Training

Our training and workshops are delivered by lawyers and data protection and privacy specialists who have proven experience in court and in helping organisations understand, plan and deliver on their GDPR challenges

This 3-day course provides a comprehensive practical overview of the Data Protection Officer – not only the first significant statutory company officer to be created in centuries, but by far the most onerous of all.

Through a practical course for non-lawyers, this course is delivered only by qualified data protection lawyers with court litigation experience.

In the course you’ll learn what it means in law to be a DPO. You’ll learn the methodology of how to approach the office as the law changes underneath your feet. You’ll discover a number of the analytical techniques required to perform the job, including how quantitatively to measure your own and your enterprise’s GDPR compliance and to quantify its mirror image, GDPR financial risk. And you’ll practice your new learning with practical class exercises, creation of processing records, analysis of consequences including context-specific subject right implementations. and production of processing-specific Notices and statutory High-Risk Testing. Finally, you’ll see examples of the legal cases that law firms representing your data subjects might draft against your chosen solutions.

There are special sections devoted to Brexit (all scenarios), and how to handle the Merger and Acquisition risks associated with the office of DPO.

At the end of this course you demonstrably will have acquired theoretical and practical knowledge of how to create solutions to the privacy issues that affect virtually every business.


This course is ideal for:

  • Students
  • Professionals;
  • Those who wish to understand, aspire to, or prepare for entry to the DPO office;
  • Existing DPOs (or lawyers performing Continuing Professional Development) wishing to update themselves on law and associated techniques
  • Staff who work with DPOs
  • Board Directors who are considering Mergers and Acquisitions and/or tasked with DPO oversight
  • Senior executives (including the Board of Directors/Commissioners, Audit Committee and the Risk Management Committee)

Delegates will also be provided with:

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material
Duration 24 hours of instructor-led study
Prerequisites Reading as above plus some knowledge of privacy.

Delegates preferably should already be involved as a DPO/data protection manager/data protection analyst; actively involved on GDPR/remediation projects; or preparing for a DPO appointment; or data protection lawyer; or Board director with oversight of DPO.

Learning Objectives
  • Understand how GDPR concepts fit into the legal context
  • Appreciate how DPO concepts fit into the GDPR
  • Translate GDPR legal concepts to practical requirements
  • Justify DPO appointment and especially non-appointment
  • Identify content/breadth/depth of DPO skills against statutory abilities
  • Discover how DPOs personally can and have triggered GDPR breach
  • Understand where DPO liability falls
  • Identify/avoid/mitigate GDPR breach arising from the DPO
  • Assess GDPR compliance of a DPO advertisement, Notices, etc
  • Understanding Supervisors and Phone a Friend
  • Assess current enterprise compliance
  • Understand how to report to the Board
  • Align enterprise and Group governance strategy to the GDPR
  • Appreciate and solve DPO-connected Merger and Acquisition ‘deal-killers’
Curriculum Part 1 – GDPR Theory Refresher

  • Introduction
  • Brief coverage of all non-DPO examinable material
  • Brexit and the three types of jurisdictions
  • Brief class exercises on interdependent GDPR concepts

 

Part 2 – DPO Theory

  • Basic Concepts
  • Appointment tests
  • Appointment and GDPR breach
  • Non-appointment and GDPR breach
  • External versus Non-external
  • M&A – GDPR Pitfalls in General
  • M&A – DPO-specific Pitfalls
  • Meaning of Breach
  • Notices and Breach
  • Legal case study on Notice

 

Part 3 – DPO Compliance Methodology in Practice

  • Class exercises against case studies, illustrating theory

 

Part 4 –Practicing DPO Compliance Skills

  • Processing Records Case study
  • Delegate creation of privacy metadata
  • Delegate creation of Notifications
  • Delegate creation of High Risk Tests (DPIA prerequisite)
  • Generation of legal risk assessments
  • Generation of quantified financial risk assessments
Classroom White-board, notebooks, overhead/data projector and access to the internet for some exercises
In-class Requirements Desktops available to delegates with internet access
Webinar Delivery Option Yes
License Via GDPR360
Pre-reading Yes (communicated after booking)
Suggested reading Delegates will be provided links to the GDPR and other relevant material. It is expected that the delegates will have reviewed the GDPR text.
Updates Ad hoc depending on Brexit, EDPB Decisions / Opinions / Guidance, Commission or Supervisor Adequacy Decisions, international treaties, political climate, changes to law and case judgements as may be relevant to the course material (formal changes capped at 4 times per year)
Exam Yes
Name DPO Masterclass
Cost £80 (ex-VAT)
Exam details 40 multiple-choice questions, 50% pass mark required, 1-hour, closed book, on-line/on-site exam
Exam body GDPR360
Practice Exams Yes, one practice provided during the course (others available for purchase)

This 2-day workshop is designed to fast-track delegates through the GDPR via a comprehensive syllabus that includes 18 modules with Q&A sessions and group exercises to consolidate knowledge and share a practical approach to delivering on your legal obligations under the GDPR. The focus is on practical application of the material covered.

Delegates will be taken through practical exercises to reinforce course material and have access to an online compliance platform on which many of the exercises will be undertaken.

For UK delivery1 there are two important aspects that are considered – adoption of much of the GDPR by the DPA (2018) and the implications of Brexit.

Workshop material is fully cross-referenced online with the GDPR down to clause level with clickable links taking delegates directly to the relevant recital or article.

1 For ASEAN delivery we include a section in Module 3 (Territoriality) on comparative data protection [Singapore, Malaysia, Indonesia, and Australia].


This course is relevant to:

  • Senior executives (including the Board of Directors/Commissioners, Audit Committee, and the Risk Management Committee)
  • Business leaders
  • Governance, risk and compliance practitioners
  • Data Privacy and security professionals (CISOs, CIROs)
  • CIOs
  • Portfolio and programme managers and auditors
  • Anyone with responsibility for personal data processing in the organisation

Delegates will also be provided with:

  • GDPR workshop material
  • Supplementary documentation
  • Examples of:
    • Enterprise-level GDPR plans
    • Privacy impact assessment
    • Breach response processes
    • DPIA guidance
    • Policies localised for the GDPR
    • Predefined data subject rights processes templates
Duration 16 hours of instructor-led study
Prerequisites
  • Some knowledge of or exposure to data protection, privacy and the GDPR
  • Preferably involved as a DPO/data protection manager/data protection analyst or actively involved on GDPR/remediation projects.
Learning Objectives
  • Recognise the conditions requiring you to comply with the GDPR
  • Know how to establish the necessary artefacts, structures, policies, and procedures and keep this up to date
  • Reinforce the correct behaviours across the organisation regarding privacy risk and data subject rights
  • Understand GDPR concepts, definitions, and activities (comprehension and application)
  • Recognise areas of GDPR/privacy concern for EU and extra-EU organisations and how to address them
  • Recognise and understand how to integrate activities to meet legal obligations
Curriculum Module 1 – Introduction to GDPR and Privacy

Module 2 – Question of domicile, residence, citizenship or location?

Module 3 – Territoriality and a touch of Brexit

Module 4 – Personal Data and Special Categories

Module 5 – Principles and accountability

Module 6 – Non-consent legal bases for processing personal data

Module 7 – Consent

Module 8 – DPO (Data Protection Officer)

Module 9 – Controllers, Joint Controllers and Processors

Module 10 – Records of processing

Module 11 – Privacy notices

Module 12 – Data Protection Impact Assessments (DPIA)

Module 13 – Data subject rights and how to respond

Module 14 – Data breach notification

Module 15 – Security

Module 16 – Transfers

Module 17 – Data protection by design and default

Module 18 – Penalties

Classroom White-board, notebooks, overhead/data projector, and access to the internet for some exercises
In-class Requirements Desktops available to delegates with internet access
Webinar Delivery Option Yes
License Via GDPR360
Pre-reading Yes (communicated after booking)
Suggested reading Delegates will be provided links to the GDPR and other relevant material. It is expected that the delegates will have reviewed the GDPR text.
Updates Approximately every 6 months (or as necessary depending on political climate, changes to law and case judgements as may be relevant to the course material (capped at 4 times per year))
Exam Yes
Name GDPR Fast-track
Cost £80 (ex-VAT)
Exam details 40 multiple-choice questions, 60% pass mark required, 1-hour, closed book, on-line/on-site exam
Exam body GDPR360
Practice Exams Yes, one practice provided during the course (others available for purchase)

This 3-day course delivered by a data protection lawyer provides a comprehensive practical overview of the General Data Protection Regulation [(EU) 2016/679]. As a practitioner course, you’ll study the regulation itself, including GDPR basics and risk management.

You’ll also study GDPR’s relationship to current data protection and privacy legislation in Europe and elsewhere and learn the multi-jurisdictional consequences for the collection, retention, and processing of Personal Data.

Rather than learning ‘by rote’, you’ll learn how to interpret and apply the GDPR to practical situations.  So this is a ‘deep dive’. For example you’ll appreciate from a recent case why choosing the correct legal basis for personal data processing is fundamental to avoid a ‘cascade’ of many other breaches; the logical and practical connections of ‘monitoring’ and ‘profiling’, and why this typically is misunderstood by lawyers and business alike; why recruiting DPOs like other employment candidates necessarily assumes substantial risk; and the pros and cons of the international transfer regimes.

Recent additions to the course include practical examples of fines and the reasoning behind them; the differing effects of Brexit on GDPR compliance, depending on whether you are a UK an EU, or a third-country enterprise; why the GDPR cannot be affected by whatever trade deals entered into by the UK, or not; why many national enactments of opt-outs (including the UK’s post-Brexit) will fail; and how the risks of data trade war with the USA have played out in Court.

Finally you’ll discover what the integrated Personal Data environment would look like in your organisation. You’ll then be able to develop, integrate and manage the changes required by GDPR in your organisation’s governance, business and data processing.


This course is ideal for:

  • Chief risk officers responsible for process and governance
  • Lawyers wishing to understand the whole context of GDPR
  • Auditors, risk and compliance practitioners
  • Data privacy, security and compliance consultants

Delegates will also be provided with:

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material
Duration 24 hours of instructor-led study
Prerequisites
  • Reading as above plus some knowledge of privacy.
  • Delegates preferably should already be involved as a data protection manager/data protection analyst; actively involved on GDPR/remediation projects; or data protection lawyer; or Board director with oversight of DPO.
Learning Objectives
  • Understand how GDPR concepts fit into the legal context
  • Overview of legal systems and their interrelationships
  • Embedding GDPR within organisations under common law, civil law and other legal systems
  • Major required changes in corporate governance standards and processes
  • Subtle effects of ‘Big Data’
  • How to succeed under the self-reporting model of GDPR
Curriculum
  • Foundations of Modern Privacy Law
  • GDPR Basics
  • Personal Data and Consent: the six pathways to lawful business models
  • Key Data Subject Rights
  • Monitoring, Profiling, IT, the business, the GDPR, and case law
  • Key Controller Obligations – principles, ‘tick-boxes’, pseudo-rights, etc.
  • Exemptions, Member State Opt-outs
  • Risk Management and the EU Data Protection Officer – who, what, why, how?
  • International Transfers / Adequacy Regimes – BCRs, SCCs, Privacy Shield
  • Non-compliance – the new legal and technological routes to legal enforcement
  • GDPR’s new legal defences against Foreign Governments
  • Effect of Brexit on the GDPR – and vice versa
  • Business Impacts: Security, Cloud, out-sourcing / Data Processors, IoT, Big Data
  • Next Steps – practical enterprise approaches to GDPR compliance
  • PIAs, BCRs, Enterprise Privacy Architecture basics
  • Project / Privacy Office Organisation and Workflow Management
  • Information Architecture, Data Mapping, and Privacy Dataflow Mapping
  • Enterprise Privacy Architecture as metadata
  • Multi-jurisdictional Legal Architecture
  • Automated Privacy Impact Assessment as core Project Initiation subprocess
  • The Future: Embedding Transactional EPA Metadata into Operational Systems
Classroom White-board, notebooks, overhead/data projector and access to the internet for some exercises
In-class Requirements Desktops available to delegates with internet access
Webinar Delivery Option Yes
License Via GDPR360
Pre-reading Yes (communicated after booking)
Suggested reading Delegates will be provided links to the GDPR and other relevant material. It is expected that the delegates will have reviewed the GDPR text.
Updates Ad hoc depending on Brexit, EDPB Decisions / Opinions / Guidance, Commission or Supervisor Adequacy Decisions, international treaties, political climate, changes to law and case judgements as may be relevant to the course material (formal changes capped at 4 times per year)
Exam Yes
Name GDPR Masterclass
Cost £80 (ex-VAT)
Exam details
  • 40 multiple-choice questions, 50% pass rate, 1-hour, closed book, on-line/on-site exam
  • Only the written content of the slide modules will be examined
  • You will be given Practice Exam Questions both within the body of the instruction and as self-study aid
  • The exam is ‘open book’ and you will be provided with a printed copy of the Recitals and Articles of the GDPR
  • The language of the exam and supporting materials is English (United Kingdom)
  • The time limit is 75 minutes for English speakers and 105 minutes for non-native English speakers
Exam body GDPR360
Practice Exams Yes, one practice provided during the course (others available for purchase)