The GDPR (General Data Protection Regulation) marks the biggest change in data protection law for 20 years. This includes: fewer data protection principles; the right to be forgotten; a new obligation to report data breaches; and an increase in fines of up to 4% of global turnover or 20 million euros (whichever is the greater)
Organisations should act now to comply with the new rules. But, also to get competitive advantage by adopting a good practice approach at the earliest opportunity.
If you don’t act now your competitors surely will!
E RADAR is joining forces with Perpetuum Training to deliver a GDPR compliance programme. The programme aims to help you and your organisation get competitive-ready for the General Data Protection Regulation - which comes into force May 2018
Our basic 12-step approach will include
- Awareness - making sure that the key people in your organisation understand GDPR and its likely impact.
- Information Audit - recording what personal data you hold, where it came from and who you share it with.
- Communicating Privacy Information - reviewing your current privacy notices and planning out any necessary changes in time for GDPR implementation.
- Individuals’ Rights - Checking your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
- Subject Access Requests - Updating your procedures and planning how you will handle requests within the new timescales and provide any additional information.
- Legal basis for processing personal data - examining the types of data processing you carry out and identifying your legal basis for carrying it out and document it.
- Consent - reviewing how you are seeking, obtaining and recording consent and whether you need to make any changes.
- Children - implementing systems to verify individuals’ ages and to gather parental or guardian consent for the data processing activity.
- Data breaches - establishing the correct procedures to detect, report and investigate a personal data breach.
- Data Protection by Design and Data Protection Impact Assessments - familiarising yourself now with the guidance the ICO has produced on Privacy Impact Assessments and work out how and when to implement them in your organisation.
- Data Protection Officers - designating a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.
- International - If your organisation operates internationally, determining which data protection supervisory authority you come under.
About the Facilitator
Will Roebuck, E RADAR
Will Roebuck is a director of E RADAR - a business consultancy which helps entrepreneurs and top managers get competitive and collaborative advantage online through digital transformation and governance.
Will has worked across the digital economy for over 20 years. He advised industry and government on many of the original e-commerce laws whilst managing the Alliance for Electronic Business Legal Group. He wrote the international standards for meat traceability in the open global supply chain and set up CD-ID - the Home Office funded project showcasing RFID technology to help prevent supply chain theft.
In 2005 he joined leading international corporate law firm Bird & Bird as a consultant and went on to set up E RADAR in 2010. Tech innovator, market maker and e-business strategist, Will works across multi-sectors advising on governance and risk to organisations large and small. He has worked with BCS - the Chartered Institute for IT. and also undertook prosecution work for the Probation Service, specialising in paedophile cases.
He is currently working with auctioneers and the UK's leading e-auction platform provider to deliver the latest e-bidding technologies in real time.
Will is a guest lecturer on information governance at Manchester University. He is also chair of trustees of the Shepley Hub - a community interest company looking to prevent closure of a local village library, but also transforming rural digital economies.
He is a published authority on digital matters, including Online Privacy (British standards Institute, 2004).