The course will answer the following questions...

• How does GDPR and PECR apply to UK marketers after Brexit?
• What powers does the Information Commissioner have to enforce against businesses that break data protection rules with their marketing practices?
• How high could the penalties be for your business?
• Controllers v processors: who is responsible for what?
• How does the law apply when working with partners overseas?
• How do the core data protection principles apply to marketing practices?
• What should be included in your privacy notices?
• What legal basis can be used for using personal data for marketing purposes?
• How important is ‘consent’ for marketing to existing or prospective customers?
• What records and documents do you need to keep as evidence of compliance?
• What tools are available to help you demonstrate full accountability?
• What rights do the people to whom you send marketing materials have with regard to their personal data?
• How much information must you give to people who demand access to their personal data held by you?
• What are the rules regarding sharing personal data with third parties?
• What are the risks inherent in transferring data to another country?
• What measures must you put in place when transferring personal data to another country?
• How are the rules for marketing business-to-business and business-to-consumer different?
• What additional rights are conferred by the Privacy and Electronic Communications Regulations?
• Who can you send marketing emails to and who can you not email with promotional messages?
• What restrictions are in place on making marketing telephone calls?
• What consideration do you need to give to personal data use when using social media marketing tools?
• What does the law say about using cookies and advertising technologies?
• What powers and sanctions are available to the Information Commissioner?
• How may enforcement actions change the way you carry out your marketing activities?

Anyone involved in the marketing operations or responsible for the collection or use of personal data or database systems that may be used for marketing. It will also benefit anyone responsible for GDPR/PECR compliance or in a senior role with responsibility for compliance.

• A course pack containing the information presented on the day
• A certificate of attendance

• Keith Dewey

  Keith is a well-established information security and data protection practitioner, with extensive experience in training, public speaking and consulting.

  He has held CISO and DPO roles at large UK companies, and worked across a range of industries including financial services, utilities and real estate. Keith is also a Certified EU GDPR Practitioner, has a Certificate in Information Security Management Principles (CISMP) and passed the Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) exams.