Key Details

Duration: 3 Hours
Delivery: Inhouse

Overview

The General Data Protection Regulation (GDPR) is applicable throughout the European Union from 25 May 2018. This introductory course puts the GDPR into context, highlighting its core requirements in a way that is sufficiently comprehensive to be suitable for all staff needing to be aware of its purpose and impact.

The course is made up of the following subsections:

Introduction

  • The aim of the GDPR
  • Why it is necessary
  • Who it applies to
  • When it applies

The Principles

  • The seven principles of the GDPR:
  • Fair, lawful and transparent processing
  • Purpose limitation
  • Data limitation
  • Accuracy
  • Data retention period
  • Data security
  • Accountability

Lawful Processing (incl consent)

  • The main instances that provide organisations with the legal basis they require
  • What makes consent valid

Individual’s Rights

  • Right to be informed
  • Right of access
  • Right to rectify
  • Right of erasure
  • Right to data portability

Accountability and governance

  • Maintaining policies and procedures regarding data processing
  • Keeping documentation that records the processing activities undertaken
  • Training staff on the requirements surrounding processing personal data
  • Undertaking internal audits of the processing activities
  • Adhering to a suitable Code of Conduct or certification scheme

Breaches and notifications

  • Notification requirements of a personal data security breach

Data Transfers

  • Restriction on the transfer of personal data to recipients outside of the European Economic Area (EEA) except in limited circumstances
  • The limited circumstances in which personal data may be transferred
  • The potential fine for breaching the data transfer requirements

After attending this course, participants will:

  • Be able to describe the core requirements of the GDPR
  • Be better equipped to consider and assess the implications of GDPR on their Firm