GDPR Foundation - Why is it important?

By now you will no doubt have seen posts on GDPR, which comes into effect in May 2018. GDPR replaces the current Data Protection Act and introduces much greater consequences associated with non-compliance and arguably most importantly the requirement to evidence compliance with the regulations. 

Under the Data Protection Act a failing organisation was unlikely to be ‘caught out’ unless it suffered a data breach, however GDPR’s introduction of the ‘Accountability Principle’ now makes it an organisations responsibility to evidence its actions even before a data breach occurs. The ICO (the UKs supervisory authority under GDPR) will likely request evidence from firms once the regulations come into force and firms who are unable to respond will most likely come under greater scrutiny than those who do.

These new regulations are therefore causing a bit of stir, and sites like LinkedIn are buzzing with posts and articles, some of which contradict each other and most of which lead to a great debate on how to interpret the changes and how to respond. The manager who uses these LinkedIn posts to learn and plan a response is destined to become confused. It is therefore important that knowledge is built on a firm foundation .... the regulations themselves.

Project Managers and Business Analysts

GDPR presents a great opportunity for securing your next project. The May 2018 deadline is approaching fast and many organisations have not yet started to prepare. In many cases senior stakeholders in organisations are not themselves aware of the changes which need to take place, so any change professional with a GDPR Foundation will no doubt be an important asset.

New projects will inevitably surface with ever decreasing timelines in which to deliver and the change professionals with the knowledge of the regulations will be the ones who win the contracts. 

Senior Managers

All organisations which hold personal data will need to prepare for GDPR and evidence this. They will need to understand the personal data they hold, where it flows and how to identify when it needs to be changed or erased. They will also need to be able to trace data they have passed on to third parties, to ensure that individuals rights are fully protected and they must be able to evidence that they have controls in place for each of these actions and many more.

GDPRs Article 30 and ‘data protection by design and by default' are tools which will help senior managers prepare, so having a good GDPR Foundation of knowledge will be key.

Even if as an organisation you elect to hire in expert resource to deliver this change, it is important that someone in your organisation has the GDPR Foundation knowledge to support this change at a senior level in your organisation.

Compliance

It is becoming mandatory for some organisations to employ specialist data protection officers (DPO) to ensure data is managed correctly within the organisation. Even if a DPO is not required, it should still be someone’s responsibility to ensure that the organisation remains compliant, even if this is an addition to an existing role.

Both the DPO and those who take on this additional responsibility should have a firm a GDPR Foundation in order to know how to react to breaches, subject access requests or further changes to data within their organisation.

Gaining the Requisite Knowledge

Undertaking a GDPR Foundation course and gaining the certification is an important step in building and evidencing your GDPR compliance plan. A GDPR Foundation course will benefit managers whose role will involve data protection or information security. It is also important for change professionals working in data protection projects.

By attending a course you will be better prepared to carry out a discussion around the new regulation and evidence that you conform to the regulations.

A good course will cover:

·        the context of GDPR against a history of data protection law in the EU

·        the material and geographical scope

·        practical examples of the definitions used within the act

·        the principles of GDPR

·        the rights of the data subject

·        the responsibilities of data holding stakeholders

·        the role of the data protection officer

·        responsibilities when a breach occurs

·        transferring data outside of the EU

·        the role of the supervisory authorities

Roebuck Consulting’s GDPR Foundation Course:

Our foundation course will also help you understand how the regulation works, so you can prepare and work towards compliance for the new regulation. Once you complete our course you will be a position to start scoping your Article 30 assessment, a gap analysis, privacy impact and risk assessment or a full data protection audit.

Our course is a classroom based course taking a full day to complete. The course includes a 1 hour exam containing 40 multiple choice questions and a 65% pass mark, providing successful candidates with a GDPR Foundation Certificate.

Who should attend?:

Managers seeking to broaden their knowledge of the GDPR requirements, or those who currently have a role in data protection or information security and need to understand how to comply with the regulation. For those with ambition of becoming data protection officers or individuals who need to understand their responsibilities, from any business area that processes personal information or data including: legal, corporate governance, risk and compliance, management systems, data security, IT services, marketing, financial and accounting and Human Resources.

Cost:

Individual - Priced at ￡495 per person (+VAT) – to take place at a venue and date we prescribe and will include candidates from other sources

Corporate - Priced at ￡495 per person – minimum ￡990 - to take place at the client’s venue to fit with their requirements

Upcoming Courses

Courses are always taking place across the UK.

To book a place on a GDPR Foundation Course or to ask any questions please email us on [email protected] or call Mark Roebuck on 07742 200020