From 25th May 2018 the General Data Protection Regulation (GDPR) replaces the UK Data Protection Act 1998. Firms will have been preparing for this for some time, considering how the changes will affect them and updating policies and procedures accordingly.
The objective of this course is to “square the circle” by explaining to employees at all levels the practical impact on them, their employer and the potential for higher penalties under the GDPR for failure to comply.
The UK’s Data Protection regime is overseen by the Office of the Information Commissioner (ICO) which has fined many for poor controls over customer data.
- The UK’s Information Commissioner recently said: “GDPR preparation doesn’t end on 25th May 2018 – it requires ongoing effort. There will be no “grace” period – there has been two years to prepare and we will be regulating from this date.” (Elizabeth Denham, 22nd Dec 2017)
In addition, Regulation 24 of the Money Laundering Regulations 2017 includes the requirement on regulated firms to ensure their relevant employees are trained on data protection, as it relates to money laundering. Further, Regulation 41 requires firms to make D.P. disclosures to all new clients and how their data will be acquired, used and stored. These place training on the UK Data Protection regime on a much higher footing than previously.
The course is aimed at assisting firms in complying with the new regulation by ensuring their staff have a good understanding of the UK Data Protection law in order to protect data relating to individuals. This course will also assist firms to meet the legal obligation in the MLR and fully understand the dual jeopardy of data protection compliance and the fraud risk, the practicalities involved in mitigating these risks and providing advice on what to do if breaches happen.
- The GDPR and the UK Data Protection Bill: The background, aims and objectives
- Regulation 24 of The Money Laundering Regulations
- Examples of ICO Enforcement action and the increase in the levels of fines under the GDPR
- “Controllers” and “Processors”
- The Data Protection Principles
- Personal and sensitive data
- Relevant manual files and data held on computer
- Data subjects and their rights, including “the right to be forgotten”
- Data Subject Requests
- Data transfer and data sharing
- The role & powers of ICO, FCA, NCA & others.
Course aimed at: All relevant employees in financial sector firms, including Senior Management/Data Protection Officers/Compliance Officers/Internal Auditors/Fraud Officers.
This course can be delivered onsite or as an instructor lead course at a firm’s office.
If you would like to discuss your training requirements in more detail please contact Graham Dix on 020 7484 3987 or your usual Cordium consultant.