General Data Protection Regulation
Date: Tuesday, 7 March 2017
Time: 9.15am to 12.15pm
Cost: £75 per person (includes slide presentation in electronic format)
While the referendum in June 2016 determined that the UK will leave its membership of the EU, the Government has confirmed that it will still implement the EU General Data Protection Regulation (Regulation), which comes into force from 25 May 2018.
Organisations have just over a year to get ready for the Regulation. The Regulation represents the most significant reform of Data Protection law in over 25 years. If organisations do not at least meet the requirements of the existing Data Protection Act 1998 (DPA) now, then the higher Regulation standards will present an insurmountable compliance challenge when the time comes. Moreover, the Information Commissioner’s Office (ICO), the regulator of Data Protection in the UK, will enjoy significantly enhanced enforcement powers, such as the power to issue fines against organisations that do not comply with the Regulation of up to €20m or 4% of their global turnover, whichever is higher.
Daradjeet Jagpal of Information Law Solutions, an independent legal consultancy specialising in delivering advisory, audit and training services to the private, public and third sectors in Data Protection, Access to Information and Direct Marketing laws, will provide participants with an outline of the key changes to Data Protection law to be introduced by the Regulation, how it will impact their organisation and the practical steps that they can start taking now to prepare their action plans and ready themselves for the Regulation.
This interactive event will cover:
who and to what the Regulation applies;
new definitions, including broader definition of personal data;
the revised Data Protection Principles, including the new Accountability Principle (keeping documentation supporting data processing activities) and the new Transparency Principle (being more open about data processing and collecting personal data fairly);
the legal grounds for processing personal data, including higher standards of consent and how to obtain valid consent under the Regulation (including children’s consent);
new individual rights, including the right to be forgotten, the right to data portability and important changes to the right of access;
requirement to notify data security breaches to the ICO and affected individuals;
the need to undertake Data Protection impact assessments;
data processing arrangements;
transfers of personal data outside the EU;
the appointment of data protection officers and their role and responsibilities; and
increased penalties and enforcement powers of the ICO.
The event will include case studies for discussion by participants, with useful practical tips and guidance and pitfalls to avoid.
No previous Data Protection knowledge is required and the event is suitable for anyone who is interested in Data Protection, regardless of their role, level of skill or experience. In-house legal advisers, Data Protection professionals and staff with office management, administration, information governance, compliance, risk management, marketing or human resources roles will find the event particularly valuable.
The cost of the event includes an electronic copy of the slide presentation by follow-up e-mail after the event.
Participants will be issued with an electronic certificate confirming attendance at the event for their training records (3 hours’ verifiable CPD).