SBS Cyber Security launches a practical, GDPR compliance training course
GDPR compliance will be mandatory for most UK businesses when it comes into force on May 25th 2018. Whilst there are many training courses that focus on the legislation, there are few, if any, that focus on how to plan and implement a continuous, GDPR compliance programme, using readily available software tools.
Recognising that companies need practical, hands-on instruction and not simply an interpretation of the regulation, Manchester based SBS Cyber Security has developed a training course for DPO’s – Data Protection Officers who are responsible for GDPR compliance within organisations. This immersive, 3-day course will enable delegates to plan and implement a continuous, GDPR compliance programme, using readily available software tools.
To understand whether the GDPR applies to your organisation and, if it does, what obligations it imposes, it is important to make an inventory of your organisations’ data. This will help you to understand what data is personal data, and identify the systems where that data is collected and stored, understand why it was collected, how it is processed and shared and how long it is retained.
Most businesses have extensive customer folders, files and registers that record numerous aspects of a person’s personal data: name, address, NI number, e-mail address, bank account and credit card details, biometric or behavioural data, etc. GDPR states that you need to do the following:
- Data processors – those who process data on behalf of the Data Controller. Data processors must maintain records and are directly liable, if responsible for a breach.
- Data controllers – new obligations include a duty to ensure that your contracts with processors comply with the GDPR.
- “Accountability principle” – you must show how you comply e.g. document what you have done and why.
- Privacy Impact Assessments – must be carried out to assess the risk to individuals’ rights, e.g. when using new technology, marketing new services, using their data.
- Higher standards for consent and gaining permission to use subject data.
- Enhanced rights for individuals, including the right to be informed, object and be forgotten as well as rights regarding access, rectification, erasure, restrictions on processing, data portability and automated decision making
- Data Protection Officer – not mandatory for all organisations but an appropriately senior individual must be responsible for GDPR compliance and reporting to the Board of Directors.
- There is a duty to report a breach within 72 hours of notice, which will apply to all. Failure to report will result in a fine.
- Increase in maximum fines up to 4% of global annual turnover. The maximum is likely to be levied if companies have done little or nothing to comply with GDPR.
Protecting your data
Many larger businesses or those that possess extensive subject data will be concerned as to how they protect their data and how they implement the right controls and adopt future practices that conform to the legislation. The GDPR sets new standards in transparency, accountability, and record-keeping. You will need to be more transparent about not only how you handle personal data, but also how you actively maintain documentation defining your processes and use of personal data.
For any business, it’s a major undertaking and many will need practical guidance and the right IT systems that can categorise, control, encrypt and report upon their data.
The clock is ticking, but practical, hands-on support is available:
The SBS GDPR Training Course has been developed and will be delivered by Peter Farrer, ISO 27001 Lead Auditor and Implementer who is a renowned Information Security and Risk Management Consultant. The course will take the delegate through the GDPR legislation, teaching the practical application of data mapping to data management tools to enable proven and auditable conformance. The course will be run in collaboration with the Greater Manchester Chamber of Commerce and conclude with a multiple choice examination, that leads to subject certification, based upon achieving the pass mark.
For further information on course content, location, price and booking details, please visit the SBS web site at www.sbscybersecurity.co.uk , telephone SBS Cyber Security on 0161 827 1600 or contact Greater Manchester Chamber of Commerce on 0161 393 4321 or visit the events page at http://www.gmchamber.co.uk/events