
IN ASSOCIATION WITH MERCURY SECURITY MANAGEMENT
11:00 am: Tea and coffee
11:15 am: Introduction to GDPR, assigning roles and responsibilities
am: Understand what Personal Data is and determining data management
am: Tackling the Data Protection Impact Assessment (Data Flows, Inventories and DPIA’s)
pm: How risk management best practice underpins GDPR compliance, understanding the importance of quantifying and defining risk
13:00 pm: Break (Drinks and Refreshments)
pm: Implementing effective GDPR policies and procedures
pm: Security Breach Management for GDPR compliance
pm: Managing GDPR training, awareness, competency and communication within and throughout your organisation
pm: Engaging leadership and leading cultural change
pm: Next steps & round up (Article 42)
15.00 pm: End
Tea & coffee along with refreshments.
Global QA and Mercury would like attendees to come away from the course feeling that it has been very advantageous. In order for Global QA to prepare the training material and engage in detailed discussions on the day, we require you to complete pre attendance questionnaire.
Belvoir Park Golf Club, 73 Church Rd, Castlereagh, Belfast BT8 7AN
Duration:
4 hours
FREE
It’s only 3 months until the EU General Data Protection Regulation (GDPR) comes into effect. However, many businesses do not feel confident nor have a plan in place. For many businesses, data management processes, policies and procedures have not kept up with the rest of the business and many of us are guilty of keeping data indefinitely. In fact, a large percentage of businesses say they do not feel confident about meeting the new GDPR requirements and only a small percentage of businesses are aware that the ICO is recruiting an extra 200 staff to regulate this regulation.
If you are yet to get a compliance plan in place, this GDPR Awareness workshop is for you. It’ll cover all the basics and provide you with an opportunity to get any of your questions answered – on the day.
Global QA and Mercury have designed a half-day GDPR session which will help you:
• Understand the impact of GDPR on your business
• Assign roles and responsibilities
• Implement an action plan
• Engage your organisation with GDPR
• Create a GDPR culture within your organisation
The General Data Protection Regulation (GDPR) will be replacing the UK Data Protection Act 1998 and will apply in the UK from 25 May 2018. The government has clarified that the UK’s decision to leave the European Union will not impact the enforcement of GDPR. The regulations apply to both ‘controllers’, ‘processors’ and ‘sub-processors’, and is inclusive of organisations operating within the EU, as well as those outside of the EU that offer goods or services to residents and citizens within the EU.
Whilst GDPR affects everyone within an organisation, marketers are particularly well placed to ensure GDPR compliance throughout their business. With a superior knowledge of the customer, marketers are able to enter into a dialogue with consumers regarding the changes GDPR will enforce, and understand what customers are willing to tolerate however we must stress that this regulation applies to all areas within the organisation that come into contact with personal information.
The Information Commissioner’s Office (ICO) is the regulatory body for GDPR within the UK and Northern Ireland. Their latest advice and guidance can be found at www.ico.org
Organisations that are found to be in breach of GDPR after 28th May 2018 can be fined up to 4% of annual global turnover or €20 million, whichever amount is larger. This is the maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.
Under GDPR, all businesses are required to be able to demonstrate a lawful basis for all data collected from individuals, as well as provide clear and comprehensive privacy notices to help these individuals understand how their data will be used. For SMEs, it is particularly important to note that businesses of all sizes need to be able to prove their legal basis if they want to process any form of personal data. Any small business that processes data for a client firm may also have to demonstrate that they have appropriate data-processing controls in place that comply with GDPR.
Whilst GDPR affects businesses of all sizes, large organisations need to consider key areas of the new legislation, such as: re-consent; double opt-in; ensuring existing data is compliant as well as new; using data across European borders; and the new Data Protection Bill. These are areas that will receive clarification in the coming months, before GDPR is instated.
The Data Protection Bill seeks to apply GDPR to all of those areas excluded under the GDPR, creating one regime across the board. It also aims to ‘Brexit-proof’ GDPR so that after Britain withdraws from the European Union, GDPR will still work under UK law. However, it is currently unclear when the Data Protection Bill will come into force, as it requires an order by the appropriate Secretary of State.
A Data Protection Officer must be appointed to a business in the case of an organisation being either: a public authority; engaging in large scale systematic monitoring of individuals or processing of sensitive data.
Global QA Consultants provide consultancy services to many organisations across the UK and Ireland in order to drive compliance with the regulation. We provide a tailor-made service ranging from GDPR Awareness Training to establishing and managing the compliance programme to outsourced DPO services. For more information on how we could be of assistance please get in touch.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.