Spark Compliance Consulting nominated as Compliance Consulting Team of the Year for the Second Year Running

Spark Compliance Consulting is delighted to announce that it has been shortlisted for the Compliance Consulting Team of the Year award for the second year in a row at the Women in Compliance Awards.  (see our press release HERE)

In addition, founder Kristy Grant-Hart has been honored with a nomination for the inaugural Mentor Award for the Advancement of Women in Compliance.   

Spark Compliance Consulting had a banner year in 2017.  The business grew 185% and Spark expanded from its offices in London and Los Angeles to a new office opened in Atlanta in the latter half of the year.    

The annual Women in Compliance Awards are “the ultimate celebration of the achievements female compliance professionals make every day in the world of compliance and business. The Awards embody the very best initiatives, individuals and teams, bringing into sharp focus the united efforts of this innovative and dynamic sector” according to organizer C-5.  The black-tie event, featuring a champagne reception, formal dinner and celebrity entertainment, will be held on March 22nd at the Sheraton Grand Hotel Park Lane, in London.

 

Spark Compliance's Ramsey Kazem, Diana Trevley, Kristy Grant-Hart and Jonathan Grant-Hart at the exhibition booth, Compliance and Ethics Institute, Las Vegas, 2017.

Spark Compliance's Ramsey Kazem, Diana Trevley, Kristy Grant-Hart and Jonathan Grant-Hart at the exhibition booth, Compliance and Ethics Institute, Las Vegas, 2017.

3 things you need to know about training staff for GDPR

3 things you need to know about training staff for GDPR

This is a guest post by Patrick O'Kane, Author of "GDPR - Fix it Fast!  Apply GDPR to Your Company in 10 Simple Steps"

Staff training is a crucial part of protecting data privacy. One recent study found that human error is the leading cause of data breaches, featuring in 37% of data breaches. Providing staff training is an important part of avoiding GDPR fines.

Despite its importance, staff training is perhaps the most under-emphasised part of any GDPR project. Companies have been busy fixing their processes, working on their information security and updating their customer consents; however, there seems to be seems to be little attention paid to how staff training will need to be revamped in order to keep your company in line with the requirements of GDPR.

These are my 3 tips on staff training:

ISO 37001: Checking the Box on “Doing Compliance”

In October 2016, the International Organization of Standardization (“ISO”) published ISO 37001, the first global standard for the development and implementation of an anti-bribery management system.  The emergence of ISO 37001 was a welcomed development as it provides a universal framework for managing bribery risk that can be used by organizations of all sizes, industries, regions and risk profiles.  To date, Peru, Singapore and the Philippines have adopted ISO 37001 as their respective government’s standard, and other countries are expected to follow their lead.

A unique feature of ISO 37001 is that an organization can demonstrate compliance with the standard by obtaining a certification from an independent, accredited auditor.  The certification brings substantial value to an organization as it provides an objective means by which it can outwardly demonstrate its commitment to combating bribery.  Not only does this provide a competitive advantage over an organization’s non-certified competitors, but it also levels the playing field (from a bribery risk management perspective) for smaller organizations competing against large multinational corporations or foreign domestic firms. 

ISO 37001 is not without its critics.  The criticism, however, is generally not directed at the standard itself.  Instead, the critics take issue with the certification of the standard.  A common theme of their arguments is that the certification process is merely a check-the-box exercise where an auditor only confirms the existence of a “paper program”.  The critics argue that the process falls short because it makes no determination as to whether the program is actually put into action.  They also contend that the certification only reflects the status of the program at a given moment in time (i.e. the evaluation period) and, thus, lacks any predictive value as to how the organization will conduct itself in the future.   In short, they conclude the certification is worthless because it does not ensure that the certified organization is “doing anti-bribery compliance” or will “do anti-bribery compliance” in the future. 

There are three fundamental flaws with the critics’ argument...

How to fix your company policies for GDPR – Three things you need to know

For everyone struggling with implementation of the new European General Data Protection Regulation (GDPR), Patrick O’Kane has written a fabulous new book called GDPR – Fix it Fast: Apply GDPR to Your Company in Ten Simple Steps.  I wrote the Foreword for the book, and am so proud to be involved.  The following is a guest post by Patrick O’Kane.  The Kindle edition of the book can be found here on Amazon.  The hard-cover edition will be available Jan. 1.

How to fix your company policies for GDPR – Three things you need to know