New General Data Protection Regulation
Date: Tuesday, 19 September 2017
Time: 9.30am to 4.30pm
Cost: £150 per person (includes slide presentation in electronic format)
While the UK is now set to leave its membership of the EU, the Government has confirmed that it will still implement the new EU General Data Protection Regulation (Regulation), which comes into force from May 2018.
Organisations must now start to get ready for the Regulation. The Regulation represents the most significant reform of Data Protection law in over 25 years. If organisations do not at least meet the requirements of the existing Data Protection Act 1998 (DPA) now, then the higher Regulation standards will present an insurmountable compliance challenge when the time comes. Moreover, the Information Commissioner’s Office (ICO), the regulator of Data Protection in the UK, will enjoy significantly enhanced enforcement powers, such as the power to issue fines against organisations that do not comply with the Regulation of up to €20m or 4% of their global turnover, whichever is higher.
Daradjeet Jagpal, Legal Consultant and Director of Information Law Solutions, an independent legal consultancy specialising in delivering advisory, audit and training services to the private, public and third sectors in Data Protection, Access to Information and Direct Marketing laws, will provide participants with an outline of the key changes to Data Protection law to be introduced by the Regulation, differences with the DPA, how it will impact their organisation and the practical steps that they can start taking now to prepare their action plans and ready themselves for the Regulation.
This interactive event will cover:
who and to what the Regulation applies;
new definitions, including broader definition of personal data;
the revised Data Protection Principles, including the new Accountability Principle (keeping documentation supporting data processing activities) and the new Transparency Principle (being more open about data processing and collecting personal data fairly);
the legal grounds for processing personal data, including higher standards of consent and how to obtain valid consent under the Regulation (including children’s consent);
new individual rights, including the right to be forgotten (erasure), the right to data portability and important changes to the right of access to personal data;
requirement to notify data security breaches to the ICO and affected individuals;
the need to undertake Data Protection impact assessments;
data processing arrangements;
transfers of personal data outside the EU;
the appointment of Data Protection officers and their role and responsibilities; and
increased penalties and enforcement powers of the ICO.
The event will include a practical workshop, comprising case studies for discussion by participants and an opportunity for participants to review and revise a Data Protection statement to bring it into line with the Regulation's requirements.
No previous Data Protection knowledge is required and the event is suitable for anyone who is interested in Data Protection, regardless of their role, level of skill or experience. In-house legal advisers, Data Protection professionals and staff with office management, administration, information governance, compliance, risk management, marketing or human resources roles will find the event particularly valuable.
The cost of the event includes an electronic copy of the slide presentation by follow-up e-mail after the event.
Participants will be issued with an electronic certificate confirming attendance at the event for their training records (6 hours’ verifiable CPD).