The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. It sets out rules for how organisations process personal data and requires us all to be able to demonstrate compliance with data protection law. Many organisations have undertaken a “GDPR gap assessment” which helps them identify areas that need improvement. They can then use this assessment to create a GDPR project plan and identify what technical and organisational measures to put in place.
The GDPR applies to the processing of personal data by automated means as well as to manual processing if the personal data are contained in a filing system. As most businesses and organisations process personal data, it is likely that the GDPR will apply to you.
The first step on the road to compliance is to carry out a data protection assessment of your organisation to identify any gaps in compliance and corresponding risks. A detailed project plan with clear tasks, responsibilities and timelines will assist you on your compliance journey.
In certain cases, organisations will have a statutory obligation to appoint a DPO. For example, where there is regular and systematic monitoring of individuals on a large scale. It is up to each organisation to assess whether it is required and if so, the organisation must register the DPO with the Data Protection Commission.
A Data Protection Impact Assessment (DPIA) is an assessment which is carried out on a new project, product, service or processing activity to determine whether the proposed new data processing poses any risks to the rights of the individuals whose personal data is being processed. The aim is to identify risk and implement measures to reduce or eliminate the risk. In certain cases, there is a statutory requirement to carry out a DPIA.
While is it important that you protect personal data from accidental loss, destruction or damage and against unauthorised or unlawful processing, security is just one of the principles of the GDPR. You must also make sure you are compliant with the other data protection principles.
Consent is just one of the lawful bases for data processing and not always the most appropriate one to rely on. You should review the lawful basis for each of your data processing activities and decide which one applies.
The Data Protection Commission recommends that the following non-exhaustive list of factors be taken into consideration when selecting the appropriate DPO training programme:
For DPOs we offer Certified Information Privacy Professional/Europe (CIPP/E) and also Certified Information Privacy Management (CIPM) training in partnership with the International Association of Privacy Professionals (IAPP). CIPP/E and CIPM certification is the gold standard in data protection training globally for DPOs. We also offer ‘train the trainer’ workshops in specific topics such as data breach management; data protection impact assessment and data subject assess requests.
The Data Protection Commission recommends that the following non-exhaustive list of factors be taken into consideration when selecting the appropriate DPO training programme:
Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Management (CIPM) training is ideal training for those who have responsibility for data protection in their company or organisation. If you are not aiming to acquire a data protection certification, we offer a Data Protection Masterclass. This is a full day ‘in-house’ training course in Data Protection Fundamentals which will give you a firm grounding in data protection essentials.
We provide Data Breach Response training so that your staff understand what a data breach is and how to reduce the likelihood of a breach occurring. If a breach does happen, our training will ensure your staff are prepared and understand the necessary and appropriate steps to take.
We have experience in providing training in both data subject access request procedures and Freedom of Information requests. We can explain how these two regimes overlap and how to ensure your procedures are compliant.
We provide data protection training on a national basis either on site or off site depending on your requirements.
We offer specific e-learning products to introduce your whole staff to GDPR. Your staff can easily and quickly register for the course and it takes 30 minutes to complete the training. After concluding each topic, users will have the opportunity to test their knowledge by completing a multiple-choice questionnaire, the results of which can be tracked and reported.
Upon completion of the course, trainees are awarded a certificate of completion. This also serves to demonstrate that data protection training has been provided to staff, which forms a part of your accountability obligations under the GDPR.
