Level 1: Awareness Course
The awareness course takes one hour. Choose between:
- Online video.
- Webinar (recorded or live)
- Face-to-face seminar/briefing.
The learning points of this short overview of GDPR are the focus on privacy, differences to the Data Protection Act / Data Protection Bill / EU (Withdrawal) Bill, and an understanding of when it is lawful to process personal information, what a privacy notice is all about, and what the rights of affected individuals are.
This course can be tailored for the particular audience, be they board members, executives, general staff. Similarly, we can tailor the course to suit particular business functions or a particular industry.
Level 2: Foundation Training
This is a full day course and workshop. The learning objectives are:
- Contextual understanding about the focus on privacy.
- Differences vis-à-vis the emphasis around data protection and security interpreted by the Data Protection Act.
- Introduction to the Data Protection Bill and EU (Withdrawal) Bill.
- Legal bases for processing personal information.
- Consequences of not being able to demonstrate compliance.
- Importance of determining your purposes of processing.
- How to write a privacy notice.
- When to designate a DPO.
- What to do if an individual exercises one of their many rights.
- Elements to remember when it comes to a data breach.
This training is available as a one day course or as the first day of a longer course that includes one or more of the levels below. It is an ideal introduction to all staff members who process personal information or are involved in decision-making.
Level 3: Practical Training
A full day course and workshop. The learning objectives of this training are:
- Usage of fundamental tools, templates and guidelines needed to implement GDPR compliance.
- Working through exercises and discussing real-life examples.
- Conducting readiness audits.
- Recording processing activities.
- Writing notices.
- Conducting impact assessments.
- Drafting workflows pertaining to the rights of individuals.
This training is available as a one-day course, or the second day of a longer course that includes the Foundation course above and one or more of the levels below. It is the ideal practical training for a GDPR project team, members such as BAs and PMs, as well as managers and compliance personnel.
Level 4: Practitioner Training
Another full day course and workshop. The learning objectives are:
- Worked examples and exercise reflecting official data protection opinions and guidance
- Data breaches.
- The legal basis of consent and legitimate interests.
- Data portability.
- Profiling and processing at work.
This training is available as a one-day course, or the third day of a longer course that includes the above courses and one or more of the levels below. It is a deep dive into the intricacies of applying GDPR. Perfect for business managers involved with the updating of policies and training material for their organisation, as well as compliance personnel charged with putting in controls, monitoring adherence and governance.
Level 5: Legal Course
This is also a full day course. The learning objectives of this training are:
- UK and wider EU data protection legislation.
- GDPR and ePrivacy Regulations.
- The findings from investigations by circa 40 EU data protection authorities.
- Relevant civil and criminal court cases.
This training is available as a one day course, or the fourth day of a longer course that includes the above courses and the Data Protection Officer (DPO) course below. It is ideal for legal and compliance personnel, as well as those intending to complete the full GDPR Training Programme as a pre-requisite for the DPO training.
Level 6: Data Protection Officer Course
This is a 3-day course and workshop. The learning objectives are a culmination of the various subjects covered in the above training with reference to the roles and responsibilities of the DPO, including practical tools, templates and checklists for the DPO to use daily, such as but not limited to:
- Monitoring compliance.
- Conducting data protection impact assessments.
- Cooperating with the data protection authorities.
- Being a single point of contact for data subjects.
This training is only available as a 3-day course, or the final part of the full GDPR Training Programme that includes all the above courses, the pre-requisite for this course (or an equivalent). It is for those individuals who expect to be designated as a DPO, but Chief Privacy Officers, Data Protection and other compliance or audit managers will also benefit from the course.