Under the Data Protection Act 1998 it was not a requirement to have a nominated Data Protection Officer (DPO) but under the new General Data Protection Regulations (GDPR), which came into force on the 25th May 2018, you may find that you need to appoint one.
Draft guidance from the ICO states that the Data Protection Officer should be designated on the basis of their professional qualities, in particular, their expert knowledge of data protection law and practices together with the ability to fulfil his or her tasks. In some European countries fines can be imposed on businesses for not having the right person in the role. So who will it be?
This practical course is for anyone already in the DPO role looking to update and refresh their knowledge or for people taking up or thinking about taking up this important role.
The course will include:
- The Information Commissioners Office (ICO)
- The appointment of the Data Protection Officer (DPO)
- What are the responsibilities of the DPO
- Policies, registers and procedures – what do you have already and what will you need
- The DPO will have many hats to wear – what professional qualities should you have
- Dealing with data subjects rights including subject access requests
- Involvement in the Data Protection Impact Assessments (DPIA)
- Auditing – what is involved
- Training for all staff
- The recording and reporting of breaches
- The costs of getting it wrong!