An Introduction to Data Protection incorporating GDPR
Course Objectives
In May 2018 the new European framework for data protection laws were implemented in the UK, replacing previous legislation which was based upon the 1995 data protection directive.
A new Data Protection Bill was prepared by the UK government which incorporates the General Data Protection Regulations (GDPR) being implemented across Europe and is being heralded by the Information Commissioner's Office as being an 'evolution' of Data Protection.
This one day course provides delegates with an understanding of data protection, the eight principles enshrined within the UK's Data Protection Act, the purpose and effect of those eight principles as well as providing practical examples to demonstrate how those requirements are met. This course will also provide delegates with information about how GDPR has changed how personal data can be used by organisations after 25 May 2018.
Contents
This one day DPA programme has been specifically designed to allow participants to:
- Understand their requirements under the DPA;
- Be able to assess their current compliance standards against best DPA processing practice, policies, procedures and protocols;
- Develop effective auditable DPA processing practices that include:
- a. Subject Access Request handling;
- b. Third Party Request handling;
- c. Information sharing agreements;
- d. Compliant review and complaint handling procedures; and,
- e. Higher Level review and decision-making.
- Understand the need to align DPA Policies and processes with supporting Data Retention and Disposal, Records
- Management, Information Security, Communications, Remote Working, and IT Policies
- CCTV and the DPA and the Regulation of Investigatory Powers Act.
Programme contents will include the following:
- An introduction to the DPA
- The impact of GDPR on UK Legislation from May 2018
- ICO registration and compliance
- An understanding of the 8 DPA Principles
- What is personal data?
- Key roles and responsibilities
- The basics of processing: What is; What it requires; The necessary process, procedural and protocol compliance requirements
- Understanding data states; processing, transportation, transmission, remote storage
- Dealing with: Subject Access Requests; Third Party Access Requests; Sharing of Information; Complaints and Reviews
- The geographical limits of the Act
- The relationship of the Act with the Freedom of Information Act and Environmental Information Regulations
- Owners of small to medium or larger enterprises who are involved in business export
- Those who handle business closures or receivership
- Directors, Managers and those who are responsible for any part of the processing of personal or sensitive personal data.
- Those who directly respond to Subject Access Requests
- Those who manage DPA related complaints and review processes
- Those responsible for CCTV activities and respond to requests for recordings
- Marketing and customer facing staff who process or gather third party data.
Course benefits
- Peace of Mind
- Enhanced governance and resilience
- Policy and procedural compliance
- Cost savings due to effective processing and reduction in DPA related complaints
- Effective and robust audit trails that aid informed decision making
- Robust aligned and trackable policies
- Enhanced employee knowledge
- Role responsibility and competency
Additional information
Additional Programmes Available
- Compliance Skills for Data Protection Professionals
- How to undertake an effective DPA audit
- The Role of the Data Controller: Your Rights, Your Responsibilities!
- The Role of the Data Manager
- Developing an Effective and Compliant DPA Policy
- Imbedding compliant DPA Organisational Culture Change
Certificates
All delegates who successfully complete this course will be provided with a certificate of attendance.
Trainers background
The trainer for this course works internationally, predominantly in the US, Canada and the Middle East and has been successfully delivering Data Protection and Freedom of Information based training programmes internationally for the last 16 years. He has specific expertise in developing operational process diagrams based around information security and in conducting penetration testing on data storage and disposal.
