Tag: best practice

TeamKinetic Best Practice: What Makes a Successful Site Launch

We’re delighted to welcome any organisation to TeamKinetic. Besides creating software that works best for you and your volunteers, we want to help you make all aspects of your site launch successful! From pre-go-live communications to additional training, make the most of your site launch with the help of the following pointers.  

Pre-go-live Comms 

Communicating features and integrations is a valuable part of your overall communications strategy before your site goes live. Create a pre-go-live checklist to ensure that you spread maximum awareness of your launch. In your Implementation Guide, there is a checklist for optimising your TeamKinetic site, but you may want to go the extra mile. Include both volunteers and admin in your campaign. Span your communications across email, social media, your website and location. This will create a smooth transition for your admins and build anticipation amongst your volunteers. A new-found potential for volunteer impact is an inspiring message! Draw attention to the issues that you sought TeamKinetic to solve, in particular the issues that will resonate with your current volunteers. For example, difficulty notifying volunteers about shift changes.

Outlining Features and Integrations

If you have our enterprise package, you can fully customise your site with a unique set of features and integrations. Other versions are also customisable, just to a smaller extent. TeamKinetic works with your specific organisation and volunteers in mind. There is no doubt that your volunteers will want to know about the improvements to their volunteer experience! 

Our Tempo Time Credits and First Advantage integrations are other talking points. With Tempo, as your volunteers log hours on your TeamKinetic site, they will be granted real-life rewards. Rewards include activities, products or services. With volunteering taking somewhat of a downward turn due to the cost of living crisis and people’s lack of ‘free’ time, tangible rewards are a fantastic motivation.

Additional Training

Another way to make the transition to TeamKinetic smooth for your volunteers is to provide training sessions. We suggest having up to five admins. These admins can all join a TeamKinetic online training session at no extra cost. New admins are free to join our quarterly open training sessions. Or, address any additional training requirements with a one-to-one training session.

Running a similar form of training for your volunteers will help ease the transition to TeamKinetic. This is especially true for those who are not as accustomed to the online world. An optional training session in the run-up to your site launch will benefit you and your volunteers in the long run. You could even pre-record a show around of your TeamKinetic site or create a ‘cheat sheet’ for volunteers to access at their convenience. Let volunteers know about training or any additional materials during your pre-go-live communications. 

Using your Online Voice

As part of your pre-go-live communications, create a social media campaign that showcases integrations, use-cases, and promotes your online training sessions, for example. Your audience will become familiar with the idea of your new volunteer management system and be in support of the benefits. If you utilise social media, you may also gain the attention of those who have yet to volunteer with your organisation. 

If your TeamKinetic site is in partnership with multiple organisations within your area, the same goes for providers. As we explore in our ‘4 Ways to Attract More Volunteers’ blog, if all partners post about opportunities hosted on your TeamKinetic site, reach is maximised. You may choose to execute a cross-channel campaign that is contributed to by all organisations within your partnership. Showing provider profile pages will make it clear who volunteers will be engaging with. This strengthens the credibility and distribution of your content, and, in turn, your TeamKinetic site.

The same goes for linking to your main organisation’s website. Pre-launch, many volunteers will be used to going to your website for volunteering-related information. Ensure that they are appropriately redirected and informed about the purpose of your new TeamKinetic site. We explore this further here.

Helping the More Traditional Volunteer

Alongside running training sessions for those who might be less digitally savvy, it is helpful to have some computers or tablets at your organisation’s location. Volunteers may want to sign up and navigate your TeamKinetic site for the first time with help to hand. Of course, if you have the means, it would benefit certain volunteers if computers or tablets were constantly available. Our new app further simplifies the volunteer experience on TeamKinetic. 

You can invite your existing volunteers to your TeamKinetic site and volunteer opportunities with the ‘invite’ feature. This is another way to create a smooth transition to using TeamKinetic. For those who may not have been exposed to your online pre-go-live campaign, including signage at your location could be the catalyst for less digitally savvy volunteers to sign up to your TeamKinetic site.


Next Steps

Share why you’re excited about TeamKinetic with your volunteers! The period leading up to your site launch is transitional. Knowing what to say, where to say it, and to who to say it to is the foundation of a successful site launch.


Ensure you follow us on our social media pages to receive regular updates about the voluntary sector and learn more about the TeamKinetic system. You can find TeamKinetic on social media and listen to our podcast:

Twitter       Facebook       LinkedIn       YouTube       Instagram       Podcast

Are you ready for GDPR?

A whitepaper to help you get ready for GDPR and find out what it means for your data.

Whitepaper – Are you ready for GDPR – Download the paper here.

What should you be doing now?

If you haven’t started preparing your organisation for compliance then the next 3 months are crucial. If you have started getting ready for the GDPR deadline,  keep going.

Make sure your board is bought in to the importance of the project. Having the support you need from the top is vital to the GDPR compliance process.

ONCE THE GDPR COMES INTO FORCE, YOUR BUSINESS MUST:*

  1. Keep a record of data operations and activities and consider if you have the required data processing agreements in place
  2.  Carry out privacy impact assessments (PIAs) on products and systems
  3.  If applicable to your organisation, designate a data protection officer (DPO)
  4.  Review processes for the collection of personal data
  5.  Be aware of your duty to notify the relevant supervisory authority of a   data breach
  6. Implement “privacy by design” and “privacy by default” in the design   of new products and assess whether existing products meet GDPR standards

 

What are TeamKinetic doing right now

See what we have already put in place, to be ready for 25th May 2018.

https://teamkinetic.co.uk/blog/2018/02/07/teamkinetic-updates-new-eula-and-data-policy/

We continue to work with our customers to ensure compliance and understanding.

Are you ready for GDPR?

Deadline – 25th May 2018

Information sourced from UKFast, Berwin,Leighton,Paisner and Onside Law

Contents

Let’s refresh

Why has the GDPR come about?

What about Brexit?

What should you be doing now?

Data security is EVERY business’s business

Key changes to consent

Key changes to breach notifications

Are the rules different for electronic communications?

What is TeamKinetic doing right now?

Disclaimer: The information in this whitepaper is for your general guidance only and is not and shall not constitute legal advice. If you need advice on your rights or responsibilities or any legal advice around data protection matters, please obtain specific legal advice and contact an adviser or solicitor.

Let’s refresh…

What is the GDPR? The General Data Protection Regulation (GDPR) is a binding legislative act from the European Union for the protection of personal data. The Regulation tackles the inconsistent data protection laws currently existing throughout the EU’s member states and facilitates the secure, free-flow of data.

Why do you need to know about it?

As of April 2016, businesses have been preparing for the legislation coming into effect on 25th May 2018. Although we are in the process of leaving the EU, working towards GDPR compliance remains crucial.

If you fail to comply with the Regulation you could find yourself being fined up to 4% of your company’s global annual turnover and your reputation damaged beyond repair.

That is 4500% increase on current fines that can be issued by the ICO!!

Now that the deadline is just 3 months away, is your organisation ready?

Why has the GDPR come about?

There is a need in Europe and beyond for a standardised data protection framework that addresses the rapid technological advancements that have taken place in recent years, putting the personal data of the masses at risk.

Where do vulnerabilities lie?

Everywhere. All organisations are at risk of a cyber-attack, despite common misconceptions that some industries are more secure than others.

The results of a survey carried out by the Information Commissioner’s Office (ICO) of 173 councils at the end of 2016 reveals that more than 15% of councils do not have data protection training for employees processing personal data and a third do not carry out privacy impact assessments (PIAs) as required by the GDPR.

The survey’s release coincided with the news that the ICO had fined Norfolk Council £60,000 for a data breach in which social work files were discovered in a cabinet bought in a second-hand shop by a member of the public.

Capgemini: The Currency of Trust, February 2017

74% of UK SMEs had a security breach in 2016.

While leaving vulnerable information in a cabinet or on a train may seem like a problem from 1997 rather than 2017 – when cloud technology means physical files never need to leave the office – the overarching security challenge remains.

Professionals across the public and private sectors must be aware of the nature of the data they are accessing from their home networks and ensure they are doing so securely.

Computer Weekly: Many Councils Still Unprepared for GDPR, March 2017

What about Brexit?

Despite the vote to leave the EU, UK businesses must continue to work towards GDPR compliance. Not only has the UK government stated that it is good business practice to do so, but the legislation applies to all businesses working within the EU and with EU data. A failure to comply can lead to significant fines and irreparable damage to a company’s reputation.

The latest thinking is that the UK could replace the 1998 Data Protection Act (DPA) with legislation that mirrors the GDPR, enabling the UK to achieve free data flow with the EU post-Brexit. The government has warned that it may take two to three years for the European Council (EC) to decide that the UK has an adequate data protection regime.

While the impact of the Investigatory Powers Act on the UK’s GDPR compliance has yet to be fully understood, it is possible that the mass surveillance and data retention practices carried out under the Act could cause issues when the EC comes to decide whether the UK’s practices are adequate. The existence of these two extraordinarily contradictory legislations could result in a UK equivalent of the Privacy Shield agreement held between the US and the EU to facilitate secure transatlantic data flow.

If your business activities are contained within the UK or elsewhere within Europe, you will have to observe the protections afforded by the GDPR for citizens.

What happens if my business is not complaint?

The GDPR introduces a two-tier fine system that emphasises just how small a financial deterrent existed under the Data Protection Act (DPA).

As of the 2018 deadline, any data controller or processor that fails to comply with the Regulation will face the following fines:

 

Tier 1

If a data breach occurs that puts highly important data at risj, the data controller/processor will be fined upto €20M (£17.25M) or 4% of the previous year’s global annual turnover, whichever is greater.

Tier 2

Any other data breach could lead to fines of up to €10M (£8.6M) or 2% of the previous year’s global annual turnover, whichever is greater.

 

It is estimated that if breaches remain at the same level as in 2015, the fines given will raise 90 fold from €1.4 billion to €122 billion

Key changes to consent

Do you ask your customers for permission before you use their data? Do you go a step further and tell them what it will be used for? If the answer to either – or both – of these questions is no, you could be in trouble if you don’t start changing your ways before the GDPR deadline.

 

Why is consent important?

Consent enables your business to lawfully process data.

Organisations applying the GDPR’s standards are giving individuals greater control over their information and, in turn, building trusting relationships that ultimately keep customers coming back for more.

Any business found to be misusing personal data will be fined according to the highest level of the two-tier system and – most poignantly – is at serious risk of damaging its own reputation. When is consent required? You must have the data subject’s consent to lawfully process their data. However, just to confuse things, there are instances that will call for consent to be acquired via alternative methods; we’ll clarify this shortly. Consent is also needed under ePrivacy laws if you’re in the business of tracking communications and installing software and apps on devices.

If you want to use someone’s personal data they must give you explicit consent to do so. This means in practise no pre-ticked boxes, a user must always choose to tick the box.

If you want to use an individual’s personal data for multiple purposes, they must give consent for each purpose, separately

 

Who might need an alternative method of gaining consent?

Most commonly, data controllers in a position of power such as public authorities and employers who are likely to find getting valid consent challenging and so must consider the alternative options.

For example, if you are a highly successful eCommerce business is bringing on board a new supplier of garden furniture, you will need a contract with them that clarifies the role of each party and enables you to lawfully process their data.

Whether you are the data controller or processor, you must always record how consent was given, who from, when, how, and what the interested parties were told.

You must not bundle your consent request with your standard terms and conditions.

 

Does your consent process meet GDPR standards?

Carry out a thorough review of existing consent processes and asses whether they meet the Regulation’s requirements. if they do, there is no need to request consent from the subject again.

Key changes to breach notifications

Europe had a phenomenally inconsistent data protection landscape. It meant that when a Switzerland-based business suffered a data breach affecting people in Greece, Italy and Spain, the organisation would need to comply with the breach notification standards of each of the three member states.

This lack of uniformity throughout Europe means that while some member states, such as Spain and Germany, are recognised for their rigorous data breach privacy laws, there are also member states with minimal to no regulations in place.

In this environment, organisations in lax member states have not needed to notify an authority of a breach.

The GDPR smooths all this out with the introduction of a single breach notification requirement.

 

What is a personal data breach?

A personal data breach is not simply the loss of data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

When must the relevant supervisory authority be notified?

The relevant supervisory authority must be informed of any data breach that puts an individual’s rights and freedoms at risk. This includes a loss of confidentiality and financial loss.

Data controllers must inform the supervisory authority without undue delay and within 72 hours of learning of a personal data breach. They must state:

  1. Its nature
  2. The approximate number of people affected
  3. The contact information for the organisation’s DPO (if one has been appointed)

The controller must also pin-point the likely consequences of the breach and the measures taken to reduce further risk to those affected.

Data processors must tell the data controller about a data breach without undue delay after having become aware of it.

If a breach is significant enough that it is in the public interest, those responsible – be that the controller or processor – must do so without undue delay.

The impact of data breaches If we hark back to our real world TalkTalk and Yahoo examples, we can see that the severe consequences each company experienced following their respective breaches were related to how they handled the aftermath of the breach and not simply because the breach happened in the first place.

What should you be doing now?

A personal data breach is not just the loss of that data but a breach of security, resulting in the destruction, loss, alteration, unauthorised disclosure of or access to personal data.

  • Educate your employees about    personal data breaches and how to   spot when one has occurred.
  • Set-up an internal process for reporting   a personal data breach.
  • Make sure you have the internal resources and processes in place to   detect and investigate breaches. Speak to any third-party data processers if they are storing your data.
  • Put an incident response plan in place.

Are the rules different for electronic communications?

No, not really. The EU has introduced a complementary legal framework to the GDPR to clarify exactly what data controllers and processors must be doing to protect individuals’ communications; electronic or otherwise.

  1. New cookies responsibilities   for browser providers Users must be given the choice to consent to cookies as part of the browser software set-up. This should reduce or eliminate cookie banners on websites entirely.
  2. Extra-territoriality and 4% fines The Regulation no longer applies solely to the EU. It applies to anyone in the world that provides publicly-available “electronic communications services” to acquire data from the devices of EU citizens. Any organisation that breaches the Regulation will be subject to the GDPR’s two-tier fine system. That means you should be paying attention even if your business is contained within the UK.
  3. The Regulation application is expanded Unlike its predecessor, the ePrivacy Directive, the ePrivacy Regulation goes beyond the traditional telecommunications organisations and internet service providers. It incorporates messaging apps like WhatsApp, and email providers, amongst other communications suppliers such as Facebook and Snapchat.
  4. New rules for processing communications data The Regulation introduces new rules for handling: what was said, who said it, where and when. This data is confidential; interfering with it could result in a Tier 1 fine.
  5. Exemption analytics cookies Businesses are exempt from the cookie consent requirement when using firstparty analytics. However, using third-party analytics platforms such as Google Analytics requires user consent.

For the non-techy amongst you, ‘party’ refers to the website that places the cookie. So when you visit www.ukfast.co.uk, and you find the domain of the cookie placed on your computer is www.ukfast.co.uk, this is a first-party cookie. If you visit www.ukfast. co.uk and a cookie by a suspiciously dissimilar name appears, this cookie has been placed by a third party.

Like the GDPR, the ePrivacy Regulation will come in to effect on the 25th May 2018.

Source: http://privacylawblog.fieldfisher.com/2017/the-new-e-privacy-regulation-what-you-need-to-know/

Powered by WordPress & Theme by Anders Norén