GDPR & Data Protection - 6 Essential Online Modules - Webinar

Introduction

Following Brexit, the UK has adapted the General Data Protection Regulation, developed its own rules on International Data Transfers, implemented Internet Safety laws and produced guidance on risk assessments for data protection and also AI and protection of children online.

This boxset including 6 x 30-minute modules aims to provide an introduction and summary of the current UK Data Protection regime.

Module 1 Introduction to the UK GDPR & Data Protection Act 2018 (‘the UK DP Law’)

This module will examine key aspects of the GDPRs and will include:

• Definitions
• Applicability
• Principles
• Grounds for processing
• Data subject rights
• Enforcements and fines

Module 2 Data Protection Principles & Grounds for Processing

This module will cover:

• Fair and lawful processing and transparency
• Accountability
• Data subject rights
• Data security
• The six lawful grounds for processing

Module 3 Data Subject Rights

Under the GDPRs individuals have a range of rights from information and access to portability and erasure and to rectification and objection and compensation. There are strict timelines in which to respond to data subject requests and a limited but important number of exemptions.

This module will look at the six grounds for processing and highlight:

• Right to information
• Right of access
• Right of erasure and restriction
• Right to object
• Right to compensation
• Use of exemptions

Module 4 Managing Data Incidents & Investigations

It is not a matter of if but when a data breach will happen. Not all data incidents are reportable data breaches, but they are all an issue to be planned for. Data incidents may be the result of internal or external actions or inactions. Preparing for and responding to data incidents as are important as preventing them.

This module will cover:

• Examples of internal and external threats
• How to minimise risks
• Internal and external due-diligence
• Reporting an incident
• The cost of non-compliance

Module 5 International Data Transfers

The UK DP Law restricts transfers of personal data from the UK and the EEA to countries that do not adequately protect the rights of individuals. Apart from consent, contractual necessity and other limited exceptions, transfers have to be controlled by approved solutions including the UK International Data Transfer Agreement (IDTA), Binding Corporate Rules (BCR), Standard Contractual Clauses (SCC) or the UK-US Data Bridge.

This module will cover:

• IDTA
• SCC
• BCR
• Codes of Conduct
• Seals and certifications

Module 6 Data Protection Impact Assessments & Data Protection by Default

Data Protection Impact Assessments (DPIA) and Data Protection by Default are key requirements of the UK DP Law. Other risk assessments are essential for use of AI, for compliance with the Online Safety Act and when processing children’s personal data.

This module will advise on how to adhere to data protection by default and how and when to use a DPIA and other risk assessments and will cover:

• Implementing Data Protection by Design and Default
• What is DPIA
• When to use a DPIA
• AI Assessments
• Online Safety Assessments
• Other risk assessments