Under the Data Protection Act 1998 it is not a requirement to have a nominated Data Protection Officer (DPO) but under the new General Data Protection Regulations (GDPR), in force from the 25 May 2018, you may find that you need to appoint one.
Draft guidance from the ICO states that the DPO should be designated on the basis of their professional qualities, in particular, their expert knowledge of data protection law and practices together with the ability to fulfil his or her tasks. In some European countries fines can be imposed on businesses for not having the right person in the role. So who will it be?
This practical course is for anyone already in the DPO role looking to update and refresh their knowledge or for people taking up or thinking about taking up this important role.
What You Will Learn
The course will cover the following:
- The Information Commissioners Office (ICO)
- The appointment of the DPO
- What are the responsibilities of the DPO?
- Policies, registers and procedures - what do you have already and what will you need
- The DPO will have many 'hats' to wear - what professional qualities should you have?
- Dealing with data subjects rights including subject access requests
- Involvement in the Data Protection Impact Assessments (DPIA)
- Auditing - what is involved
- Training for all staff
- The recording and reporting of breaches
- The costs of getting it wrong!