Compliance award at Brandon Hall Excellence Awards

By Trudi Taylor

Silver award

Lumesse Learning and American Express Global Business Travel have been awarded silver at the Brandon Hall Excellence in Learning Awards 2017 in the category of Best Advance in Compliance Training.

American Express Global Business Travel was keen to take a new approach to their compliance learning to make it more engaging and relevant. With their vision ‘the future of learning is personal’ in mind, Lumesse Learning created a campaign approach featuring e-learning modules, videos, blog posts, posters, and intranet banners.

Continue reading


Diversity and inclusion: what’s the difference?

By Peter Williams

It is perfectly possible to have a diverse enterprise. But that does not mean your business will be inclusive. Too often diversity and inclusion are lumped together, but that is a mistake. They may be close cousins, but they are not identical. So what is the difference?

Here’s a broad definition: diversity is about the mix you have in your workplace, while inclusion is about making that mix work.

The case for diversity

Within enterprises, especially among the public sector and companies that work across borders, it is now universally accepted that diversity is good for business. Indeed, we’ve moved beyond lip service and spin. Research shows that a diverse workforce in all its differences – ethnicity, gender, sexual orientation – can add a competitive edge in terms of selling and delivering products and services. So the mix is definitely something you want.

The welcome progress that business has made over the last few years in intentionally embracing diversity should be recognised and championed. But more needs to be done. That’s where inclusion comes in.

Continue reading


5 ways that learning content is changing

By Amelia Fuell

Colourful image of a head made up of boxes which are moving and evolving into something elseIn our recent whitepaper, ‘The Future of Learning Content‘ we investigated the ways in which learning content was evolving, as well as the implications for L&D departments, and the practical steps they might take to create a winning content strategy. Here are some insights taken from the whitepaper around how content is changing.

Technological innovation is changing the ways that we produce, deliver and consume learning content. The traditional self-paced e-learning course is in decline, and we are moving towards a mobile-centric, multi-format digital-learning paradigm where learner engagement is key. Here are the main 5 ways we found that content is changing: Continue reading


Why Brexit uncertainty means trouble for L&D

By John Helmer

Man with umbrella in waist-deep water in the rain to illustrate Brexit uncertaintyHR’s recent drive to develop ‘VUCA’ leadership turns out to have been timely: the situation created by Brexit is volatile, uncertain, complex and ambiguous. And of the four letters making up that acronym it is the ‘U’ – uncertainty – that is currently causing most concern for the People function.

On a webinar given by Lumesse partners IEDP I learned that HR people are ‘hungry for certainty’ over Brexit. With the March 2019 deadline set by the UK government’s triggering of Article 50 beginning to loom unpleasantly, we find ourselves 25% of the way through the process but with no clarity at all about which of the various possible leaving scenarios will prevail.

IEDP’s Roddy Millar asked guest presenter Michael Skapinker (Executive Editor Financial Times / IE Business School Corporate Learning Alliance) whether he was seeing any specific solutions or approaches that HR departments were putting in place to prepare themselves for leaving: ‘How can one prepare oneself for something that one doesn’t know?’ replied Skapinker; ‘we don’t know what the situation will be.’

At time of writing, everything still seems to be in play; meaning anything from a Norway-style scenario where the UK retains some access to the single market, through a transitional period of as-yet-undetermined length which might smooth out the lumps and bumps, to a so-called ‘train-crash’ Brexit where Britain leaves without a trade deal and operates under WTO rules.

Whether you’re a beleaver or a remoaner – whether or not you think suffering the pain of divorce is worth the eventual rewards we might reap from leaving the EU – it is hard to deny that there will be pain.

So where are the problem areas for L&D?

Continue reading


7 ways to make self-directed learning stick

By Amelia Fuell

Cartoon image of learner training her brain, caption: step by step I trained my brain not to wander offLearning has never been more accessible. For virtually any skill – whether it’s learning a language, coding, business management or yoga – learners motivated by their own personal needs and goals will be able to find an online platform or application that has been created to help them. Self-directed learning is becoming more popular too: for example, 58 million people have registered for a massive open online course (MOOC)s since 2011, with nearly half of those signing up in 2016 alone.

But while technology has widened opportunities for skills development, information overload is a growing challenge. There are some 80,000 different education apps on the App Store alone. Furthermore, attrition rates are high: over 90% of people who start a MOOC will never finish it. In the age of distraction, many of us are guilty of downloading an app on our phones with good intentions, but then failing to use it long term.

If you are keen to start learning new skills online, then it can be hard to pick the right course and even harder to stick at it. So how can you create successful habits that will help you learn effectively and achieve your goals? Here are a few essential tips …
Continue reading


Lumesse launches new product for the age of the self-directed learner

By John Helmer

Me:time logo and running man imageWe’re really proud to announce the launch of a ground-breaking new product for the self-directed learner, designed to help organisations succeed in today’s fast-changing business environment.

me:time was created and conceived by the Lumesse Learning team following an extensive process of consultation and research into the needs of learners and learning professionals. Employees are increasingly taking control of their own learning, and at the same time organisations are discovering that nurturing and supporting a culture of self-directed learning increases their ability to survive and thrive.

Offering a consumer-style experience, me:time puts the needs of self-motivated learners first, giving instant, anywhere access to curated learning supported by AI-driven recommendations. A system of credits allocated by the organisation gives learners full control over their personal me:time budget.

Andrea Miles, General Manager for Lumesse Learning, said: ‘me:time represents a radical rethink in learning control and choice, freeing the learner to self-serve. We’re passionate about this new approach because we think it can contribute massively to the wellbeing of employees. Organisations, too will benefit as they know they need to encourage continuous learning in the face of increasing demands to be nimble and smart, and meeting the challenges of talent retention and mobility. We’re incredibly excited about what we’ve created and look forward to introducing it to all our valued clients and to progressive players across all sectors.’

me:time key features:

  • Focused on individual needs and goals
  • Instant, anywhere learning
  • Credits-based subscription system
  • AI-driven personal learning recommendations
  • Wide-ranging curated content from world-leading providers
  • Consumer-style experience and brand

Find out more on the me:time website:
www.metimelearning.com


Financial advice the Amazon way

By Mark McClelland

Financial adviceFinancial advice for consumers is not a happy place. Government and regulators are trying their best to improve the market and safeguard individuals’ finances. But the industry seems to doubt progress.

A major review – the Financial Advice Market Review (FAMR) – was launched by HM Treasury and the Financial Conduct Authority (FCA) two years ago. They wanted to ensure that the financial advice market was working properly for consumers – delivering affordable and accessible advice. The issue was urgent after big changes such as the government pension reforms which means people could access all the cash from pension pots previously locked away.

Continue reading


8 pointers for learning enablement

By Carole Bower

How do you ‘enable’ learning? That’s a question that many Learning and Development people are asking right now as they strive to become “invisible” – a term Bersin uses to describe “a mind-set and approach that enables and assists learning wherever and whenever it occurs in an organization”.

invisible L&D

Self-directed learning, invisible L&D and learning enablement are all big themes for Lumesse right now. In the latest edition of The Curve magazine, I wrote about how organisations are shifting from a top-down learning approach to the enablement of self-directed learning, and our recent Think Tank event revealed that the organisations we invited had a consensus view on the validity of an invisible L&D function (as long as the importance of L&D was acknowledged and the results were not invisible!).

The Curve: issue 4

So back to the big question – how can L&D switch their focus from creators and distributors of learning to the enablement of learning, where the impact is definitely felt?

Continue reading


SAR: new guidance from the Information Commissioner

By Mark McClelland

SARAn updated code of practice promises to make life tougher to comply with data protection law.

The new guidance from the Information Commissioner – the UK’s independent data protection regulator – makes it clear that there is a ‘high expectation’ that organisations should be providing information in response to a subject access request (SAR).

Changes have been put in place to reflect recent case law. The burden of proof will be on data controllers – those enterprises that hold personal information about individuals – to show that they took all reasonable steps to comply with the SAR.

The guidance from the Information Commissioner’s Office (ICO) does say that data controllers are only required to carry out ‘a reasonable and proportionate’ search for personal data.

These changes are significant and are set to impact virtually every organisation of any size in the UK. The ICO says that it has more than 400,000 registered data controllers on its books.

So every one of those 400,000 needs to individually work out what the updated guidance means for them. The next step will be to set out a strategy for implementing the changes and updating the learning and training of their staff responsible for data protection.

The Curve: Financial Services Edition

Lumesse has been talking to some of those affected who are raising concerns that the new guidance could lead to a sudden flood of SARs and that the process of responding to those SARs could become more onerous. Those fears are based on two aspects in the updated guidance:

First, that it is good practice for the Data Controller to have an open conversation with the applicant about the information they require. If a complaint were lodged about the Data Controller’s handling of the SAR then the ICO would take into account the level of co-operation shown by the applicant, as well as the willingness of the enterprise to hold a conversation.

Secondly, the applicant’s motive for making the SAR is irrelevant. Although if there has been an abuse of practice by the applicant then the court could use its discretion not to order compliance.

Allowing individuals to find out what personal data you hold about them, why you hold it and who you disclose it to is seen as fundamental to good information-handling practice. The right, now known as ‘subject access’ is set out in section 7 of the Data Protection Act 1998.

While many think of SARs coming from customers or users (such as patients in the NHS), they can also come from employees and ex-employees. Indeed it was on the employee/employer area where recent case law focussed.

The Court of Appeal gave judgement in the first half of 2017 in three cases which should be helpful to employers in giving more precise scope of their obligations in responding to SARs from employee/ex-employees. The Appeal Court said that a SAR could come via social media or email it did not need to be a request made in a letter; employers cannot refuse SARs simply because they believe they are fishing expeditions gathering evidence for litigation; but a SAR could be refused if its sole purpose was to antagonise.

The judgement confirmed that a SAR requires employers to carry out a ‘reasonable and proportionate’ search for personal data. While that may put some limit on the time and expense lawyers are saying that a proportionate search may still be extensive, particularly for large employers. So arguing that a potential search is not proportionate will not provide an easy get out.

Where an employer receives a broad and generalised request for all personal data which might be many documents, the employer should not refuse to comply. Instead they should first seek to clarify the specific data required, for example by asking for a date range and names or subject headings to search. In other words back to that conversation. And data controllers have to bear in mind that when they receive a SAR the clock starts ticking: they have 40 days to comply with the request.

And while organisations are still coming to grips with this latest updated guidance from the Information Commissioner, they should be aware that more changes are coming down the tracks.

Data Protection reforms the government announced in August 2017 set out a whole raft of measures to keep data protection relevant in today’s internet economy. This includes a promise to improve data access even further with individuals promised that they will find it easier to find out what personal data an organisation holds about them at no charge. Although organisations will not have to comply if the request is ‘manifestly unfounded or excessive.’

The Government envisages that in years to come Data Controllers will provide better information on how to access information and empower people to take ownership, including ensuring the information is correct.

Now more than ever the correct handling of personal data is becoming a critical issue for enterprises. With changes coming thick and fast everyone concerned with handling data needs to be up to date with data protection law and regulations.

All this has huge ramifications for those who handle personal data every day.

While off-the-shelf learning solutions may cover a lot of ground, enterprises also need to think how best to engage the workforce to ensure the right level of awareness on the bespoke specific learning that data protection compliance is demanding.

For further information and help with SAR please contact Mark McClelland – Key Account Manager Financial Services. mark.mcclelland@lumesse.com / 07774 758717


GDPR: Clock ticking for implementing new data protection rules

By Mark McClelland

Many European companies face a race against time to comply with stricter rules on dealing with customer data that will come into force next Spring. Failure to comply with the new rules – set out in the European Union’s General Data Protection Regulation (GDPR) – would far outstrip the cost of investment in providing staff with the learning they need, yet many organisations have not yet put the necessary training in place.

From May 2018, firms who breach the new data laws face a maximum fine of 4% of the previous year’s annual global turnover or €20 million, whichever is the higher. The implementation of updated data rules is happening at a time when serious data breaches have caught out well-known companies across different sectors. But recent research by data management consultancy Consult Hyperion suggests that financial institutions are particularly at risk. The consultancy is estimating that the fines levied by the new regime could reach €5 billion in the first three years.

With many organisations so unprepared for the introduction and with time running out, L&D professionals should be looking to see how they can ensure employees have the knowledge they need. However, since GDPR is all about making a change in attitudes and behaviours – how can they make sure the training they introduce is not just a box-ticking exercise that fails to have any effect on what people actually do?

Data Protection

Gamification boosts engagement with compliance learning

At Lumesse we have helped many firms successfully comply with the increasing amount of complex regulation organisations find coming at them in sectors like financial services. And we have found gamification approaches to be highly successful in getting learners to engage with what can often be a fairly dry subject matter such as GDPR.

Gamification helps practice real-life situations and challenges in a safe environment and can provide:

  • A better learning experience where learners can have a good time yet still learn because the engagement is high
  • Behavioural change, especially when combined with scientific principles of spaced repetition

These aspects that touch and impact learners can create a significant performance gain for the organisations, helping to ensure they can comply with the new data protection regulations. And a gamified approach does not necessarily have to mean longer lead times – which is crucial, given the urgency GDPR will have for many right now, and the May 2018 deadline.

Lumesse_Compliance_Training_Game

GDPR and financial services

Our recent conversations with financial services companies suggest that working on GDPR is becoming an urgent task that they know they have to tackle.

And those conversations are backed up by a recent survey from Computer Weekly which suggests that more than half of financial service companies are prioritising data protection regulation as they realise that the clock is ticking down on the 28 May 2018 deadline.

But while 52% of organisations may be starting to gear up, it means that a significant majority risk being caught by surprise and so poorly prepared.

So what is GDPR all about?

The objective of GDPR is to strengthen data privacy and protection for all EU citizens. It looks to do that by placing new obligations on organisations.

These include:

  • Having to build privacy into systems by design – and switched on by default
  • Conducting regular privacy impact assessments
  • Implementing stronger consent mechanism – particularly when processing data that relates to or pertain to minors
  • Following stricter procedures for reporting data breaches and
  • Documenting use of personal data in far more detail than before

Just one of these would be a big enough IT, compliance and learning challenge. Taken together it represents a significant risk which needs to be urgently addressed to avoid GDPR becoming overwhelming.

Alongside adapting processes and systems in line with the new regulation, organisations need to ensure that those responsible for data and data processing understand the overall objectives of GDPR and understand the system and process changes their business has made in response.

With the rise of modern IT management practices – notably the use of the Cloud – companies must be aware that it is not just their own processes and system that must be compliant.

They also have to monitor the progress of GDPR compliance by IT suppliers.

This is an especially key factor in the financial services sector, where over the last few years firms have become increasingly reliant on IT service providers, including cloud suppliers.

While GDPR does represent an enormous change, it should provide opportunities as well for organisations in the long run; currently Europe has a mish-mash of different European regimes. But from May 2018 the plethora of individual country data protection regimes will be replaced by a harmonised approach.

However, companies also need to be aware that the new regime applies to organisations across the world. Any company that processes personal data on EU citizens whether they reside in the EU or elsewhere in the world will need to comply by the GDPR.

With exchange of data across the globe increasing as part of international trade, companies from elsewhere in the world doing business with the EU need to be aware of these regulations.

Trade partners will want to ensure that the GDPR regulations do not hinder their ability to market and sell their products and services in the EU.

The new international aspect of GDPR adds another dimension of GDPR compliance. Companies which may never had heard of the EU’s data protection laws may need to be compliant.

With so many aspects to consider and with the GDPR deadline fast approaching, companies may be tempted to look for an off the shelf (OTS) learning solution. And while OTS can be effective in many situations this may not work for GDPR because of the many differing ways of storing, handling, manipulating and using personal data.

Whatever strategy is best for GDPR compliance learning, companies need to be setting the direction now. Whether in the end firms decide to buy or to build, Lumesse can offer support and advice for either path. We already work with some of the leading global financial services organisations including Barclays, Lloyds Banking Group and Metro Bank and therefore have a strong understanding of the sector.

This is the biggest overhaul of data protection law in 25 years; it is vital to get it right!

 

For further information and help with GDPR please contact Mark McClelland – Key Account Manager Financial Services. mark.mcclelland@lumesse.com / 07774 758717