Mercury Security & Facilities Management

Sign Up for our Newsletter

    Call Us : +44 (0)28 9262 0510    Email :

    GDPR Awareness Workshop overview

    by Mercury Security Management




    GDPR Awareness Workshop overview


    Who Should attend?
    • Heads of department responsible for processing personal data within their business
    • Anyone responsible for managing / overseeing GDPR compliance in their business
    • Anyone responsible for internal audits of GDPR compliance in their business
    Breakdown of the day: 

    11:00 am: Tea and coffee

    11:15 am: Introduction to GDPR, assigning roles and responsibilities

    am: Understand what Personal Data is and determining data management

    am: Tackling the Data Protection Impact Assessment (Data Flows, Inventories and DPIA’s)

    pm: How risk management best practice underpins GDPR compliance, understanding the importance of quantifying and defining risk

    13:00 pm: Break (Drinks and Refreshments)

    pm: Implementing effective GDPR policies and procedures

    pm: Security Breach Management for GDPR compliance

    pm: Managing GDPR training, awareness, competency and communication within and throughout your organisation

    pm: Engaging leadership and leading cultural change

    pm: Next steps & round up (Article 42)

    15.00 pm: End

    When, Where & What's included

    Thursday 26th April @ 11am

    Included with this course:

    Tea & coffee along with refreshments.

    Pre-course activities:

    Global QA and Mercury would like attendees to come away from the course feeling that it has been very advantageous. In order for Global QA to prepare the training material and engage in detailed discussions on the day, we require you to complete pre attendance questionnaire.


    Belvoir Park Golf Club, 73 Church Rd, Castlereagh, Belfast BT8 7AN
    4 hours




    It’s only 3 months until the EU General Data Protection Regulation (GDPR) comes into effect. However, many businesses do not feel confident nor have a plan in place. For many businesses, data management processes, policies and procedures have not kept up with the rest of the business and many of us are guilty of keeping data indefinitely. In fact, a large percentage of businesses say they do not feel confident about meeting the new GDPR requirements and only a small percentage of businesses are aware that the ICO is recruiting an extra 200 staff to regulate this regulation.
    If you are yet to get a compliance plan in place, this GDPR Awareness workshop is for you. It’ll cover all the basics and provide you with an opportunity to get any of your questions answered – on the day.

    Prepare your business

    Global QA and Mercury have designed a half-day GDPR session which will help you:
    • Understand the impact of GDPR on your business
    • Assign roles and responsibilities
    • Implement an action plan
    • Engage your organisation with GDPR
    • Create a GDPR culture within your organisation

    FAQ Regarding the GDPR

    The General Data Protection Regulation (GDPR) will be replacing the UK Data Protection Act 1998 and will apply in the UK from 25 May 2018. The government has clarified that the UK’s decision to leave the European Union will not impact the enforcement of GDPR. The regulations apply to both ‘controllers’, ‘processors’ and ‘sub-processors’, and is inclusive of organisations operating within the EU, as well as those outside of the EU that offer goods or services to residents and citizens within the EU.

    Who does GDPR affect?

    Whilst GDPR affects everyone within an organisation, marketers are particularly well placed to ensure GDPR compliance throughout their business. With a superior knowledge of the customer, marketers are able to enter into a dialogue with consumers regarding the changes GDPR will enforce, and understand what customers are willing to tolerate however we must stress that this regulation applies to all areas within the organisation that come into contact with personal information.

    Who regulates GDPR?

    The Information Commissioner’s Office (ICO) is the regulatory body for GDPR within the UK and Northern Ireland. Their latest advice and guidance can be found at

    What are the fines for non-compliance?

    Organisations that are found to be in breach of GDPR after 28th May 2018 can be fined up to 4% of annual global turnover or €20 million, whichever amount is larger. This is the maximum fine possible for the most serious infringements, such as not having obtained customer consent to process data. However, the fines are tiered based on the level of severity of the data breach.

    What does it mean for SMEs?

    Under GDPR, all businesses are required to be able to demonstrate a lawful basis for all data collected from individuals, as well as provide clear and comprehensive privacy notices to help these individuals understand how their data will be used. For SMEs, it is particularly important to note that businesses of all sizes need to be able to prove their legal basis if they want to process any form of personal data. Any small business that processes data for a client firm may also have to demonstrate that they have appropriate data-processing controls in place that comply with GDPR.

    What does it mean for large organisations?

    Whilst GDPR affects businesses of all sizes, large organisations need to consider key areas of the new legislation, such as: re-consent; double opt-in; ensuring existing data is compliant as well as new; using data across European borders; and the new Data Protection Bill. These are areas that will receive clarification in the coming months, before GDPR is instated.

    What is the Data Protection Bill and how does it relate to GDPR?

    The Data Protection Bill seeks to apply GDPR to all of those areas excluded under the GDPR, creating one regime across the board. It also aims to ‘Brexit-proof’ GDPR so that after Britain withdraws from the European Union, GDPR will still work under UK law. However, it is currently unclear when the Data Protection Bill will come into force, as it requires an order by the appropriate Secretary of State.

    In what instances does a Data Protection Officer (DPO) need to be appointed?

    A Data Protection Officer must be appointed to a business in the case of an organisation being either: a public authority; engaging in large scale systematic monitoring of individuals or processing of sensitive data.

    How can Global QA support your business?

    Global QA Consultants provide consultancy services to many organisations across the UK and Ireland in order to drive compliance with the regulation. We provide a tailor-made service ranging from GDPR Awareness Training to establishing and managing the compliance programme to outsourced DPO services. For more information on how we could be of assistance please get in touch.

    Need more information on this workshop? Contact Mercury today.

    Contact Us

    View the full range of services offered by Mercury Security Management

    Click Here