0

0800 435 772

The Role of the Data Protection Officer under GDPR

New Full-day course  |  6 CPD hours

£ 329 +VAT per person

£329 +VAT
per person

This course can be presented in-house at your premises. You can find out more about our in-house training here.

If you would like to make an enquiry simply fill in the quick contact form below and a member of our in­house team will be in touch shortly.

Fields marked with an * are mandatory

Home > Courses > The Role of the Data Protection Officer under GDPR

The Role of the Data Protection Officer under GDPR

Full-day course

Course prices:

Classroom: £329 +VAT per person

Course overview

One of the least understood aspects of the new EU General Data Protection Regulation (GDPR) is the mandatory requirement for many organisations to appoint a Data Protection Officer (DPO). There are very specific rules regarding the role and the requirement applies to many more organisations than originally thought. Many organisations that are not mandated to appoint a DPO are choosing to do so or creating an equivalent role. Not appointing a DPO when required to do so is a breach of the GDPR and could result in a substantial fine.

During this practical and comprehensive full-day course, our expert presenter will explain everything you need to know about the DPO requirements and how they apply to your organisation. The course will also clearly explain where the DPO should fit in the organisational structure, what you need to consider when appointing and the duties of the DPO as set out in the GDPR. It will guide you through the best practice principles, not just for the DPO but for anyone acting as the data protection lead in their organisation.

Our expert presenter will demonstrate how to produce a Data Flow Map and how to conduct a Data Protection Impact Assessment. The course is illustrated with practical, real-world examples that help to demonstrate how a DPO should handle the numerous challenges associated with the role.

What will you learn?

  • What are the key definitions under GDPR?
  • What are ‘special categories’ of personal data?
  • What is the background to the GDPR DPO requirement?
  • Which organisations must appoint a DPO?
  • Should you appoint a DPO, even if you are not required to do so?
  • What is defined as a Public Authority or body?
  • How can you decide whether the scale of data you handle is large enough to fall within scope?
  • How can you determine whether your data processing activities constitute ‘regular and systematic’ monitoring?
  • Which data processing activities are ‘core’ and ‘ancillary’ and why is it crucial to know the difference?
  • Who can and who cannot act as a DPO?
  • What are the options for using an external consultant or agency as your DPO?
  • What support and protections must an organisation provide to their DPO?
  • What qualifications must a DPO hold?
  • What experience should a DPO have?
  • If you already have a DPO, how can you be sure they meet the minimum criteria set out by GDPR and can therefore legitimately continue in their role?
  • To whom should the DPO report and how do they fit into the organisational structure?
  • What are the DPO’s general responsibilities?
  • What are the DPO’s responsibilities in relation to data mapping and what techniques are available?
  • What is the DPO’s role in conducting Data Protection Impact Assessments?
  • What are the DPO’s specific responsibilities regarding training and education?
  • How can a DPO create a data protection culture?
  • What obligations does a DPO have to customers, clients or business partners?
  • What procedures need to be in place to effectively deal with Data Subject’s exercising their rights?
  • What does GDPR say about the relationship between the DPO and the Information Commissioner’s Office?
  • How should a DPO deal with requests from the ICO?
  • How might other duties of a DPO create a conflict of interest?
  • Who should be responsible for developing your organisation’s data protection policies and procedures?
  • What policies and procedures should an organisation have in place as a minimum requirement?
  • What are the DPO’s specific responsibilities regarding security and data audits?
  • What must a DPO do in the event of a data breach?
  • What are the new penalties for a data breach under GDPR?
  • What are the personal liabilities of the person holding the office of the DPO?

Who needs to appoint a DPO?

Under the GDPR, you must appoint a data protection officer (DPO) if you:

  • Are a public authority or body, including schools, academies, libraries, utility companies and many more
  • Carry out large scale processing that requires systematic monitoring of data subjects
  • Carry out large scale processing of sensitive data (such as health, religion or race) or data relating to criminal convictions and offences

Even if you do not fall under one of the above categories, you may still wish to appoint a DPO or data protection co-ordinator, as you are still required to ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.

Who should attend?

This course will help those who aspire to the role of DPO as well as those who need to understand why and how they should recruit a DPO for their organisation. It will also benefit those acting as the data protection lead for their organisation, even if they are not legally required to appoint a DPO.

Extra benefits

  • course pack containing the information presented on the day
  • certificate of attendance
  • A DPO checklist to help you confirm your compliance with the GDPR requirements.
  • Complimentary refreshments and lunch provided

Course presenters

  • Peter Blenkinsopp

    Peter is a highly qualified privacy professional with a background in law, technology and business.  He has helped many organisations across the globe to successfully deliver business change within heavily regulated environments.  He runs his own consultancy practice specialising in helping companies achieve data privacy compliance. He holds an LL.B and LL.M along with professional certifications from the International Association of Privacy Professionals (IAPP).

Course dates