Could your reputation suffer? With training, it shouldn’t !

Now there is increased regulatory activity and growing public awareness and concern, no organisation can afford to ignore data protection. Compliance, preferably best practice, avoids problems with the regulator, preserves reputation and develops client confidence. Would you know what to do with, and how to handle a Subject Access Request or a request under the Right to Object?

We have provided data protection consultancy to several law firms, supporting them with their compliance, including compliance audits, appropriate documentation, advising on processor contracts and advice on personal data breaches. We have also delivered training to a large number of solicitors, often through other organisations, such as the Law Society of Scotland.

In addition to our generic courses, which are suitable for legal professionals, we have developed four half day courses aimed at addressing the needs of the legal sector. These courses, focusing on significant data protection challenges, are particularly relevant for solicitors and others who have a specific responsibility for the handling of personal data, but will also be of value and interest(!) to many others.

These half day courses will be available in August and September through the Law Society of Scotland.  In the meantime, if you would like us to deliver any of them in-house please contact us.  Alternatively, if you would like to attend a public course please get in touch and we will try to build a critical mass..

Data Protection: Managing Data Subject Rights

Data Protection: Managing Data Subject Rights

This half day course will assume basic knowledge of the current data protection regime

Since the introduction of the GDPR and the Data Protection Act 2018 there has been a significant increase in public awareness of data protection issues, in particular data subject rights.  In some sectors, this has led to a massive increase in the number of data subject requests to data controllers.

The course examines all of the data subject rights, with particular emphasis on the Right of Access.  It will consider when the rights are available to data subjects, how to respond to them and how to manage data to facilitate a response.  It will also consider issues around client files.

Planned Timetable
15 mins Introduction and background to data subject rights

Generic requirements

25 mins The rights and their availability to data subjects:

  •          Right of access
  •          Right to Rectification
  •          Right to Erasure
  •          Right to Object
  •          Right to Restriction
  •          Right to Data Portability
  •          Automated Decision Making
15 mins Data management discipline
10 mins Right of Access:

  •          The entitlement
15 mins Break
50 mins Right of Access:

  •          Limitations
  •          Third party data
  •          Exemptions
  •          Requests from clients
  •          Requests from third parties
25 mins Procedures
15 mins The Right to Compensation
10 mins Conclusion and further questions

Data Protection Compliance: Accountability and Governance

Data Protection Compliance: Accountability and Governance

This half day course will assume basic knowledge of the current data protection regime and consider, in some detail, the accountability requirement introduced by the GDPR.

Accountability is one of the data protection principles - it makes data controllers responsible for complying with the GDPR, but also says that they must be able to demonstrate their compliance.

The course will consider what is actually meant by ‘accountability’ and will include a detailed consideration of what should form an ‘accountability portfolio’ and the activities necessary to demonstrate compliance.

Planned Timetable
15 mins Accountability and Governance:

  •          Why is it important?
  •          What does it mean?
  •          The Accountability Principle
20 mins Documentation – the ‘accountability portfolio’

Documenting decisions

20 mins Processor contracts
25 mins Data Protection by Design and by Default
15 mins Break
30 mins Data Protection Impact Assessments
25 mins Personal data breach recording and reporting
15 mins Training requirements – the risks of the ICO visit
15 mins Close and further questions

Data Protection: Data Sharing

Data Protection: Data Sharing
  • This half day course will assume basic knowledge of the current data protection regime
  • Solicitors frequently share personal data with other organisations or individuals.  As long as there is a valid reason for this it will usually be permissible under data protection legislation (the GDPR and the Data Protection Act 2018).  However, it is essential to establish the legal basis and requirements for doing this.  With the growing public awareness of data protection, sharing could be challenged by data subjects, with possible complaints to the ICO.  The course will include issues around sharing data with service providers such as expert witnesses and private investigators.
Planned Timetable
15 mins Introduction

What is data sharing?

Why is it an issue?

30 mins Sharing with processors


40 mins Sharing with joint controllers:

  •         Purpose and legal basis
  •         One-off sharing
15 mins Break
45 mins Sharing with joint controllers:

  •         Regular sharing
  •         Data sharing agreements
  •         Expert witnesses, private investigators
20 mins Sharing with the police and other authorities
15 mins Conclusion and further questions

Data Protection and Direct Marketing

Data Protection and Direct Marketing

This half day course will assume basic knowledge of the current data protection regime

The introduction of the GDPR in May 2018, with its emphasis on ‘consent’, has caused great concern in organisations carrying out direct marketing.  This has been exacerbated by bad advice and misinformation from many sources.

The course will consider the implications of the GDPR and the Privacy and Electronic Communications Regulations (PECR) for direct marketing, addressing email, telephone and postal marketing.  It will address the differences between business to consumer (B2C) and business to business to business (B2B) marketing.

Guidance will be given on carrying out compliant marketing campaigns.

Planned Timetable
15 mins Introduction

  •          The relevant legislation
  •          The enforcement regime
35 mins GDPR: legal bases

  •          Consent
  •          Legitimate interests
30 mins Privacy and Electronic Communication Regulations (PECR)

  •          Email marketing
    •    Consent requirements
    •    Soft opt-in
15 mins Break
10 mins Privacy and Electronic Communications Regulations (PECR)

  •          Telephone marketing
    •    TPS, consent …
    •    Postal marketing
20 mins The Interaction between the GDPR and the PECR
20 mins Getting email marketing right

  •          B2C
  •          B2B
15 mins The EU ePrivacy Regulation
15 mins Conclusion and further questions

Training hours can be accredited as CPD for professional bodies whose members are required to accrue a stipulated number during the year. This course will satisfy the requirements of most professional bodies for six hours of verifiable CPD. Attendance certificates will be available on request.  All courses have clear learning outcomes. Some have been endorsed by Training Qualifications UK and certificates are awarded subject to passing an examination. Other courses have certificates of attendance issued that can be used to demonstrate elements of accountability.

We can bring our training to you, the benefits in doing this are:

  • Convenient – Programmes can be presented at the location of your choice, at a time that is suitable for all your participants. This also means less time out of the office!
  • Confidential – Your opportunity to openly discuss real issues in order to produce real and applicable solutions with our training team.
  • Tailored – Programmes designed to meet the specific requirements of your company or organisation.  We can design a programme for you and ensure the content is specific to your sector or needs
  • Team Work – Greater interaction and enhanced learning experience.
  • Cost Savings – The costs to your organisation are considerably less than sending a large number of participants to a course held in a hotel or conference centre.


We’re only a ‘click’, call or e-mail away – so get in touch.