<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
  • general data protection regulation training

    Essentials: GDPR Training

  • general data protection regulation training

    Essentials: GDPR Training

  • general data protection regulation training

    Essentials: GDPR Training

gdpr training

Facts and opinions about individuals constitute personal data, and are legally protected in the UK and elsewhere in the EU. Learn about the principles of data protection and how you can apply these in practice.

In this course, you'll learn about what personal data is, why we need to protect data, and how you can comply with our Data Protection Policy and procedures.

Learning Objectives
  • Differentiate between personal data and sensitive personal data
  • Explain the conditions to meet in relation to sensitive personal data
  • Recognise why data protection is important
  • State the key players and outline their role
  • Identify the key requirements of the Data Protection Act 1998 and the principles of data processing
  • Outline the need for registration with the Information Commissioner
  • Explain how to deal with data access requests
Course Contents
  1. What is data protection?
  2. Section 1: What is personal data?
  3. What is sensitive personal data?
  4. You make the call: Is it personal, sensitive or non-personal data?
  5. Is it important to protect personal data?
  6. Section 2: The Data Protection Act (DPA)
  7. Data protection terminology
  8. DPA offences
  9. DPA violations and penalties
  10. Fraud and money laundering risk
  11. Section 3: Data registration
  12. Scenario: Registration
  13. Exercise: Sanctions for failure to register
  14. Section 4: Rights of the data subject
  15. Dealing with Data Subject Access Requests (DSARs)
  16. You make the call: Valid DSAR or not?
  17. Scenario: Unidentified request
  18. Section 5: Eight principles of data protection
  19. Do you know: What's lawful and limited?
  20. Do you understand: How much and how long?
  21. Do you know: What to keep accurate and updated
  22. EU-US Privacy Shield
  23. Do you know: What constitutes transfer outside the EEA?
  24. Section 6: Your responsibilities
  25. Reporting and co-operating
  26. Section 7: General Data Protection Regulation
  27. Summary
  28. Assessment
Specification
Feature Description
Duration Approximately 40 minutes
Audience Suitable for all staff - examples and interactivities designed for staff at all levels
Prerequisites No previous knowledge or experience required
Design SHARD-compliant, responsive display on all devices, accessibility on screen readers, visual design controlled via client style sheet
Assessment Ten-question assessment
Test-out Ability to offer optional test-out, whereby users can choose to skip the course content and complete the learning assignment simply by passing the assessment
iExpress Supplementary four-minute iExpress interactive video provided to create awareness and interest about the topic
Deployment AICC and SCORM 1.2-compliant, suitable for both hosted and deployed SCORM or AICC
Compatibility All Windows, Mac OSX, iOS, Android (Flash-free for mobile compatibility)
Tailoring Fully customisable on Skillcast Portal CMS
Translation Pre-translated versions not available, but all text content can be exported for translation into all languages
Localisation Based on UK legislation, but suitable for global audiences upon the removal of UK-specific references and translation as necessary
 

What is the General Data Protection Regulation?

Every year, we generate and consume increasing amounts of information in both electronic and hard-copy formats. It is vital that we protect this information from unauthorised use or access, and illegal copying, viewing or loss.

The new General Data Protection Regulation will come into effect on May 25th 2018 and will replace the current Data Protection Directive (DPD). 

As with its predecessors, it is designed to protect the personal data of individual's and regulate how organisations and businesses use personal information.

Anyone responsible for using data has to follow very strict rules, as set out in the regulation.

But, what exactly is personal data?

Section 1 of the Data Protection Act defines “personal data” as any data that can be used to identify a living individual. This includes names, addresses, date of birth, telephone numbers, and email addresses.

Under the ‘data protection principles’, those using data must ensure that the information they are using is:

  •  Used fairly and lawfully – meaning a person must have legitimate grounds for collecting and using the personal data
  • Obtained for specifically stated purposes – and be clear from the outset about why the personal data is being collected and what its use will be
  • Adequate, relevant and not excessive – in relation to the purpose/s for which they are processed
  • Accurate and kept up to date
  • Not kept for longer than is absolutely necessary and securely delete information that is no longer needed
  • Processed in accordance of people’s data protection rights under the Act

There are also some special categories of personal data – known as sensitive personal data – which may cause harm or distress if they are improperly used or disclosed. Examples of this include details of a person’s racial or ethnic origin, political opinions, religious beliefs, physical or mental health, sexual origin, as well as any genetic and biometric data that uniquely identifies an individual.

With sensitive personal data, there must be a very specific business reason or legal requirement for obtaining it and must not collect or use such information without prior consent and authorisation.

What will change under GDPR?

Although the key principles of data protection will remain the same, many key changes will be brought in when this new regulation is introduced.

Some of the more significant changes include tighter sanctions, more rights for individuals, and a wider territorial scope – meaning that any non-EU organisation doing business in the EU will also be obliged to comply.

However, one of the most potentially damaging changes to be introduced is the much tougher penalties at play for firm’s found guilty of failing to comply with regulation policies and procedures. Currently, organisations can face fines of up to £500,000 – but when GDPR takes effect, those fines can potentially increase to 4% of a company’s global annual turnover or EUR 20 million – whichever is the highest.

So, to avoid these hefty fines, what measures do businesses need to start implementing, if they haven’t done so already, to ensure they don’t come under fire come May 2018?

There are many ways in which companies can get themselves ready for GDPR, such appointing a Data Protection Officer, implementing a documentation process for the information they collect, use, store and share with other people, and raising awareness among staff of the impact these new rules will have on the business.

Click here to download our free poster on GDPR - Top Tips

What impact will Brexit have on GDPR for UK Businesses?

Despite Brexit and the Government’s decision to trigger Article 50, the UK will continue to be part of the European Union until 2019 at the earliest, and therefore, UK firm’s will still have to be GDPR compliant by May 2018.

What happens post the UK's departure from the EU will largely depend upon whether the UK joins the European Economic Area. While we are still in the dark about many things post Brexit, one thing that is for certain is that UK businesses will be fully subject to GDPR rules for the best part of a year at least, and should therefore begin the process or continue to get up to speed on these new regulations.

Our GDPR Training Course

With its imminent introduction, we have added a section on General Data Protection Regulation training to our existing Data Protection training course.

Upon completion of this course, learners will be able to:

  • Distinguish between non-personal, personal and sensitive data
  • Understand the guidelines for GDPR
  • Know the offences under GDPR and the penalties for failing to comply
  • Recognise when and how to report breaches

Get your business GDPR ready with our free training presentation

Data security on the move

Data security should be an essential area of concern for all businesses and business owners. After all, with the amount of information stored virtually these days, it’s easy to see why just one breach could be seriously damaging to a business.

Such breaches are more often than not down to human error due to a lack of understanding when it comes to Information Security and Data Protection Policies.

Information Security breaches can also occur when a person is working while on the move. There is the risk of someone overhearing a private and confidential conversation, electronic communications being intercepted if using unsecured networks and devices containing confidential data being lost of stolen.

Train your staff up on Information Security with our free interactive  presentation

Email and password security

Emails and passwords pose a huge risk to information and data security. For example, email distribution lists which allow a user to send emails to everyone in their address book at once, are a popular feature as it saves lots of time. However, it can be dangerous if used irresponsibly and can cause chaos to an organisation. It is crucial that the information being sent is checked against the recipient list before pressing ‘send’, and the entire content of the email thread is checked before it is forwarded on. Not all recipients of an email have a genuine ‘need to know’ and this must be determined before any action is taken.

It is also very common for people to fall into the trap of using the same password for everything, otherwise it means having lots of different passwords to remember. This can cause a serious personal data breach, and even though it may be slightly more of a hassle, having more complex passwords and changing them regularly will reduce the chance of hackers getting hold of your personal information.

call1.png
We're here to help! Get In Touch