Our one-day UK-GDPR and Data Protection Training course is fun and effective. It explains all, including and overview of PECR and ePrivacy.
Update training on Data Protection is essential for all managers, HR teams, staff, volunteers and ITC/data specialists alike.
Firstly, because the amount of confidential data that goes astray each year remains worryingly high and secondly because The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No.2) Regulations 2019, commonly known as the UK GDPR, place the UK under some of the most stringent data protection rules in the world; and the penalties for non-compliance are huge.
Whilst most of the headline news around GDPR/PECR relates to data breaches analysis of action and fines by the Information Commissioners Office (ICO) shows that most breaches are down to human error; poor understanding of data protection laws and good practice, bad judgments and naivety remain common place drivers behind breaches.
Those who take the position that it doesn’t apply or won’t happen to me should take notice that the fines and penalties individuals and smaller companies have incurred. Even simple business practice such as asking employees to share mobile devices, phones, tablets, computers or just leaving filing cases unlocked, collating waste paper prior to shedding all pose risks under the GDPR. Indeed the first fine issued in the UK under the GDPR was £275,000 to a London pharmacy for insecure storage and disposal of patient records.
In simple terms to be safe every business/organisation/charity/individual needs to understand the General Data Protection Regulation, what is permissible and what is not. Building on this basic knowledge HR teams, Operational Managers and Project Leaders then need to understand how to complete and use Privacy Impact Assessments.
Ultimately meeting the GDPR and PECR requires every member of staff to be trained in data protection with management developing and implementing related policies and procedures including Privacy Impact Assessments for every New Initiative, Project and Assignment. The fines and policing are too onerous not to
Concrew Training recommends refresher training at least every two years and this needs to be pragmatic and effective not just securing signatures or having policies in a glossy handbook. This one day course on data protection, the GDPR and PECR reminds participants of the importance of safeguarding data, updates them on the latest legislation and helps them consider what they need to do, individually, to meet it
The course is suitable for representatives from all businesses and organisations and at all levels. When delivered as a bespoke in-house workshop we can tailor content to include and reflect on your existing policies. We also offer a half-day refresher training option for those who have received training on the GDPR recently or the 2.5 hour overview courses for those that just need to know the key points.
Aims and Objectives
The course provides a stimulating and lively introduction to, or refresher training on, Data Protection. It brings participants up to date with the current requirements for data protection and provides an opportunity for participants to consider what they need to do meet it. Participants return to their job roles with a raft of ideas for improving performance.
1 Data Protection – General Principles
The first section of the course explains the key principles and practice that underpin effective Data Protection. The rationale behind it and its links to other laws governing the employment of staff and provision of services in the context of handling and processing data are explained.
- The Data Protection Act and Data Security
- The 6 principles of the Data Protection Act and Links to other Legislation
- Defining what is meant by “personal data”
- Defining and exploring the roles of the: –
- Data Controller and Processor
- Data Subject and Users, including Secondary Data Subject
- Information Commissioner
- Role of an Internal Data Compliance Officer
- Defining “processing” and “fair processing”
- Considerations that need to be addressed for fair and legal processing
- Sensitive data and the different considerations that need addressing
- Data security issues -organisational & technical
- Securing and Evidencing Consent
- Individual rights and responsibilities
- Current Sanctions, Fines and Penalties
2. The UK GDPR – In Greater Detail
The UK GDPR regulations are explored in more detail and areas of divergence with EU GDPR highlighted. Participants work through the following menu of topics.
Participants work through the following menu of topics.
- Controllers and Processors – Requirements
- Technical and organisations measures
- Fines and Enforcement
- Data Protection Officers – 5 key tasks & 4 jobs
- Rights and Powers
- Appointment Arrangements
- Privacy Management
- Privacy by Design
- Privacy Practice
- Data Sharing Agreementswith Cloud Service Providers
- Record Keeping
- Consent – Definition & Implications
- Information Provided at Data Collection
- Who needs to be told what and when
- Processing data and determining criteria about persons
- Opting Out
- Legitimate Interests & Direct Marketing
- Breach & Notification
- Destruction and alteration of data
- Notifications – Breaches & Exceptions
- Data Subject Access Requests
- The Right to Data Portability
- Retention & The Right to be Forgotten
2.1 UK PECR and the pending EU ePrivacy Regulations
Session 2 also outlines the UK PECR, the Privacy and Electronic Communications Regulations, that supplement the GDPR. It also refers to the pending new EU ePrivacy regulations that may impact on UK legislation.
- Wider communication platforms such as social media
- Marketing via electronic means
- Security of public communications services
- Privacy of customers using communications services
- location data, itemised billing, caller ID, call return
- How it applies to organisations providing customer WiFi access
- Extended protection against spam
Delegates Organisational Data
The workshop also provides an opportunity for participants to review their own organisations data protection policies and procedures, to raise question and receive answers, guidance and sign posting to further sources of support and help