• The scope of GDPR and key definitions
• The Data Protection Principles
• Legal basis for processing
• The Privacy and Electronic Communications Regulations
• Rights of the Data Subjects
• Data Protection Impact Assessments
• Data breaches: responding and reporting
• The role of the Data Protection Officer
• International data transfers
• The role and powers of the Information Commissioner
• Covid-19

This course will benefit any staff working in HR, IT, compliance, operations and finance, as well as legal advisors, marketing professionals, company secretaries, directors and anyone with a responsibility for managing data or advising on data protection issues.

• Why is privacy and data protection important? What is its purpose?
• What is the relationship between the GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations and other legislation?
• To whom does data protection law apply? Who is protected and who must comply?
• What are the consequences of leaving the EU on UK data protection law?
• What constitutes processing of personal data? How can you tell which information you collect falls within the definition of personal data?
• Which categories of personal data require special treatment?
• What is the difference between a data controller and a data processor?
• What information must be included on a Privacy Notice and why must you have one?
• How long is it appropriate for you to retain personal data?
• Why is the principle of ‘accountability’ so important to GDPR?
• Which policies, procedures, records and registers can help you to demonstrate accountability?
• What is the difference between Privacy by Design and Privacy by Default?
• What are the six legal bases for processing personal data? How does the basis you choose affect the rights of data subjects?
• Do you need to include data processing activities in all your contracts?
• What are the new rules on consent and when is it appropriate to ask for it?
• How and why may you process personal data without relying on consent?
• How does PECR restrict your use of email, text and telephone calls for marketing purposes?
• How do you distinguish between individual and corporate subscribers and what are the different constraints on marketing to them?
• What rights do data subjects have and how can they be exercised?
• What is the right to be forgotten? What should you do if someone asks you to erase all data you hold about them?
• What is meant by automated decision making and profiling?
• What are the implications of the new right to claim compensation? How can you protect your business from compensation claims?
• On what grounds may you refuse to comply with the request of a data subject?
• When must you undertake a Data Protection Impact Assessment and how should it be done?
• What constitutes a personal data breach and to whom must it be reported? What should be recorded on a data breach register?
• Who must appoint a mandatory Data Protection Officer? What are tasks involved and skills required?
• Who can and cannot be appointed as a DPO?
• If you transfer data internationally, what safeguards must you put in place?
• What are your obligations to the Information Commissioner?
• What powers does the ICO have to enforce data protection law and investigate potential data breaches?
• What are the new fines and penalties the ICO has at its disposal?
• What is the new charging scheme for registration with the ICO?
• What do you need to do when collecting personal information regarding Covid-19?
• What are the data breach threats created by working from home during the pandemic?

• A course pack containing the information presented on the day
• A toolkit of checklists to help you implement your policies and procedures.
• A certificate of attendance
• Complimentary refreshments and lunch provided

• Keith Dewey

  Keith is a well-established information security and data protection practitioner, with extensive experience in training, public speaking and consulting.

  He has held CISO and DPO roles at large UK companies, and worked across a range of industries including financial services, utilities and real estate. Keith is also a Certified EU GDPR Practitioner, has a Certificate in Information Security Management Principles (CISMP) and passed the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) exams.