A one-day workshop on Data Protection and The GDPR / PECR regulations including advice and guidance on updating your own policies and procedures.
Update training on Data Protection in 2019/20 is essential for all managers, HR teams, staff, volunteers and ITC/data specialists alike. Firstly, because the amount of confidential data that goes astray each year remains worryingly high and secondly because the General Data Protection Regulations (GDPR) now place the UK under some of the most stringent data protection rules in the world; and the penalties for non-compliance are huge.
Whilst most of the headline news around GDPR/PECR relates to data breaches analysis of action and fines by the Information Commissioners Office (ICO) shows that most breaches are down to human error; poor understanding of data protection laws and good practice, bad judgments and naivety remain common place drivers behind breaches.
Those who take the position that it doesn’t apply or won’t happen to me should take notice that the fines and penalties individuals and smaller companies have incurred.
At a company level fines for filming in a maternity clinic, sharing customer data, ignoring TPS data have all generated large fines. Even simple business practice such as asking employees to share mobile devices, phones/tablets/computers etc, leaving filing cases unlocked or collating waste paper prior to shedding all pose risks under the GDPR.
In simple terms to be safe every business/organisation/charity/individual needs to understand the General Data Protection Regulation, what is permissible and what is not. Building on this basic knowledge HR teams, Operational Managers and Project Leaders then need to understand how to complete and use Privacy Impact Assessments.
Ultimately meeting the GDPR and PECR requires every member of staff to be trained in data protection with management developing and implementing related policies and procedures including Privacy Impact Assessments for every New Initiative, Project and Assignment. The fines and policing are too onerous not to.
Concrew Training recommends refresher training at least every two years and this needs to be pragmatic and effective not just securing signatures or having policies in a glossy handbook. This one day course on data protection, the GDPR and PECR reminds participants of the importance of safeguarding data, updates them on the latest legislation and helps them consider what they need to do, individually, to meet it
The course is suitable for representatives from all businesses and organisations and at all levels. When delivered as a bespoke in-house workshop we can tailor content to include and reflect on your existing policies.
We also offer a condensed version of this course as a half-day refresher training option for those who have received training on the GDPR recently.
Aims and Objectives
The course provides a stimulating and lively introduction to, or refresher training on, Data Protection. It brings participants up to date with the current requirements for data protection and provides an opportunity for participants to consider what they need to do meet it. Participants return to their job roles with a raft of ideas for improving performance.
- Data Protection – General Principles
The first section of the course explains the key principles and practice that underpin effective Data Protection. The rationale behind it and its links to other laws governing the employment of staff and provision of services in the context of handling and processing data are explained.
- The Data Protection Act and Data Security
- The 6 principles of the Data Protection Act and Links to other Legislation
- Defining what is meant by “personal data”
- Defining and exploring the roles of the: –
- Data Controller and Processor
- Data Subject and Users, including Secondary Data Subject
- Information Commissioner
- Role of an Internal Data Compliance Officer
- Defining “processing” and “fair processing”
- Considerations that need to be addressed for fair and legal processing
- Sensitive data and the different considerations that need addressing
- Data security issues -organisational & technical
- Securing and Evidencing Consent
- Individual rights and responsibilities
- Current Sanctions, Fines and Penalties
2. The General Data Protection Regulations (GDPR) – In Greater Detail
The GDPR regulations are explored in more detail. Starting with a new Definition of “Personal Data”. Participants work through the following menu of topics.
- Controllers and Processors – Requirements
- Technical and organisations measures
- Fines and Enforcement
- Data Protection Officers – 5 key tasks & 4 jobs
- Rights and Powers
- Appointment Arrangements
- Privacy Management
- Privacy by Design
- Privacy Practice
- Data Sharing Agreementswith Cloud Service Providers
- Record Keeping
- Consent – Definition & Implications
- Information Provided at Data Collection
- Who needs to be told what and when
- Processing data and determining criteria about persons
- Opting Out
- Legitimate Interests & Direct Marketing
- Breach & Notification
- Destruction and alteration of data
- Notifications – Breaches & Exceptions
- Data Subject Access Requests
- The Right to Data Portability
- Retention & The Right to be Forgotten
2.1 PECR and the pending ePrivacy Regulations
Session 2 also outlines the PECR (Privacy and Electronic Communications Regulations) that supplement the GDPR and the new ePrivacy regulations that are planned to replace them. The implementation date for the new regulations is still to be finalised but most organisations benefit from being more aware of what is being considered, this includes for example:
- Wider communication platforms such as social media
- Marketing via electronic means
- Security of public communications services
- Privacy of customers using communications services
- location data, itemised billing, caller ID, call return
- How it applies to organisations providing customer WiFi access
- Extended protection against spam
- More effective enforcement
Delegates Organisational Data
The workshop also provides an opportunity for participants to review their own organisations data protection policies and procedures, to raise question and receive answers, guidance and sign posting to further sources of support and help