Data protection law in the UK is about to undergo the most significant changes since the introduction of the Data Protection Act in 1998. The new EU General Data Protection Regulation (GDPR) came into effect in May 2016 and you have until May 2018 to become fully compliant. The government has confirmed that the UK’s decision to leave the EU will not affect the enforcement date. The new law will require significant preparatory work that you should begin now.
This comprehensive one-day course will show you how to comply with the Regulation and what will change from the existing legislation. It will explain the new rules regarding the legal basis for processing, consent, privacy notices, control of personal data, mandatory breach reporting, complaints and penalties. A more detailed breakdown of what you will learn can be seen below.
The new Regulation will impose many legal obligations on organisations that control or process data and will afford new rights to those whose personal data is being held. The financial penalties for non-compliance will be very substantial so it is absolutely vital that your organisation is fully prepared as early as possible.
Who should attend?
This course would be suitable for company secretaries,directors, compliance officers, HR staff, legal advisors, IT Administrators and anyone with a responsibility for managing data or advising on data protection issues. A detailed knowledge of the current law is not essential to attend this course.
Classroom: 09:30 - 17:00
- A Seminar Pack containing the information presented on the day
- An Action Plan setting out the key points to consider that you can take away and complete for your organisation
- A Certificate of Attendance
What Will You Learn?
- How does the GDPR define data controllers, data processors and data subjects?
- What are the new data protection principles?
- What does the Regulation say about transferring data internationally?
- If your organisation operates in more than one country, to which Supervisory Authority should you typically report?
- Why do you need to know and state your legal basis for processing data?
- How must ‘consent’ be obtained under the new rules?
- What is meant by ‘profiling’ and how is it restricted?
- What will need to be included in a Privacy Notice?
- How can you demonstrate that you are processing data fairly?
- When and how should pseudonymisation be used?
- What are the new rules regarding the personal data of children?
- What is data portability?
- What rights do people have to see, change or restrict the use of information held about them?
- What are the new rights to prevent direct marketing or automatic decision-making?
- What is the right to be forgotten and how is it enforced?
- On what grounds may these rights be refused?
- What are the new notification rules in the event of a data breach?
- When must you undertake a Privacy Impact Assessment?
- Does GDPR make the appointment of a Data Protection Officer compulsory?
- How can an individual make a complaint about the use of their data and what remedies are available?
- How must an organisation respond to complaints?
- What are the new financial penalties that can be imposed in the event of a breach or complaint?
- What steps and milestones need to be included in your action plan so that you are ready when the new Regulation comes into force?
Norman is a data protection, IT and payroll specialist. He has recently retired after spending many years as the Legislation and Compliance Manager for the CGI group of companies. He often advises people on payroll and data protection issues. He has been a tutor for the CIPP for over 20 years and is now the Vice-Chair of the BCS's Payroll Group
Orlagh is a Barrister specialising in Data Protection law as well as a Trainer and Consultant on data protection issues and GDPR. She has set up successful businesses in the technology and legal sectors that build upon her extensive experience - including THINK Data Protection, which operates throughout the UK.