Data Protection, GPDR & PECR Regulations

A one-day workshop on Data Protection and The GDPR / PECR regulations including advice and guidance on updating your own policies and procedures.

Update training on Data Protection in 2018/19 is essential for all managers, HR teams, staff, volunteers and ITC/data specialists alike. Firstly, because the amount of confidential data that goes astray each year remains worryingly high and secondly because the General Data Protection Regulations (GDPR) now place the UK under some of the most stringent data protection rules in the world; and the penalties for non-compliance are huge.

It has been estimated that The ICO fines on UK business of £880,500 in 2016/17 would have been closer to £69 Million under the GDPR. Compensation settlements, bad publicity and the loss of valuable data increase the real cost of the penalties still further.

The stringent GDPR and the penalties for breach mean all businesses and organisations that use or store data about individuals need to ensure management and staff remain aware of data protection and embed it in everything they do. No organisation can afford to ignore or get data protection wrong. Data Protection covers every employer and every organisation. Staff and volunteer training has to be routine (Concrew Training recommends refresher training at least every two years) and far more than just securing signatures or having policies in a glossy handbook.

This one-day course reminds participants of the importance of safeguarding data, updates them on the latest legislation and helps them consider what they need to do, individually, to meet it

For Whom
The course is suitable for representatives from all businesses and organisations and at all levels. When delivered as a bespoke in-house workshop we can tailor content to include and reflect on your existing policies.

We also offer a condensed version of this course as a half-day refresher training option for those who have received training on the GDPR recently.

Aims and Objectives
The course provides a stimulating and lively introduction to, or refresher training on, Data Protection. It brings participants up to date with the current requirements for data protection and provides an opportunity for participants to consider what they need to do meet it. Participants return to their job roles with a raft of ideas for improving performance.

Delegate Feedback


  1. Data Protection – General Principles
    The first section of the course explains the key principles and practice that underpin effective Data Protection. The rationale behind it and its links to other laws governing the employment of staff and provision of services in the context of handling and processing data are explained.
  • The Data Protection Act and Data Security
  • The 6 principles of the Data Protection Act and Links to other Legislation
  • Defining what is meant by “personal data”
  • Defining and exploring the roles of the: –
  • Data Controller and Processor
  • Data Subject and Users, including Secondary Data Subject
  • Information Commissioner
  • Role of an Internal Data Compliance Officer
  • Defining “processing” and “fair processing”
  • Considerations that need to be addressed for fair and legal processing
  • Sensitive data and the different considerations that need addressing
  • Data security issues -organisational & technical
  • Securing and Evidencing Consent
  • Individual rights and responsibilities
  • Current Sanctions, Fines and Penalties

2. The General Data Protection Regulations (GDPR) – In Greater Detail
The GDPR regulations are explored in more detail. Starting with a new Definition of “Personal Data”. Participants work through the following menu of topics.

  • Controllers and Processors – Requirements
  • Technical and organisations measures
  • Fines and Enforcement
  • Data Protection Officers – 5 key tasks & 4 jobs
  • Rights and Powers
  • Appointment Arrangements
  • Privacy Management
  • Privacy by Design
  • Privacy Practice
  • Data Sharing Agreementswith Cloud Service Providers
  • Record Keeping
  • Consent – Definition & Implications
  • Information Provided at Data Collection
  • Who needs to be told what and when
  • Profiling
  • Processing data and determining criteria about persons
  • Opting Out
  • Legitimate Interests & Direct Marketing
  • Breach & Notification
  • Destruction and alteration of data
  • Notifications – Breaches & Exceptions
  • Data Subject Access Requests
  • The Right to Data Portability
  • Retention & The Right to be Forgotten

2.1 PECR and the pending ePrivacy Regulations

Session 2 also outlines the PECR (Privacy and Electronic Communications Regulations) that supplement the GDPR and the new ePrivacy regulations that are planned to replace them. The implementation date for the new regulations is still to be finalised but most organisations benefit from being more aware of what is being considered, this includes for example:

  • Wider communication platforms such as social media
  • Marketing via electronic means
  • The use of cookies
  • Security of public communications services
  • Privacy of customers using communications services
    • location data, itemised billing, caller ID, call return
  • How it applies to organisations providing customer WiFi access
  • Extended protection against spam
  • More effective enforcement

Delegates Organisational Data
The workshop also provides an opportunity for participants to review their own organisations data protection policies and procedures, to raise question and receive answers, guidance and sign posting to further sources of support and help

Follow on Training
Participants may also be interested in our follow on course on
Privacy Impact Assessmentsand/or more detailed training on the PECR