisation’s DPO (if one has been appointed)

The controller must also pin-point the likely consequences of the breach and the measures taken to reduce further risk to those affected.

Data processors must tell the data controller about a data breach without undue delay after having become aware of it.

If a breach is significant enough that it is in the public interest, those responsible – be that the controller or processor – must do so without undue delay.

The impact of data breaches If we hark back to our real world TalkTalk and Yahoo examples, we can see that the severe consequences each company experienced following their respective breaches were related to how they handled the aftermath of the breach and not simply because the breach happened in the first place.

What should you be doing now?

A personal data breach is not just the loss of that data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

  • Educate your employees about    personal data breaches and how to   spot when one has occurred.
  • Set-up an internal process for reporting   a personal data breach.
  • Make sure you have the internal resources and processes in place to   detect and investigate breaches. Speak to any third-party data processers if they are storing your data.
  • Put an incident response plan in place.

Are the rules different for electronic communications?

No, not really. The EU has introduced a complementary legal framework to the GDPR to clarify exactly what data controllers and processors must be doing to protect individuals’ communications; electronic or otherwise.

  1. New cookies responsibilities   for browser providers Users must be given the choice to consent to cookies as part of the browser software set-up. This should reduce or eliminate cookie banners on websites entirely.
  2. Extra-territoriality and 4% fines The Regulation no longer applies solely to the EU. It applies to anyone in the world that provides publicly-available “electronic communications services” to acquire data from the devices of EU citizens. Any organisation that breaches the Regulation will be subject to the GDPR’s two-tier fine system. That means you should be paying attention even if your business is contained within the UK.
  3. The Regulation application is expanded Unlike its predecessor, the ePrivacy Directive, the ePrivacy Regulation goes beyond the traditional telecommunications organisations and internet service providers. It incorporates messaging apps like WhatsApp, and email providers, amongst other communications suppliers such as Facebook and Snapchat.
  4. New rules for processing communications data The Regulation introduces new rules for handling: what was said, who said it, where and when. This data is confidential; interfering with it could result in a Tier 1 fine.
  5. Exemption analytics cookies Businesses are exempt from the cookie consent requirement when using firstparty analytics. However, using third-party analytics platforms such as Google Analytics requires user consent.

For the non-techy amongst you, ‘party’ refers to the website that places the cookie. So when you visit www.ukfast.co.uk, and you find the domain of the cookie placed on your computer is www.ukfast.co.uk, this is a first-party cookie. If you visit www.ukfast. co.uk and a cookie by a suspiciously dissimilar name appears, this cookie has been placed by a third party.

Like the GDPR, the ePrivacy Regulation will come in to effect on the 25th May 2018.

Source: http://privacylawblog.fieldfisher.com/2017/the-new-e-privacy-regulation-what-you-need-to-know/

School Under the Tree – Ethiopia – A mid-week reflection

One of TeamKinetic’s founding Directors, Chris, has joined the School Under the Tree to explore future voluntary opportunities in Awasa, Southern Ethiopia. In his latest blog, Chris shares his experiences and what he has learnt so far.

Over to you Chris…

Hello from afar!

In my last blog, I set the scene and expressed how we wanted to identify opportunities to develop this small and underprivileged town with a sustainable funding model for its school.

So as I reach the halfway point of this amazing experience, I wanted to reflect on what I have seen and learnt as a volunteer. I also want to ask you for your thoughts on how we make our projects more sustainable and resilient.

Day 2 – A Bumpy Arrival

After the 11 hours of flying, and 5 of the scariest hours of my life driving, our guide dropped us at our first hotel. Tired and a little travel sick from the journey we settled in for a few beers before calling it a night.

To welcome us into Awassa was Belay, the founder of The School Under The Tree and its head teacher. It didn’t take long before we started discussing the challenges the school is facing, and how with little funding, time or resources they have been coping.

We quickly got into discussing the many issues the school faced, and much like the English primary schools I’m more used to working with, it had neither the money or time to solve many of the problems. Despite being thousands of miles away, Belay was describing the same fundamental issues of many British Primary School.

It also became clear Belay was wary of the four strangers from England, promising him the world.  But once we began sharing our past experience in Schools, mine teaching PE, we started to build a level of trust. One of the most important lessons from this trip has been the building of trust and relationships. If we want to make this project a success, then we need nurture our relationships with the locals. In the evening we said our goodnight to Belay and our guide, settling in for a decent night sleep.

Day 3 – Just a little disruption

I was woken at 5:50 am by the crowing of a Cockerell, which I am convinced was positioned on my window ledge he was that loud! We convened at breakfast to plan our day.We convened at breakfast, making our plans for the day. It was far from the usual two pieces of toast and jam in the UK, but that’s not to say it didn’t do the trick.

There was a mix of nerves and excitement to start our volunteering at the school, we did not know what to expect or how we would be welcomed. But what a welcome it was – excited, giddy, full of smiles and fun.  The children were just as curious as those in the UK, and with many of them not having seen an Englishman you can imagine the amusement. Unfortunately, the school facilities were unlike any I had taught before.  The school had just one toilet, a description I would use loosely and is without a playground or books. Instead, the school relies on enthusiasm and a desire to learn.

It became clear that we were going to be a bit of a distraction, I suppose if are going to be,  you might as well make the most of it. So Wayne, one of my group’s volunteers, began leading a rendition of Heads, Shoulders, Knees & Toes and so it began.

After lunch we sat down with Belay and picked up where we had left off the night before, discussing the issues he faced. Together we identified the following challenges the small private school faces in delivering an education to the very poorest children in the area:

  • There are far more children than spaces available in the school.
  • Property values in Awassa are seeing a significant increase under the pressure of urbanisation making rent very expensive.
  • The school is fully dependent upon charitable donations.
  • The local tax regime treats private school as any other business and the corporate tax on income is high and treats charitable donations as part of their income.
  • Children who graduate from the school can access free government school places at Grade 1 but many don’t seem to do this and right now we don’t know why that is.

I would love to speak to other organisations or individuals who have experience of working in Africa and Ethiopia who might be able to share their experiences with regards to these issues.

Our solution is to develop a volunteer tourism service for students. We want to recruit up to 20 students in 2019 to visit Awassa for two weeks and work at the school and orphanage as teachers and youth workers. We would train and support the students prior to visiting Ethiopia and they would help promote the charity to their friends and family.

I can say this experience has been truly amazing and has altered my perception of Ethiopia and Africa so much. As a relatively cynical 39-year-old businessman, I have found myself moved to tears by some of the wonderful stories I have heard this week. I think anyone who visited this amazing place would go home a more humble person.

This is our first venture into this type of activity and we are driven to succeed, The School Under the Tree deserves to succeed. I would love to hear peoples thoughts on using charity tourism to help fund this project, and your experiences of the dangers and un-foreseen impacts volunteer tourism can create.

Please feel free to reach out to me: chris@teamkinetic.co.uk

From Volunteer Management Systems to Volunteering in Ethiopia

School Under The Tree

School Under The Tree

A few months ago I wrote a post about the potential impact we can all make and how we as individuals and business owners should try to maximise that impact. It occurred to me that I really needed to live by my own message and I started to look for new personal and business projects to increase my impact.

Through a friend, I was introduced to The School Under The Tree, a Manchester based charity that supports a school project in Ethiopia. The charity name echos its beginnings, a young Ethiopian man teaching local street children under a tree in the town of Awasa in Southern Ethiopia. Supported by people from Manchester, that school of humble beginnings has 13 years later transformed into a provider of primary age education for over 200 students every day.

The challenge

How can we make this small school in Ethiopia, sustainable and maybe even give it the potential to grow, without it being dependant upon donations and funding?

This is a challenge many fundraisers and 3rd sector organisations around the world battle with every day. My goal is to develop a business model that will allow the school to prosper long term, whilst staying true to its goal to provide education for some of the poorest young people in this region.

Over the next few days I’ll blog about my experiences in the school and share ideas on how we might help achieve long-term viability for the School Under The Tree. If you have ideas please comment below or follow us on twitter @schoolundert.

TeamKinetic Case Study: A Volunteer’s Experience

TeamKinetic’s has always understood the importance of a positive volunteer experience. It is this understanding that has driven all of the development to be volunteer-centric, to ensure that both our clients and volunteers are happy.

We recently had the opportunity to discuss the experience of Dimitris Lampropoulos, a Football Coach who volunteers using Manchester Volunteer Inspire Programme (MCRVIP). MCRVIP is a programme which aims to recruit, train and deploy volunteers to support sport and physical activity within Manchester and uses the TeamKinetic system to do this. In the following case study, we share his experience using the system.

Dimitris Lampropoulos

First experience with TeamKinetic software

“Having previously volunteered, the process of registration and joining opportunities could be tedious. Every time I wanted to participate in an opportunity, I had to make a call to the organisation, see if they had any opportunities available and then find out how to participate in. This process could often be timely and was restricted in the number of opportunities I could find and access information on.

Using TeamKinetic’s system through MCRVIP, I found it to be very straightforward to use. It was a very convenient and useful way to find opportunities, with a much easier process to select and apply to volunteering opportunities. The registration process is very straightforward and it only took a couple of minutes to create a profile. Once this has been completed you are able to find opportunities, which can be viewed on the homepage or searched for using the search bar.

The process to apply to each role is simple. Duties, qualifications, location and contact details are included in the opportunity description, as well as the sessions and dates.  You can also share opportunities you have joined on social media, making it easier to involve my friends.

Once you have completed an opportunity you can leave feedback,  through a simple thumbs up or down and add a comment. You can also see the number of hours you have logged and sessions you have attended in your profile. If you complete a specific number of hours, you will gain badges to acknowledge your participation and thus you will have the opportunity to turn your logged hours into vouchers. Depending on the opportunity provider, this could be traded for a free t-shirt to a discount on coaching courses”

Experience and benefits of volunteering

“I am delighted with my volunteering role of MCRVIP. Through this position, I have the chance to be involved in Manchester football and also to be registered on Manchester Football Association. My volunteering has now grown beyond the pitch, as the founder of the charity I work for offered the opportunity to get involved in the administrative and development of the charity. This will help to continue my professional development and provide me with the knowledge and experience in the business of football and will help to strengthen my CV.

Overall, being a volunteer can be a very beneficial experience, not only does it provide a sense of fulfilment it can improve employment opportunities. As a volunteer, you build your network, create new connections and can discover new opportunities. It also shows that you are eager to build your experience and do something to help others.

TeamKinetic provided the most straightforward system for joining opportunities I have come across. I really like how intuitive the system is and the motivation the hour trade vouchers provide. I could see this system working for sports organisation, charities or any organisation that requires volunteers.

They really provide a simple to use the system and I will be sure to find other opportunities using MCRVIP”.

For further information on TeamKinetic’s volunteer management software please email chris@teamkinetic.co.uk or call 0161 914 5757.

TeamKinetic Case Study: Volunteer Glasgow A Year On

TeamKinetic recently visited our friends in Scotland, Volunteer Glasgow. With over 45 years’ experience of supporting charities and 3rd sector organisations to recruit and support volunteers, Volunteer Glasgow has managed to be one of the most successful third sector organisations in Scotland.

Over the years the many volunteer-dependent organisations Volunteer Glasgow supports have faced various challenges in the recruitment, retention and management of volunteers. Upon acknowledging the need for a new digital volunteering platform better able to meet the city’s volunteering needs, the search for a more efficient solution began.

For the last year, Volunteer Glasgow have been using TeamKinetic’s volunteer management software.  Nick Brown, Volunteering Services Manager at Volunteer Glasgow shared his experience leading to and using TeamKinetic. He explains the importance of having an online presence for opportunities, the fundamental problems concerning the previous methods of opportunity advertising and how TeamKinetic has provided the solutions to overcome these issues.

The importance of advertising volunteer opportunities online:

“Many of the organisations we work, look to advertise roles with a relatively short turn around so speed is of the essence when it comes to getting opportunities online.

With previous methods of advertising opportunities online, it usually took between three to five days to appear online but it’s crucial that you get your opportunity out there quicker than that, with the right message to the appropriate people.

This is because organisations are unsure of the resources available to them far in advance or they may be overwhelmed with work and maybe a bit rushed. This means the process for advertising opportunities, at times, needs to be quick and easy.”

The problems with the previous systems:

Previously, Volunteer Glasgow used the Scottish Council for Voluntary Organisation’s (SCVO) MILO2, but this had several challenges, with a major issue around the processing time to advertise opportunities.

Commenting on the system: “One of our biggest issues was the long time period for an opportunity to be advertised online. For example, organisations had to fill out a form, then we input the form onto a system which then took around three days to be published online. This issue was further made challenging as opportunities were sometimes uploaded with the wrong details or none at all. This had a real impact on the ability of our partner organisations to recruit volunteers and obviously also carried a reputational risk for ourselves.

Exploring our options, we had a trial with another volunteer management software provider, but experienced issues in the reliability and functionality. The importance of effectively recruiting volunteers is crucial to the running of charities and 3rd sector organisations”.

The biggest struggle for Volunteer Glasgow was getting the systems to work and appear properly. As Nick explained “having a presence online with opportunities advertised is essential if you want to ensure high levels of recruitment of volunteers in an organisation.

Previously if you had an issue it could take quite a long time to resolve. TeamKinetic changed that. If we need support or help they were always responsive to our calls and queries.”

How TeamKinetic helped Volunteer Glasgow:

TeamKinetic was introduced to Volunteer Glasgow by Glasgow Life, who had already been using the software to manage volunteers for the needs of sport and leisure purposes. Having been impressed by the functionality and simplicity of the system, with the benefit of being able to interconnect platforms, TeamKinetic was deemed suitable for Volunteer Glasgow’s needs.

Introducing TeamKinetic to organisations we deal with:

“We told the 250 organisation we deal with that they should get started on using the  TeamKinetic’s software and see how they get on. If they felt they were struggling or needed help they should get in touch. Out of them all, only eight got in touch to ask for some support and guidance using the more advanced functionality. Consequently, they have all given feedback on how simple to the software is to use”.

Controlling advertised opportunities:

“TeamKinetic’s software provided the ability to manage and control opportunities posted in real time. It enables us to have a level of authorisation and control which we had not had before.

Something we have to remember is that although we are advertising opportunities for other organisations, it is our website, with our branding and reputation on the line. TeamKinetic’s software notifies us immediately once an organisation has submitted an opportunity, allowing us to approve it; check to make sure it is appropriate and has sufficient detail.  Once we have done this, we can approve the opportunity and straight away it goes live on our website.”

What Volunteers thought of TeamKinetic’s system:

“From the volunteers’ perspective there was a positive feedback; it is much easier for them to create their own profile which is something that has never done before. Volunteers can log hours, leave feedback on opportunities and are able to earn themselves HourTrade vouchers.”

Commenting on the ease of use of TeamKinetic’s software:

“If you have ever, for example, set up an online shopping account or uploaded your CV onto a recruitment website, then you will find TeamKinetic just as simple to use.

Using TeamKinetic’s volunteer management software has enabled us to reduce the amount of time we spend inputting and writing copy content.

This has directly resulted in staff having more time available to spend on the things that matter, such as directly approaching and offering our services to other charities in Glasgow.”

Summary of experience using TeamKinetic:

“It is the responsiveness, ease of use and functionality of TeamKinetic that makes it so great. Since as we started using TeamKinetic’s volunteer management software we have seen a positive impact. In the last six months, everything has been made easier for all those involved.  TeamKinetic addresses the issue of limited time, by reducing the time it demands to create and advertise opportunities. This has alleviated much of the stress and difficulties previously experienced. Volunteer Glasgow is now able to spend time more effectively and we are able to achieve so much more.”

To learn more about TeamKinetic’s volunteer management software and how it could help your organisation or any other voluntary workforce needs please contact one of our team.

email on james@teamkinetic.co.uk  | Call us on 0161 914 5757 | Book a free demo: teamkinetic.co.uk

Page 1 of 10

Powered by WordPress & Theme by Anders Norén