Accountability is the main focus of modern Data Protection. Having evidence to prove that you have “done your homework” and planned out your approach to controlling risks to individuals is a key area for many organisations. Organisations increasingly are struggling to use Data Protection Impact Assessments effectively in order to both prove that they have done their best to comply with the law, to design products and services that are safe for individuals to use, and reduce the risk of harm both to them and to you, and to ensure that the findings result in actual change – rather than simply justifying the status quo, and wasting everybody’s time.
Making DPIAs more than just a legal requirement, and embedding them as valuable design tool that really adds value to the final product or service is certainly an area where organisations have found difficult – but in reality is a primary tool for Privacy teams to prove that they are not there to take away from the business, but to add value to it.
With this in mind, we have completely redesigned our DPIA courses.
Of course, the most valuable thing we can provide is practical experience of completing a DPIA, and so the course condenses around a practical case study, and the delegates will spend time applying this case study to a template that meets the legal requirements and provides actionable benefit to the organisation – and of course practical experience of what is required for a full DPIA. The template will walk you through describing the processing in full, identifying risks to the individual, and suggesting measures to manage these, and monitoring the changes and actions that arise as a result, through to review and updates in the future, or as the situation changes.
However, we also look at where and why DPIAs are important, including the difference between legal triggers for mandatory completion, but also the business imperative to use these to add value, even in cases where legally not required. We also look at the reasons behind DPIAs, and how to elevate them from a legal compliance paperwork exercise, to a valuable tool to assess and anticipate privacy problems, and to introduce controls that protect individuals and the business from risk.
At Leadership through data we take the view that Data Protection does not take away from the business, and is not a compliance cost, and instead is a valuable driver of innovation and functionality that will add value and enhance data management, value add, reputation, automation of rights requests and increased visibility and transparency – in short DPIAs can be used as Privacy by Design to create a “win-win” positive sum culture. We consider a dated “win-lose” privacy vs functionality negative sum culture an outdated false dichotomy.
The course will have value in reframing your expectations of a DPIA, from when they should be triggered, and when they are legally mandated, what to do with historical products and services, and how to complete a DPIA, but also how to fit this into your business operations, and what example actions to take as a result of the DPIA to protect the human at risk. Moving forwards, where you cannot protect data or an individual continues to be at high risk, we discuss the process and requirements of prior consultation with a supervisory body such as the ICO as well.
On the course the following topics will be covered as part of the DPIA template;
- PIA or a DPIA under GDPR?
- Description of Processing
- Scope of Processing
- Nature of Data Processing
- Context of Processing
- Purpose of Processing
- Consultation and Rights Process
- Risks arising from Processing
- Measures proposed to Reduce Risks
- Action Plan and progress
- Sign off and Record Outcomes.
Who should attend?
The course is aimed predominantly at individuals who have functional privacy or information governance as part of their role, but will also be of value to IT and Software Engineering staff, or any product or project managers that are responsible for the design and delivery of any new product or service that involves the processing of personal data.
We look forward to welcoming you to our workshop, delivered by experienced staff with over 20 years privacy management experience who will help you to walk away from the day with clear goals and actions you can apply and utilise going forwards to benefit the organisations and individuals that you serve.
Suggested Follow on Courses
- Certificate in Managing Data Protection Compliance
- Data Protection Officer
- Data Ethics
- Microsoft 365 Information Privacy & Protection
As part of our accreditation with the CPD accreditation group, you will receive either 6, 12 or 15 CPD points for each course attended depending on the course.
The Certificate in Managing Data Protection Compliance is a qualification and is the second qualification of a suite of 3 data protection qualifications.
Yes we offer a 10% discount for the primary delegate if you book more than one person from the same organisation at the same time.
To try to avoid cancelling face to face courses, however if the number of delegates is below 5 we will offer this a virtual course instead.
Exact location are sent out via email, two weeks before the course, we would therefore advise you not to book accommodation until the venue is confirmed.
We offer a 10% discount for bookings of 2 or more public courses.
Don’t know what courses you’ll need to book just yet?
We offer a pre-pay option, where you can pay now and choose what courses to book later (within a year). This option is both cost efficient and speeds up the booking process. It’s really handy for large companies/organisations who have frequent training needs.
Contact us for more information.
If you’re looking to book training for 6 or more people onto the same course, we are able to offer private in-house training – a cost efficient option.
Contact us for more information.