Data Protection

May 2018 saw the introduction of the General Data Protection Regulation 2016 and the Data Protection Act 2018, the biggest changes to data protection law in a generation. 

Whilst the potential for huge fines took the headlines, the requirement to be able to demonstrate compliance has been the biggest change to businesses operating within the EU, and the Information Commissioner’s Office are now starting to bring investigations and prosecutions after a short settling-in period. 

The introduction of the legislation may be in the past, but the obligations are continuing and all businesses need to ensure that they are, and remain, compliant.

Given the requirements to be clear, transparent and fair, there has never been a better time to keep it simple.

The 5 Steps to Personal Data Protection Compliance

A workshop looking at the five steps needed to ensure compliance with the GDPR. This is an overview of what needs to be done, which is designed to allow your compliance team to carry out a data audit, and then put in place the necessary policies, procedures and documentation.

How to undertake a Compliance Review

An interactive workshop looking in-depth at how to undertake a personal data audit and compliance review, which forms the first step of our 5 Steps to Compliance, and should be reviewed regularly to ensure that it is up to date.

GDPR Documentation Requirements

This compliance workshop looks at the documentation that you are required to have in place to be compliant with the GDPR, and provides practical advice as to how best to protect your business.

Dealing with Personal Data Breaches

A practical workshop looking at how to respond to personal data breaches. We look at internal reporting procedures and investigations of breaches before considering how to assess risk and whether formal notifications are required to the Information Commissioner’s Office and the data subjects.

Dealing with Data Subject Requests

Dealing with data subject requests can be time-consuming and comes with a number of pitfalls for the unwary. This workshop looks at how to deal with the requests and to ensure that the necessary deadlines are met and the correct information provided.

General Data Protection Awareness Training

A shorter workshop aimed at all staff who process personal data in your organisation to ensure that they are aware of their responsibilities, and your obligations, under the data protection legislation. Rather than a legal lecture, this is an interactive session with plenty of real-life examples so that your staff come away with knowledge relevant to their functions.

Data Protection for HR Teams

This workshop provides practical advice for HR teams in how to handle data protection breaches caused by employees, required changes to employment contracts and company handbooks and the use of third-party HR service providers, as well as considering the rights of your employees as data subjects themselves.

Data Protection for Marketing Teams

This workshop looks at dispelling some of the myths and bad advice that were common-place on the introduction of the GDPR and looks at the real requirements for consent to marketing and how marketing lists should be managed.

Data Protection for IT Professionals

Whilst data protection is not solely an IT issue, technology can provide some of the tools to ensure compliance, as well as causing some of the biggest issues. This interactive workshop looks at how IT managers and developers can incorporate privacy by design into their usual practice and the requirements for Data Protection Impact Assessments.

Cybersecurity

In addition to our ‘legal’ training on data protection, we also offer workshops on non-technical cybersecurity topics aimed at improving your data protection compliance.

Whilst these are not pure ‘legal’ training workshops, the underlying requirements of the data protection legislation means that appropriate training on awareness of threats is a valuable security measure. 

Learn how to Phish

A workshop developed for a particular client that was simply too much fun not to offer to everyone. This session is primarily aimed at staff who need additional support in respect of phishing attacks, in which we look at some of the psychology behind these attacks and then write our own emails which can be tested out in your own organisation.

Social Engineering: Hacking the human

Another fun session with an ethical hacker who uses straight-forward and simple tricks to persuade people to do what he wants. This session is aimed to raise awareness of some of the techniques used so that your staff can avoid becoming the next victim.