The General Data Protection Regulation (GDPR) is the biggest change to Data Protection law in a generation, and it comes into force on May 25th 2018. Any doubts about GDPR’s implementation have been brought to an end with clear confirmation from the Department for Culture, Media and Sport that the GDPR will apply in the UK. With new rights for Data Subjects, massively increased monetary penalties and a raft of new duties for data controllers, the GDPR is Data Protection redesigned, revived and reinforced. It might be evolutionary rather than revolutionary, with a close relationship to the 1995 Directive, but even if you’re up to speed with Data Protection now, the GDPR presents real challenges for everyone.

There are a variety of challenges:

  • Legitimate interests – how do you demonstrate that your interests are legitimate, given the likelihood of challenge?
  • Consent – is what we’re doing enough to get meaningful consent?
  • Fairness – are we being upfront and honest about how we’re using personal data?
  • Profiling – are you using automated techniques to make decisions about people?
  • Right to be forgotten – how do you determine what an excessive request might be, and how will you track down all the data that you should be deleting?
  • DP by design – what does that mean in practice, and how do you deliver on it?
  • Impact assessments – how do you identify the relevant projects, and how you do realistically assess the risks?
  • Breach reporting – how do you identify a breach, how do you know whether to report it to the ICO, and what do you do then?


2040 Training can help you. There are a number of different options on offer, but none of these courses are off-the-peg. You can decide what you want the course to cover, and we will adapt it for the intended delegates.

  • One day GDPR overview – the A- Z of GDPR
  • Half-day GDPR introduction – the GDPR survival guide
  • Key messages for senior management
  • Short briefing for elected members
  • GDPR and Human Resources
  • Dealing with subject access, Right to be forgotten and other rights
  • How to be a Data Protection Officer
  • Profiling and monitoring

Courses can be tailored for data controllers and data processors of all sizes.

As well as training courses, other services include:

  • Adequacy audit of policies and procedures in comparison with the GDPR requirements
  • Compliance audit
  • Policy drafting and implementation support
  • Preparing a culture of impact assessment and Data Protection by design


Sample course agendas are available on request – contact 2040: