An introduction to the Data Protection Act and the risks to you!

The Data Protection Act 1998 (DPA) places a requirement on all organisations; large or small, public or private, to process personal data or sensitive personal data in a manner that complies with the eight Data Protection Principles enshrined in the Act. The Information Commissioner (ICO); the office charged with managing the Act's outworking and with policing the practices, procedures and compliance standards of those responsible for the processing of personal or sensitive personal on a day-to-day basis, has exercised their rights to fine or place enforceable practice notices on those who breach these Principles.

The highest fine that can be laid down is £500,000; the highest fine that has been levied is £375,000 for process failures. In these days of financial austerity no organisation can withstand a fine of that magnitude, even the more usual fine of £30,000 would cause serious harm to an organisation's viability.

Many in the data industry today would point the finger of blame at failings in organisational data governance, or the failure of Directors and Management to consider a data breach as a 'business critical' risk. For more detailed information on current action by the ICO, there you will see a list of fines and enforcements imposed upon private businesses, Councils, and Government Bodies who have been heavily penalised for poor DPA practice or a failure to police their organisation's DPA Policy or procedures effectively. The very existence of this list should cause Directors, Managers and Data Specialists alike to seek guidance and professional assistance.

Contents

This one day DPA programme has been specifically designed to allow participants to:

1. Understand their requirements under the DPA;
2. Be able to assess their current compliance standards against best DPA processing practice, policies, procedures and protocols;
3. Develop effective auditable DPA processing practices that include:
4. a. Subject Access Request handling;
5. b. Third Party Request handling;
6. c. Information sharing agreements;
7. d. Compliant review and complaint handling procedures; and,
8. e. Higher Level review and decision-making.
9. Understand the need to align DPA Policies and processes with supporting Data Retention and Disposal, Records
10. Management, Information Security, Communications, Remote Working, and IT Policies
11. CCTV and the DPA and the Regulation of Investigatory Powers Act.

Programme contents will include the following:

• An introduction to the DPA
• ICO registration and compliance
• An understanding of the 8 DPA Principles
• The difference between personal data and sensitive personal data and the increased compliance standards
• Key roles and responsibilities
• The basics of processing: What is; What it requires; The necessary process, procedural and protocol compliance requirements
• Understanding data states; processing, transportation, transmission, remote storage
• Dealing with: Subject Access Requests; Third Party Access Requests; Sharing of Information; Complaints and Reviews
• The geographical limits of the Act
• The relationship of the Act with the Freedom of Information Act and Environmental Information Regulations
• A gaze into the near future of DPA compliance and the changes that are in the pipeline.

Course benefits

1. Peace of Mind
2. Enhanced governance and resilience
3. Policy and procedural compliance
4. Cost savings due to effective processing and reduction in DPA related complaints
5. Effective and robust audit trails that aid informed decision making
6. Robust aligned and trackable policies
7. Enhanced employee knowledge
8. Role responsibility and competency

Additional Programmes Available

• Compliance Skills for Data Protection Professionals
• How to undertake an effective DPA audit
• The Role of the Data Controller: Your Rights, Your Responsibilities!
• The Role of the Data Manager
• Developing an Effective and Compliant DPA Policy
• Imbedding compliant DPA Organisational Culture Change

Trainers background

The trainer for this course works internationally, predominantly in the US, Canada and the Middle East and has been successfully delivering Data Protection and Freedom of Information based training programmes internationally for the last ten years. He has specific expertise in developing operational process diagrams based around information security and in conducting penetration testing on data storage and disposal.

• Owners of small to medium or larger enterprises who are involved in business export
• Those who handle business closures or receivership
• Directors, Managers and those who are responsible for any part of the processing of personal or sensitive personal data.
• Those who directly respond to Subject Access Requests
• Those who manage DPA related complaints and review processes
• Those responsible for CCTV activities and respond to requests for recordings
• Marketing and customer facing staff who process or gather third party data.

Course benefits

Certificate of completion

Digital certificate - Included