EU Data Protection – Prepare for Change
EU Data Protection Law is changing with the introduction of the General Data Protection Regulation (GDPR) and it affects all companies who trade within or with the European Union that hold data of EU residents – it is applicable to all member states. It affects any personal data including names, address and contact information, photos, social media postings, usage data, medical records, and even a computer’s IP address.
This programme covers all you need to know to start the planning process and to develop a coherent company-wide strategy to ensure compliance. We briefly look at the background and framework before tackling the major elements of the regulation itself. The regulation covers a wide range of requirements, including consent; privacy by design and by default; impact and risk assessments; the right to be forgotten, right to erasure, right to data portability; mandatory breech notification; and the appointment of a Data Protection Officer (where mandated).
Why is this training an urgent requirement? It is because the Regulation was agreed in December 2015, with agreement and adoption in 2016 and then a two year transition before it comes into force. However, the changes are big, and are set to have a major impact on systems, policies, processes, and most of all, people. In order to make the transition as seamless as possible, with the minimum impact on ongoing business, companies and organisations need to ensure all new and existing systems, processes, infrastructure and networks are fully compliant before the deadline in order to avoid severe sanctions.
The workshop format allows for structured sessions to ensure we deal with all the major topics, plenty of time for questions, focus groups for participants to share ideas, and tools to take back into the workplace to help plan and implement the requirements.
Outcomes and Competency Development
Participants will develop or be able to:
- Fully understand the impact of the new EU Directive concerning Data Protection and the implications / sanctions of non-compliance
- Contribute much more effectively to [strategic] direction-setting of data protection standards, local and company-wide initiatives, and best practice within their own organisation
- Build a more cohesive, organisation-wide transition-plan that embraces all aspects of the required changes – including the people aspects
- Effectively plan for full GDPR compliance of existing and legacy systems, processes and platforms
- Ensure new systems, processes and platforms are fully compliant within the purchasing or implementation cycle
- Confidence to drive the necessary changes and to communicate both the need and urgency
- Make decisions on implementation and procurement that are fully aligned with the GDPR, commercially viable, minimise risk, and also in line with the strategy and goals of the wider organization Advise on, or build audit systems to ensure organisation-wide compliance with GDPR
Benefits to the Company / Organisation
The Company / Organisational Benefits include:
- Clarity on what needs to be done and by when – and clarity on the overall impact to the operation, including likely costs, and the implications of being non-compliant
- Confidence to set a clear medium to long term direction for the organisation and to plan a data protection policy that reflects both the needs of the organisation and the requirements of the GDPR
- Greater competency to develop a cohesive, organisation-wide transition-plan that embraces all aspects of the required changes – including the people aspects
- Enables individuals and (if taken in-house) teams to recognise and develop best-practice across the organisation – and have the confidence to share; and to make decisions that are fully compliant with GDPR