Since GDPR came fully into force in May 2018, privacy and data protection has become such an important issue that even organisations that are not mandated to appoint a statutory Data Protection Officer are choosing to adopt the role or create an equivalent position with a different title.

Under the GDPR, you must appoint a data protection officer (DPO) if you:

• Are a public authority or body, including schools, academies, libraries, utility companies and many more
• Carry out large scale processing that requires systematic monitoring of data subjects
• Carry out large scale processing of sensitive data (such as health, religion or race) or data relating to criminal convictions and offences

This course will help those who are new to the position of DPO as well as those who are experienced but need to know how the recent changes to the law affect the role. It will also benefit those acting as the data protection lead for their organisation, even if they are not legally required to appoint a DPO. This course will also help to inform anyone needing to recruit a DPO for their organisation or wishing to confirm that they are fully compliant with the mandatory GDPR requirements.

• Which organisations must appoint a DPO?
• Should you appoint a DPO, even if you are not required to do so?
• How can you decide whether the scale of data you handle is large enough to fall within scope?
• How can you determine whether your data processing activities constitute ‘regular and systematic’ monitoring?
• Which data processing activities are ‘core’ and ‘ancillary’ and why is it crucial to know the difference?
• Who can and who cannot act as a DPO?
• What support and protections must an organisation provide to their DPO?
• What qualifications must a DPO hold?
• What experience should a DPO have?
• If you already have a DPO, how can you be sure they meet the minimum criteria set out by GDPR and can therefore legitimately continue in their role?
• To whom should the DPO report and how do they fit into the organisational structure?
• What are the DPO’s general responsibilities?
• What are the DPO’s responsibilities in relation to data mapping and what techniques are available?
• What is the DPO’s role in conducting Data Protection Impact Assessments?
• What are the DPO’s specific responsibilities regarding training and education?
• How can a DPO create a data protection culture?
• What obligations does a DPO have to customers, clients or business partners?
• What procedures need to be in place to effectively deal with Data Subject’s exercising their rights?
• What does GDPR say about the relationship between the DPO and the Information Commissioner’s Office?
• How should a DPO deal with requests from the ICO?
• How might other duties of a DPO create a conflict of interest?
• Who should be responsible for developing your organisation’s data protection policies and procedures?
• What policies and procedures should an organisation have in place as a minimum requirement?
• What are the DPO’s specific responsibilities regarding security and data audits?
• What must a DPO do in the event of a data breach?
• What are the new penalties for a data breach under GDPR?
• What are the personal liabilities of the person holding the office of the DPO?

• A course pack containing the information presented on the day
• A certificate of attendance
• A DPO checklist to help you confirm your compliance with the GDPR requirements.
• Complimentary refreshments and lunch provided