Do your senior management team:

  • know that the current data protection laws are being completely replaced by new laws that come into effect in May 2018?
  • understand how the new laws differ from the current law?
  • know that failure to properly comply with the new law can result in a fine of up to €20 million?
  • appreciate that complying with the new law will require a full review of existing data protection policies and procedures and the introduction of many new measures across your organisation?

Aim

Following four years of discussion, the General Data Protection Regulation (GDPR) was passed into law in April 2016. In May 2018, the new law will take full effect, replacing the Data Protection Act 1998 in its entirety. The GDPR is widely considered to be the most heavily negotiated piece of European legislation that has ever come into effect and introduces significant changes to the current legislative regime.

From the outset, it was recognised that organisations would require time to adjust their practices and procedures to accommodate the new law. Unfortunately, the Brexit vote raised many questions as to whether the GDPR would still be relevant to UK organisations and, as a result, many have failed to begin the complex transition process. With the application of the GDPR now confirmed and the implementation date looming, the clock is ticking for those organisations that have yet begun the implementation process. 

This course is aimed at senior management and is designed to offer an introduction to the new law and an explanation of the main changes to assist and support the management team as they develop and implement a compliance program.

Objectives

The objective of this half day course is to ensure that delegates:

  • have a good overview of the General Data Protection Regulation
  • understand the key differences that the new law will introduce and how these will affect their organisation
  • are able to assess what changes will be required within their own organisation to achieve compliance and are able to prepare an appropriate implementation plan
  • know where to look for ongoing guidance and support during the transition period.

Course outline

  1. A (very) quick recap on the current law
    • key definitions
    • the data protection principles
    • data subject rights
    • exemptions
    • enforcement
       
  2. The GDPR – passage into law
     
  3. Introducing the new law
    • applicability
    • personal data and special categories of personal data
    • the data protection principles repackaged
    • grounds of processing and the new standard of consent
    • information notices
    • data subject rights under the new law
    • the right to be informed
    • policies, procedures and internal record keeping
    • dealing with children’s data
    • the data protection officer – appointment and role
    • the new rules on breach reporting
    • data protection by design and Privacy Impact Assessments
    • derogations and special cases
    • data processors
    • transferring data outside the EEA
    • enforcement of the new law
       
  4. Designing and implementing a compliance program for your organisation – the final part of the session will consist of a guided group discussion during which delegates will identify steps that need to be taken by their own organisation to achieve compliance with the new law.

To discuss your specific requirements and get a quote, please contact Kitty Rosser on 01603 756559 or [email protected].

Birketts is excellent. The lawyers are personable, very helpful and know what they're doing. They are very thorough during a transaction and keep the client in close communication throughout.

Chambers UK 2016