The General Data Protection Regulation (GDPR) is a big change to Data Protection law, and it came into force on May 25th 2018. With new rights for data subjects and new duties for data controllers, the GDPR is Data Protection redesigned, revived and reinforced. It might be evolutionary rather than revolutionary, with a close relationship to the 1995 Directive, but even if you’re up to speed with Data Protection now, the GDPR presents real challenges for most organisations. In addition, the Data Protection Act introduces specific changes to exemptions, the use of special categories of data, criminal records and law enforcement.
There are a variety of challenges:
Legitimate interests – how do you demonstrate that your interests are legitimate, given the likelihood of challenge?
Consent – is what we’re doing enough to get meaningful consent?
Fairness – are we being upfront and honest about how we’re using personal data?
Profiling – are you using automated techniques to make decisions about people?
Subject access – what do you have to provide and how far do you have to go to find it?
Right to be forgotten – how do you determine what an excessive request might be, and how will you track down all the data that you should be deleting?
DP by design – what does that mean in practice, and how do you deliver on it?
Impact assessments – how do you identify the relevant projects, and how you do realistically assess the risks?
Breach reporting – how do you identify a breach, how do you know whether to report it to the ICO, and what do you do then?
2040 Training can help you. There are a number of different options on offer, but none of these courses are off-the-peg. You can decide what you want the course to cover, and we will adapt it for the intended delegates.
One day GDPR overview – the A-Z of GDPR
Half-day GDPR introduction – the GDPR survival guide
Key messages for senior management
GDPR for Human Resources
Data Protection Rights demystified
How to be a Data Protection Officer
How to create a Data Protection by Design approach
Courses can be tailored for data controllers and data processors of all sizes – organisations can also work together and book a joint course.
As well as training courses, other services include:
Adequacy audit of policies and procedures in comparison with the GDPR requirements
Policy drafting and implementation support
Preparing a culture of impact assessment and Data Protection by design