Under the Data Protection Act 1998 it is not a requirement to have a nominated Data Protection Officer (DPO) but under the new General Data Protection Regulations (GDPR), in force from the 25th May 2018, you may find that you need to appoint one.
Draft guidance from the ICO states that the Data Protection Officer should be designated on the basis of their professional qualities, in particular, their expert knowledge of data protection law and practices together with the ability to fulfil his or her tasks. In some European countries fines can be imposed on businesses for not having the right person in the role. So who will it be?
This practical course is for anyone already in the DPO role looking to update and refresh their knowledge or for people taking up or thinking about taking up this important role.
The course will include:
Data Protection Act 1998 and the General Data Protection Regulations
The Information Commissioners Office (ICO)
The appointment of the Data Protection Officer (DPO)
What are the responsibilities of the DPO
Policies, registers and procedures – what do you have already and what will you need
The DPO will have many hats to wear – what professional qualities should you have
Dealing with data subjects rights including subject access requests
Involvement in the Data Protection Impact Assessments (DPIA)
Auditing – what is involved
Training for all staff
The recording and reporting of breaches
The costs of getting it wrong!