GDPR (the General Data Protection Regulations) were implemented on 25 May 2018.
This series of half-day (3 hour) workshops is designed to help charities develop a greater understanding of the detail and impact of the General Data Protection Regulations (GDPR) and of how to develop their practice to ensure they become and remain GDPR compliant. These are interactive workshops, at the end of which you should be clear on what your responsibilities are.
Based on practical experience and working through information sharing, discussions and a range of tools, including case studies and scenarios, the workshops provide a range of tools to help you understand:
Workshop 1 – Data Audits (Wed 6th Feb: 10am – 1pm)
This workshop looks at personal data – what is it and what does it mean for the work of your charity? What are your responsibilities under GDPR and how should you meet them? How should you set about developing data asset audits for both your manual and electronic records? – and how will you manage the risks?
Workshop 2 – Privacy Statements (and other documentation!) and retention policies (Wed 27th Feb: 10am – 1pm)
What is a privacy statement: how do you develop one and what do you do with it when you have? What should it look like for your customers, your staff and your stakeholders? What are Information Sharing Agreements and Privacy Impact Assessments and why are they important for you?
And finally – how long must you hold information for, and why, and then how do you manage this process?
Workshop 3 – Lawful Processing (Wed 13th Mar: 10am – 1pm)
What are the lawful reasons for processing personal data – what do they mean in practical terms and when can/should you use them? What are the rights of individuals whose information you hold?
This session will also include a review of the principles of data protection and GDPR, and look at how you manage subject access request, data portability and the right to be forgotten.
Workshop 4 – Consent (Wed 27th Mar: 10am – 1pm)
What is consent? How do/should you obtain it? When do you need consent and when do you not? How will you evidence that? What is marketing and how do you both obtain and evidence consent for your work?
This workshop will look at what this means in practice for the work of your organisation. It will also touch on data breaches and how to manage them.
Testimonials from the one day GDPR course
“An excellent balance of theoretical and practical advice from an engaging, experienced practitioner.”
“This was really helpful and simplified a potentially important topic. Very impressed with trainer Kirsty – really knows her stuff.”
If you are only interested in attending one or two of the sessions please give me a call 0131 555 9127 (Mon – Thu)
About the Trainer
Kirstine has many years’ experience as a senior manager in the NHS, Local Authorities and in the Scottish Health Department. She spent 10 years as a member of the Executive Team of Alternative Futures Group, a large mental health and learning disability charity in the North-West of England, before returning to Scotland in May 2017. She now runs her own business providing support and advice on corporate and charity governance, risk and strategy, and GDPR and information governance. A Prince 2 practitioner and a qualified archivist she is a trustee for Mobee UK and a member of the IoD, the IRMS and the Scottish Council on Archives.