The new EU Regulation on personal data goes live in May 2018 along with other regulations affecting financial firms including the 4th Money Laundering Directive and second Payment Services Directive. Are you ready to guide your firm through implementation?
The UK has been at the forefront of consumer data protection for over twenty years and has had a great influence on the direction of the EU General Data Protection Regulation. But even though UK firms start with arguably an advantage and a dynamic regulator, UK firms will still need to work hard to comply with new principles and an increase in scope of the regulation. The UK Government is further taking GDPR legislation into its own Data Protection Bill (2017) which also incorporates other EU legislation such as the Network and Information Security Directive. The size of fines potentially levied under GDPR rules alone –up to 4% of global turnover for large businesses – has brought this to the attention of board members.
Understanding and interpreting GDPR and related legislation is complex, and very time consuming. These fundamental changes will affect many areas of your business.
This workshop covers all the information needed to get firms prepared for the new directive/ you will:
- Understand the rationale behind GDPR
- Realise how GDPR fits into the broader legislative landscape
- Identify the key challenges and opportunities created by the regulation Discuss the main misconceptions
- Gain a practical approach to the new regulations
- Get to grips with the timeline and legislative processes
- Identify changes to business processes from end to end
- Understand enforcement issues, implementation problems and implications for crisis management
The landscape of data protection, e-Privacy and e-Security:
- The background to GDPR, key misconceptions, differences from Data Protection Act 1998, the role of the Information Commissioner’s Office and other regulators, understanding the regulatory landscape (including the European Commission, PSD2, 4MLD, NISD and the Competent Authorities in other member states)
The regulation in detail:
- Six principles, core concepts, scope (geographical, participants, types of data), Importance of legitimacy of processing, reporting, fines, remediation. organisational requirements, data protection officers, international considerations, overlap with PSD2
Creating an implementation project:
- the importance of governance and board oversight, preparation, data subject request handling, data breach preparation, supply chain assessment,
Minimising disruption and building a remediation:
- Adopting an outcomes-based approach to regulation, managing risk: knowledge, awareness and training, addressing key challenges and managing a number of new rules, how to manage concerns before the directive is finalised.
This session will be delivered by Jonathan Williams. As a strategist in a financial services firm for ten years, currently with MIDAS Alliance, he has spent a lot of time looking at regulatory compliance and specifically the issues of overlapping and contradictory regulations. MIDAS Alliance is sponsor of the BSI Digital Identification and Authentication Code of Conduct of which Jonathan is co-author. Jonathan has extensive experience in identity, payments and fraud in working with UK corporates and banks in the UK and across Europe.
This session will run from 13:00 - 16:00 with registration at 12:45.
This training course is endorsed by the CISI for CPD requirements. CISI members pay a discounted rate and can book via the link below. To receive your discount as a CISI member, please enter the discount code provided by the CISI.