SmashBurgers is a new company, opening up restaurants across the West of England to serve their trademark CheeseBomb and StickyChicken burgers. They’ve gone from a single van shovelling junk food to festival attendees to 15 sites and more to come by taking over Big Dog, a failing hot dog chain. They’ve got hundreds of staff, thousands of customers on their mailing list, payment details, CCTV images and a whole bunch of other data sources. Unfortunately, the inexperienced owners have got no idea how GDPR and PECR work, so even more unfortunately, they hired notorious data protection chancers ‘Dial A DPO’ to advise them.

Following an unfortunate incident where the SmashBurgers website was hacked by an animal rights collective, the company has been investigated by the Information Commissioner’s Office. ICO took no action (no surprise there), but a kindly case officer has tipped off the owners that their policies and procedures are very weak and their ROPA is useless.

You work for ‘Get Data Protection Right’, a well-known and highly respected DP consultancy; SmashBurgers wants your help. They want to know how to put together a sensible approach to managing staff and customer data. The ‘Dial A DPO’ team’s work is pretty useless, so you’re more or less starting from scratch. So what do you do? Join your fellow participants to plan out a Record of Processing Activities and other policies to make SmashBurgers’ compliance as tasty as their Belly Busting Bacon Burger.

Book by clicking below: it’ll open up an email, so just tell me who you want to attend and how you want to pay.