General Data Protection Regulation (GDPR) – What do I need to do?

We make no excuse for once again featuring the new GDPR regulations which come in to force across the EU on 25th May 2018 as this is widely regarded as the most significant reform of the Data Protection Law over the past 25 years.

Firstly a few myths need to be dispelled:

  • It doesn’t affect me – most likely wrong!
    • This new regulation will potentially affect every business which collects and uses data, particularly if that data is collected online and for larger businesses this will require them to appoint a Data Protection Officer.
  • The risks are worth it!
    • You could always take that attitude, however, you should be aware that to ensure accountability, fines are increasing from the current maximum of €500,000 to €20m or 4% of global turnover.
  • I do not work with Personal Data – most likely wrong!
    • The EU has greatly expanded the definition of personal data under GDPR, including for example any online identifiers such as IP addresses and including broader economic or cultural information collected.
  • I already get implied consent to collect and store data so not my problem – most likely wrong!
    • Under GDPR it appears that advertisers must get explicit and informed consent from EU residents.
  • BREXIT will mean it doesn’t affect the UK – wrong again!
    • The Government has confirmed that the UK’s decision to leave the EU will not affect delivery of this important and far reaching change and this regulation will replace the UK’s current data protection laws (Data Protection Act 1998).

May 2018 might seem a long way off but we all know how quickly time moves in business so take some action now.

You could of course read up on the regulation through your own research such as the Information Commissioner’s Office website (use this link: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/). The ICO has recently launched a new ‘GDPR 12 steps to take now’ document as well as adding a ‘Getting ready for GDPR checklist’ to their self-assessment toolkit.

Or you could attend one of our range of training courses to help you, and your staff, understand the regulations and help you identify what your organisation needs to put in place.

Focus on Training has pulled together one of the most comprehensive course choices for GDPR including a number of independently Certified training courses. (Please be aware that whilst a number of GDPR courses have appeared in the marketplace of late, including those claiming to be ‘certified’, you should carefully check who is certifying the course before you purchase to make sure it is not just being self-certified by the trainer themselves!).

Certified courses include:

  • Certified EU General Data Protection Regulation (GDPR) Practitioner – APMG / GCHQ
    • This four day comprehensive certified practitioner course, with independent APMG exam (and certified by GCHQ), will provide a practical guide to planning, implementing and maintaining compliance with the new General Data Protection Regulations (GDPR) and is suitable for Data Protection Officers, HR Professionals, Compliance Officers, Auditors, IT & Security Professionals.
  • Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner – IBITGQ
    • This combination course consists of the Certified EU General Data Protection Regulation Foundation (one-day) and Practitioner (four-day) training courses. Delegates who pass the included exams are awarded the ISO 17024-accredited EU GDPR Foundation (EU GDPR F) and EU GDPR Practitioner (EU GDPR P) qualifications by IBITGQ.
  • Certified EU General Data Protection Regulation (GDPR) Foundation – IBITGQ
    • The one-day EU General Data Protection Regulation classroom course provides a comprehensive introduction to the EU GDPR, and a practical understanding of the implications and legal requirements for UK and EU organisations of any size. Delegates take the EU General Data Protection Regulation Foundation (EU GDPR F) examination at the end of the course.
  • Certified EU General Data Protection Regulation (GDPR) Practitioner – IBITGQ
    • This four-day classroom course is focused on enabling delegates to fulfil the role of data protection officer (DPO) under the GDPR, and covers the regulation in depth, including implementation requirements, the necessary policies and processes, as well as important elements of effective data security management. Delegates who pass the included exam are awarded the ISO 17024-accredited EU GDPR Practitioner (EU GDPR P) qualification by IBITGQ and it is compulsory for delegates to have passed the Foundation course before attending the practitioner course.
  • Certified Information Privacy Professional and Manager Prep Course (CIPPE/CIPM) – IAPP
    • In this course you will gain foundational knowledge on both broad and global concepts of privacy and data protection laws and practice. You will learn common principles and approaches to privacy as well as understand the major privacy models employed around the globe. The Certified Information Privacy Professional/Europe (CIPP/E) exam assesses knowledge of European privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to and from the U.S., the EU and other jurisdictions. The Certified Information Privacy Manager (CIPM) exam assesses understanding of the skills to establish, maintain and manage a privacy program across all stages of its operational life cycle.
  • Certified Information Privacy Professional and Technologist Prep Course (CIPPE/CIPM) – IAPP
    • This four-day programme covers the principals of information privacy, principles of data protection in Europe and principles of privacy in technology.
  • Certified Information Privacy Professional/Europe (CIPP/EU) – IAPP
    • This two-day program covers the principals of information privacy in the U.S., the EU and other jurisdictions private-sector. The CIPP/E designation is accredited under the internationally recognized ANSI/ISO standard 17024:2012, an acknowledgement of the quality and integrity of the programme.
  • Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner elearning – IBITGQ
    • This combination course consists of the Certified EU General Data Protection Regulation Foundation online and Practitioner online modules. Delegates who pass the included exams are awarded the ISO 17024-accredited EU GDPR Foundation (EU GDPR F) and EU GDPR Practitioner (EU GDPR P) qualifications by IBITGQ.

We also have a wide range of other courses which will help in delivery of a compliant data protection strategy, including:

Data privacy and security needs to be treated as a priority for organisations and ensuring that staff have adequate knowledge of the core data protection legislation and undergoing effective training is a great starting point.

As well as our range of classroom events, we can provide competitively-priced onsite training if you are looking to provide your team with a data protection overview or industry-recognised certification.

Click on the links above to find out more on the courses or visit us at https://www.focus-on-training.co.uk/data-protection-gdpr/courses/skillarea/47/ where you can see the full list of what is available.

Don’t delay, get yourself protected today – time is running out and courses are filling fast!