Workshops and Training

Our training and workshops are delivered by lawyers and data protection and privacy specialists who have proven experience in court and in helping organisations understand, plan and deliver on their GDPR challenges

This 3-day course provides a comprehensive practical overview of the Data Protection Officer – not only the first significant statutory company officer to be created in centuries, but by far the most onerous of all.

Through a practical course for non-lawyers, this course is delivered only by qualified data protection lawyers with court litigation experience.

In the course you’ll learn what it means in law to be a DPO. You’ll learn the methodology of how to approach the office as the law changes underneath your feet. You’ll discover a number of the analytical techniques required to perform the job, including how quantitatively to measure your own and your enterprise’s GDPR compliance and to quantify its mirror image, GDPR financial risk. And you’ll practice your new learning with practical class exercises, creation of processing records, analysis of consequences including context-specific subject right implementations. and production of processing-specific Notices and statutory High-Risk Testing. Finally, you’ll see examples of the legal cases that law firms representing your data subjects might draft against your chosen solutions.

There are special sections devoted to Brexit (all scenarios), and how to handle the Merger and Acquisition risks associated with the office of DPO.

At the end of this course you demonstrably will have acquired theoretical and practical knowledge of how to create solutions to the privacy issues that affect virtually every business.

This course is ideal for:

  • Students
  • Professionals
  • Those who wish to understand, aspire to, or prepare for entry to the DPO office
  • Existing DPOs (or lawyers performing Continuing Professional Development) wishing to update themselves on law and associated techniques
  • Staff who work with DPOs
  • Board Directors who are considering Mergers and Acquisitions and/or tasked with DPO oversight
  • Senior executives (including the Board of Directors/Commissioners, Audit Committee and the Risk Management Committee)

Delegates will also be provided with:

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material
Workshop Detail
Duration 24 hours of instructor-led study
Prerequisites

Reading as above plus some knowledge of privacy.

Delegates preferably should already be involved as a DPO/data protection manager/data protection analyst; actively involved on GDPR/remediation projects; or preparing for a DPO appointment; or data protection lawyer; or Board director with oversight of DPO.
Learning Objectives
  • Understand how GDPR concepts fit into the legal context
  • Appreciate how DPO concepts fit into the GDPR
  • Translate GDPR legal concepts to practical requirements
  • Justify DPO appointment and especially non-appointment
  • Identify content/breadth/depth of DPO skills against statutory abilities
  • Discover how DPOs personally can and have triggered GDPR breach
  • Understand where DPO liability falls
  • Identify/avoid/mitigate GDPR breach arising from the DPO
  • Assess GDPR compliance of a DPO advertisement, Notices, etc.
  • Understanding Supervisors and Phone a Friend
  • Assess current enterprise compliance
  • Understand how to report to the Board
  • Align enterprise and Group governance strategy to the GDPR
  • Appreciate and solve DPO-connected Merger and Acquisition ‘deal-killers’
Curriculum

Part 1 – GDPR Theory Refresher

  • Introduction
  • Brief coverage of all non-DPO examinable material
  • Brexit and the three types of jurisdictions
  • Brief class exercises on interdependent GDPR concepts

Part 2 – DPO Theory

  • Basic Concepts
  • Appointment tests
  • Appointment and GDPR breach
  • Non-appointment and GDPR breach
  • External versus Non-external
  • M&A – GDPR Pitfalls in General
  • M&A – DPO-specific Pitfalls
  • Meaning of Breach
  • Notices and Breach
  • Legal case study on Notice

Part 3 – DPO Compliance Methodology in Practice

  • Class exercises against case studies, illustrating theory

Part 4 – Practicing DPO Compliance Skills

  • Processing Records Case study
  • Delegate creation of privacy metadata
  • Delegate creation of Notifications
  • Delegate creation of High Risk Tests (DPIA prerequisite)
  • Generation of legal risk assessments
  • Generation of quantified financial risk assessments
Classroom White-board, notebooks, overhead/data projector and access to the internet for some exercises
Class Requirements Desktops available to delegates with internet access
Webinar Option Yes
Courseware
Exam

This 3-day course delivered by a data protection lawyer provides a comprehensive practical overview of the General Data Protection Regulation [(EU) 2016/679]. As a practitioner course, you’ll study the regulation itself, including GDPR basics and risk management.

You’ll also study GDPR’s relationship to current data protection and privacy legislation in Europe and elsewhere and learn the multi-jurisdictional consequences for the collection, retention, and processing of Personal Data.

Rather than learning ‘by rote’, you’ll learn how to interpret and apply the GDPR to practical situations. So this is a ‘deep dive’. For example you’ll appreciate from a recent case why choosing the correct legal basis for personal data processing is fundamental to avoid a ‘cascade’ of many other breaches; the logical and practical connections of ‘monitoring’ and ‘profiling’, and why this typically is misunderstood by lawyers and business alike; why recruiting DPOs like other employment candidates necessarily assumes substantial risk; and the pros and cons of the international transfer regimes.

Recent additions to the course include practical examples of fines and the reasoning behind them; the differing effects of Brexit on GDPR compliance, depending on whether you are a UK an EU, or a third-country enterprise; why the GDPR cannot be affected by whatever trade deals entered into by the UK, or not; why many national enactments of opt-outs (including the UK’s post-Brexit) will fail; and how the risks of data trade war with the USA have played out in Court.

Finally you’ll discover what the integrated Personal Data environment would look like in your organisation. You’ll then be able to develop, integrate and manage the changes required by GDPR in your organisation’s governance, business and data processing.

This course is ideal for:

  • Chief risk officers responsible for process and governance
  • Lawyers wishing to understand the whole context of GDPR
  • Auditors, risk and compliance practitioners
  • Data privacy, security and compliance consultants

Delegates will also be provided with:

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material
Workshop Detail
Duration 24 hours of instructor-led study
Prerequisites

Reading as above plus some knowledge of privacy.

Delegates preferably should already be involved as a DPO/data protection manager/data protection analyst; actively involved on GDPR/remediation projects; or preparing for a DPO appointment; or data protection lawyer; or Board director with oversight of DPO.
Learning Objectives
  • Understand how GDPR concepts fit into the legal context
  • Overview of legal systems and their interrelationship
  • Embedding GDPR within organisations under common law, civil law and other legal systems
  • Major required changes in corporate governance standards and processes
  • Subtle effects of ‘Big Data’
  • How to succeed under the self-reporting model of GDPR
Curriculum
  • Foundations of Modern Privacy Law
  • GDPR Basics
  • Personal Data and Consent: the six pathways to lawful business models
  • Key Data Subject Rights
  • Monitoring, Profiling, IT, the business, the GDPR, and case law
  • Key Controller Obligations – principles, ‘tick-boxes’, pseudo-rights, etc.
  • Exemptions, Member State Opt-outs
  • Risk Management and the EU Data Protection Officer – who, what, why, how?
  • International Transfers / Adequacy Regimes – BCRs, SCCs, Privacy Shield
  • Non-compliance – the new legal and technological routes to legal enforcement
  • GDPR’s new legal defences against Foreign Governments
  • Effect of Brexit on the GDPR – and vice versa
  • Business Impacts: Security, Cloud, out-sourcing / Data Processors, IoT, Big Data
  • Next Steps – practical enterprise approaches to GDPR compliance
  • PIAs, BCRs, Enterprise Privacy Architecture basics
  • Project / Privacy Office Organisation and Workflow Management
  • Information Architecture, Data Mapping, and Privacy Dataflow Mapping
  • Enterprise Privacy Architecture as metadata
  • Multi-jurisdictional Legal Architecture
  • Automated Privacy Impact Assessment as core Project Initiation subprocess
  • The Future: Embedding Transactional EPA Metadata into Operational Systems
Classroom White-board, notebooks, overhead/data projector and access to the internet for some exercises
Class Requirements Desktops available to delegates with internet access
Webinar Option Yes
Courseware
Exam