Does your senior management team:

  • know that data protection laws were completely replaced by new laws that came into effect in May 2018?
  • understand how the new laws differ from the old law?
  • know that failure to properly comply with the new law can result in a fine of up to €20 million?
  • appreciate that complying with the new law will require a full review of existing data protection policies and procedures and the introduction of many new measures across your organisation?


Following four years of discussion, the General Data Protection Regulation (GDPR) was passed into law in April 2016. In May 2018, the new law took full effect, replacing the Data Protection Act 1998 in its entirety. The GDPR is widely considered to be the most heavily negotiated piece of European legislation that has ever come into effect and introduced significant changes to the current legislative regime.

From the outset, it was recognised that organisations would require time to adjust their practices and procedures to accommodate the new law. Unfortunately, the Brexit vote raised many questions as to whether the GDPR would still be relevant to UK organisations and, as a result, many have failed to begin the complex transition process. 

This course is aimed at senior management and is designed to offer an introduction to the new law and an explanation of the main changes to assist and support the management team as they develop and implement a compliance program.


The objective of this half day course is to ensure that delegates:

  • have a good overview of the General Data Protection Regulation
  • understand the key differences that the new law introduces and how these affect their organisation
  • are able to assess what changes will be required within their own organisation to achieve compliance and are able to prepare an appropriate implementation plan
  • know where to look for ongoing guidance and support during the transition period.

Course outline

  1. A (very) quick recap on the old law
    • key definitions
    • the data protection principles
    • data subject rights
    • exemptions
    • enforcement
  2. The GDPR – passage into law
  3. Introducing the new law
    • applicability
    • personal data and special categories of personal data
    • the data protection principles repackaged
    • grounds of processing and the new standard of consent
    • information notices
    • data subject rights under the new law
    • the right to be informed
    • policies, procedures and internal record keeping
    • dealing with children’s data
    • the data protection officer – appointment and role
    • the new rules on breach reporting
    • data protection by design and Privacy Impact Assessments
    • derogations and special cases
    • data processors
    • transferring data outside the EEA
    • enforcement of the new law
  4. Designing and implementing a compliance program for your organisation – the final part of the session will consist of a guided group discussion during which delegates will identify steps that need to be taken by their own organisation to achieve compliance with the new law.

To discuss your specific requirements and get a quote, please contact Kitty Rosser on +44 (0)1603 756559 or [email protected].

Key contacts

Meet the full team


* denotes required fields.