GDPR in Practice
By now, most of us working with GDPR on a day-to-day basis have discovered it’s not about the legal theory, it’s the practice! The audit has been done, we know WHAT we are supposed to do, but the sticking point remains HOW do we do it?
Common questions we address include;
- How do you write a compliant data capture device, and what should an opt-in device say?
- And what is a Record of Processing, how do you get heads of department to fill one out and do you have one I can copy?
The iCompli ‘GDPR in practice’ course is built on practical experience and is designed to get the job done.
It provides template solutions with an expert face-to-face tutor who can help you clear your GDPR to-do list.
You may be the reluctant data protection officer (DPO), the go-to-person for GDPR, or the IT/Finance Director; whatever the job title, you are the person your company looks to, to get the GDPR job done. You will have a good understanding of how your organisation organises its data, and the business processes that make your organisation ‘tick’.
We pass on our experience of delivering GDPR implementation programs in organisations just like yours.
Starting with your ‘master document’, the record of processing (RoP), we provide a fully ‘worked up’ spread sheet that we use on client programs for use during the course.
This RoP spread sheet is your ‘control room’. From here you build your ‘defensible position’, your ability to demonstrate accountability and control. An incredibly important step in being GDPR compliant, we show you why you have to do this by linking to the relevant articles in GDPR and then HOW to complete the template spread sheet.
You will be expected to arrive on the course with a good understanding of your key business processes, to which we will apply the implementation methodology.
Working through your RoP, we will address the 10-Steps to document your company records addressing all the key requirements of GDPR;
- the identification of the lawful basis for processing,
- the core GDPR rights associated with each lawful basis e.g. portability, erasure etc,
- the requirements for valid consent including provision of fair processing information via external and internal privacy policies
- the use of legitimate interests and how to complete a template legitimate interests balancing test.
- the transfer of data to third parties and the requirement for documenting your assessment of third party guarantees with a template third party supplier questionnaire and the transfer of data out of the EEA and how you have legitimised each transfer,
- the record retention schedules, including pro-forma best practise retention periods,
- the Information Asset Register and its importance in maintaining organisational control,
- the completion of a Subject Access Request (SAR), and demonstration of best practice tools e.g. redaction toolkit,
- high-risk data processing and the requirement for an Impact Assessment, and
- completion of the ‘Task Management’ spread sheet to provide a company-wide overview of progress to compliance for Board and Regulator use.
Attending this course will provide you with our template tools and awareness of regulatory and other public resources to quickly and accurately implement your GDPR compliance program. You will have gained a deeper understanding of key legal requirements e.g. consent versus legitimate interests, and the use of templates with which you can accurately and confidently complete your GDPR tasks. In addition to completing your own set of documentation which you take away with you, we provide handouts and info graphics to help deliver internal GDPR awareness. Protecting your organisation can begin with something as simple as staff understanding what data they use on a day-to-day basis and whether it is personal data which needs protection.