Could your reputation suffer? With training, it shouldn’t !
Now there is increased regulatory activity and growing public awareness and concern, no organisation can afford to ignore data protection. Compliance, preferably best practice, avoids problems with the regulator, preserves reputation and develops client confidence. Would you know what to do with, and how to handle a Subject Access Request or a request under the Right to Object?
We have provided data protection consultancy to several law firms, supporting them with their compliance, including compliance audits, appropriate documentation, advising on processor contracts and advice on personal data breaches. We have also delivered training to a large number of solicitors, often through other organisations, such as the Law Society of Scotland.
In addition to our generic courses, which are suitable for legal professionals, we have developed four half day courses aimed at addressing the needs of the legal sector. These courses, focusing on significant data protection challenges, are particularly relevant for solicitors and others who have a specific responsibility for the handling of personal data, but will also be of value and interest(!) to many others.
These half day courses will be available in August and September through the Law Society of Scotland. In the meantime, if you would like us to deliver any of them in-house please contact us. Alternatively, if you would like to attend a public course please get in touch and we will try to build a critical mass..
Data Protection: Managing Data Subject Rights
This half day course will assume basic knowledge of the current data protection regime
Since the introduction of the GDPR and the Data Protection Act 2018 there has been a significant increase in public awareness of data protection issues, in particular data subject rights. In some sectors, this has led to a massive increase in the number of data subject requests to data controllers.
The course examines all of the data subject rights, with particular emphasis on the Right of Access. It will consider when the rights are available to data subjects, how to respond to them and how to manage data to facilitate a response. It will also consider issues around client files.
15 mins |
Introduction and background to data subject rights
Generic requirements |
25 mins |
The rights and their availability to data subjects:
- Right of access
- Right to Rectification
- Right to Erasure
- Right to Object
- Right to Restriction
- Right to Data Portability
- Automated Decision Making
|
15 mins |
Data management discipline |
10 mins |
Right of Access:
|
15 mins |
Break |
50 mins |
Right of Access:
- Limitations
- Third party data
- Exemptions
- Requests from clients
- Requests from third parties
|
25 mins |
Procedures |
15 mins |
The Right to Compensation |
10 mins |
Conclusion and further questions |
Data Protection Compliance: Accountability and Governance
This half day course will assume basic knowledge of the current data protection regime and consider, in some detail, the accountability requirement introduced by the GDPR.
Accountability is one of the data protection principles - it makes data controllers responsible for complying with the GDPR, but also says that they must be able to demonstrate their compliance.
The course will consider what is actually meant by ‘accountability’ and will include a detailed consideration of what should form an ‘accountability portfolio’ and the activities necessary to demonstrate compliance.
15 mins |
Accountability and Governance:
- Why is it important?
- What does it mean?
- The Accountability Principle
|
20 mins |
Documentation – the ‘accountability portfolio’
Documenting decisions |
20 mins |
Processor contracts |
25 mins |
Data Protection by Design and by Default |
15 mins |
Break |
30 mins |
Data Protection Impact Assessments |
25 mins |
Personal data breach recording and reporting |
15 mins |
Training requirements – the risks of the ICO visit |
15 mins |
Close and further questions |
Data Protection: Data Sharing
- This half day course will assume basic knowledge of the current data protection regime
- Solicitors frequently share personal data with other organisations or individuals. As long as there is a valid reason for this it will usually be permissible under data protection legislation (the GDPR and the Data Protection Act 2018). However, it is essential to establish the legal basis and requirements for doing this. With the growing public awareness of data protection, sharing could be challenged by data subjects, with possible complaints to the ICO. The course will include issues around sharing data with service providers such as expert witnesses and private investigators.
15 mins |
Introduction
What is data sharing?
Why is it an issue? |
30 mins |
Sharing with processors
contracts |
40 mins |
Sharing with joint controllers:
- Purpose and legal basis
- One-off sharing
|
15 mins |
Break |
45 mins |
Sharing with joint controllers:
- Regular sharing
- Data sharing agreements
- Expert witnesses, private investigators
|
20 mins |
Sharing with the police and other authorities |
15 mins |
Conclusion and further questions |
Data Protection and Direct Marketing
This half day course will assume basic knowledge of the current data protection regime
The introduction of the GDPR in May 2018, with its emphasis on ‘consent’, has caused great concern in organisations carrying out direct marketing. This has been exacerbated by bad advice and misinformation from many sources.
The course will consider the implications of the GDPR and the Privacy and Electronic Communications Regulations (PECR) for direct marketing, addressing email, telephone and postal marketing. It will address the differences between business to consumer (B2C) and business to business to business (B2B) marketing.
Guidance will be given on carrying out compliant marketing campaigns.
15 mins |
Introduction
- The relevant legislation
- The enforcement regime
|
35 mins |
GDPR: legal bases
- Consent
- Legitimate interests
|
30 mins |
Privacy and Electronic Communication Regulations (PECR)
- Email marketing
- Consent requirements
- Soft opt-in
|
15 mins |
Break |
10 mins |
Privacy and Electronic Communications Regulations (PECR)
- Telephone marketing
- TPS, consent …
- Postal marketing
|
20 mins |
The Interaction between the GDPR and the PECR |
20 mins |
Getting email marketing right
|
15 mins |
The EU ePrivacy Regulation |
15 mins |
Conclusion and further questions |
Training hours can be accredited as CPD for professional bodies whose members are required to accrue a stipulated number during the year. This course will satisfy the requirements of most professional bodies for six hours of verifiable CPD. Attendance certificates will be available on request. All courses have clear learning outcomes. Some have been endorsed by Training Qualifications UK and certificates are awarded subject to passing an examination. Other courses have certificates of attendance issued that can be used to demonstrate elements of accountability.
We can bring our training to you, the benefits in doing this are:
- Convenient – Programmes can be presented at the location of your choice, at a time that is suitable for all your participants. This also means less time out of the office!
- Confidential – Your opportunity to openly discuss real issues in order to produce real and applicable solutions with our training team.
- Tailored – Programmes designed to meet the specific requirements of your company or organisation. We can design a programme for you and ensure the content is specific to your sector or needs
- Team Work – Greater interaction and enhanced learning experience.
- Cost Savings – The costs to your organisation are considerably less than sending a large number of participants to a course held in a hotel or conference centre.
We’re only a ‘click’, call or e-mail away – so get in touch.