5.5 verifiable hours CPD
The implementation of the General Data Protection Regulation (GDPR) will be the biggest change to data protection rules in two decades. Given that law firms hold and process a great deal sensitive personal data, it is absolutely crucial that they adjust to the new regime in advance of it coming into force on 25 May 2018. Failure to adhere to the regulations, whether through failing to report data breaches or improper processing of data, carry the risk of severe fines – up to £20,000,000 or 4% of turnover.
The Data protection and GDPR roadshow will provide you with a firm grasp of what you need to know to be GDPR ready. You will be reacquainted with the current data protection regime and provided with clear guidance of how it will be complemented by the GDPR. From there, the programme will explore key areas in more depth: managing relationships with clients, colleagues and third parties; implementing the necessary policies and procedures to manage personal data and ensuring that data is kept secure and risks are minimised.
One of the realities of today’s world of cloud storage and data outsourcing is that data breaches can still happen regardless of how careful or well prepared you are. While meticulously implementing and adhering data protection procedures can exponentially minimise risk, it cannot eliminate it altogether. In recognition of this, the GDPR roadshow will also feature a practical data breach crisis management workshop. Improper handling of a data breach can incur the harshest possible fines under the regulation, and this workshop will provide you with practical hands-on knowledge you need to avoid a worst case scenario.
- Overview of current data protection regime
- Brief introduction to changes implemented by GDPR
- Data subjects: consent, subject access requests and keeping clients informed
- Colleagues: implementing policies and procedures
- Third parties: outsourcing data; making sure service providers are compliant
- Identifying, categorising and processing personal data and sensitive personal data
- Auditing personal data: What data is held? Why is it held? What should be done with it? How was it received?
- Transferring personal data outside the EEA
- Privacy impact assessments
- Minimising risk and managing crises