GDPR / FOI Courses

You could go on another company’s dull, mediocre course presented by some tedious person in a suit. Or you could stay here and book now. Your choice. Any of the courses listed on this page can be adapted for an in-house session, and you can pick and choose topics to make up a full or half day at your location.

If you would like to book a course, click here: BOOKING FORM


  • All courses are £275 + VAT.
  • all courses start at 10am, finish at 4pm and include lunch and course materials, as well as access to template policies, guidance and useful links via the 2040 website (specific materials vary from course to course)
  • LONDON: 5 minutes from Chancery Lane tube on the Central Line
  • EDINBURGH: 5 minutes from Waverley Train Station in the Old Town
  • BELFAST: Central location with parking
  • MANCHESTER: 5 minutes walk from Piccadilly Station

Belfast, 5th December 2019 + London, 9th December 2019
What better way to celebrate the festive season than a deep dive into how to identify and deal with security and other incidents? Find out what to do about reporting to the Information Commissioner, and what the enforcement implications are. We’ll also be looking at the role of representations (and the way in which the ICO has mishandled this stage of the process). This course is unapologetically to explore why some organisations get fined and others don’t, and how to make the Commissioner blink first. Breaches happen, and while you should clearly try to avoid them, this course is to help you when things go wrong. You’re not perfect, so what do you do when the fan meets something you wish it hadn’t?

Edinburgh, 25th November 2019 + London, 13th January 2020
Data sharing is often perceived to be the most complex and difficult of DP issues, but the legislation doesn’t see disclosure as being any different to other forms of processing. There are pitfalls, especially if the data will be re-purposed or where you might need to disclose confidential or sensitive data. This a practical, plain English guide to ensuring that disclosures are lawful and justified – as well as details of how the DPA exemptions apply and what the rules are for special categories data, the course also covers data sharing agreements, data processors and disclosures across International boundaries. Book now!

Returning in 2020
Special two-part course dealing with two vital activities to assist with effective and efficient compliance with the GDPR. In the morning, a practical workshop dealing with how to carry out a Data Protection Impact Assessment, and in the afternoon, a guide to setting up and running a GDPR audit of your organisation (or a client’s). Attendees receive a guide on when to run a DPIA and a GDPR audit guide.
For more information, click here: GDPR DPIAs

Manchester, 6th December 2019
Returning in 2020
Especially if you’ve been thrown in at the DP deep end, being a DPO is a daunting prospect. How do you know when information can or should be disclosed? When should you report an incident to the Information Commissioner? What does avoiding conflicts of interests mean, and in a small organisation, how do you avoid compromising your independence? What happens when your organisation just won’t comply? This is not a classic DP A-Z course – How to Be A DPO is about developing the skills to be an effective and efficient DPO. You will learn how to decode GDPR and DPA 2018, what to use and what to ignore, and how to give the best advice.

London, January 14th 2020
Everything you need to know about subject access and other rights like the right to be forgotten and objection. Course includes understanding the effect of the DPA 2018 exemptions and the impact of recent court cases like Dawson-Damer vs Taylor Wessing. Does old case law still apply? Can we refuse a request because of why the person asked? Does GDPR have a ‘vexatious’ exemption? All these questions and more will be answered. This course will help you put together a robust and effective programme to deal fairly and sensibly with rights requests of all shapes and sizes.

Returning in 2020
Contact 2040 to express an interest in this course
The Data Protection Act 2018 is a monster – hundreds of pages of complex sections and schedules, doing several different, overlapping jobs. It makes the GDPR work, it applies GDPR to areas that wouldn’t otherwise be covered, and contains specialised provisions for law enforcement. When wading through all of it, the most important question is this: WHAT DO WE HAVE TO DO? This plain-English course focusses on the practicalities – when will you need a policy document? Who is covered by the law enforcement provisions? How do the exemptions work? Where is the old DPA Section 29? Cut through the legalese and join this course to find out what the law is really about. This course will be fully Brexit-proofed – assuming we know what deal has been done, the course will explain how the GDPR and DPA will change.

Returning in 2020
Struggling to work out what the GDPR is about? Looking for a clear guide to what practical steps you need to take to keep yourself off the ICO’s radar? This is the course for you – a crash course into the practical steps you need to put in place. Nobody will be fully compliant with GDPR overnight, but there are a host of sensible steps you can take. Book now to find out more.
If you would like to book a course, click here: BOOKING FORM