General Data Protection Regulation (GDPR)

Duration: 1 Day

Course Content

  • Overview of GDPR, it’s background, terminology and what it means.
  • What’s new and the difference between the existing Data Protection Act.
  • Key implementation and compliance areas.
    • Data subjects, responding to and dealing with individuals exercising their data protection rights including time limits.
    • Subject Access Requests and how to respond.
  • Marketing departments and handling data appropriately.
    • CV’s, sensitive data, outsourcing payroll, pensions and other hr services.
  • Employment contracts according to GDPR.
  • Human Resources departments and handling data appropriately.
  • Key steps to implementing GDPR including:
    • Privacy by design, consent, consent withdrawal
    • Data Protection Impact Assessments (DPIA’s), what to include, when to perform and the situation. Risk Assessment of third party contracts. Binding corporate rules in accordance with GDPR.
    • Protecting your business and adequate security tools, DLP, Isolation, Encryption, Pseudonymisation and Minimisation.
    • Training, competence and staff awareness requirements. Education assistance, protecting your weakest link and confidentiality of sensitive data.
    • The role of a DPO (Data Protection Officer), Data Processors and Data Controllers. GDPR Representatives.
    • Incident Response, breach reporting and business continuity options and requirements. Notification to data subjects and compensation relating to their rights to the risk and freedom of information.
    • Updating policies, procedures and documenting processes now and ongoing. Internal GDPR document and Data Retention Policies.
  • Effective data security management. Limited access to corporate data and CRM systems.
  • International data transfers and third-party agreements. Effective contracts, codes of conduct, certification methods and the US Privacy Shield.