The EU General Data Protection Regulation (GDPR) is a major new piece of legislation coming into force in the UK on 25 May 2018. It will provide a single data protection law for the whole EU. It is Brexit-neutral in that the government has said it will apply in the UK even after Brexit. The GDPR creates a raft of new rights for individuals and how their personal data is processed – and processing includes every activity known to man: reading, storing, manipulating, transferring – even possessing.
Every business now uses personal data in some way, whether staff data, customer data, prospect data or supplier data. And there’s plenty more data too. The maximum penalties for getting it wrong are now being increased to the greater of 4% of annual global turnover of an organisation or 20 million Euros, depending on the severity of the breach. The new stringent data protection requirements apply to all organisations, which possess or process personal data of EU citizens – sometimes even when it appears to be anonymised. It is essential to know what the law now requires.
By attending this seminar you will:
- Understand how the new GDPR will affect your business
- Consider your business practices in light of the new law
- Recognise the risks and understand how to avoid them
- Beaware of the penalties fornon-compliance and learn how to avoid breaches
- Expand your knowledge of privacy by design.
*Please note, events may be cancelled due to commercial or organisational reasons. In this case Research and Markets will refund all registration fees which have already been paid. Research and Markets will not refund any charges arising from the participant having to cancel or re-book transportation or accommodation which he or she has arranged.
Essential EU GDPR background, terminology and rights
- Getting to grips with the legislation itself: equipment you will need
- Key differences between the Data Protection Act 1998 and the EU GDPR
- Brexit and GDPR
- Privacy principles
- Basis of processing
- Consent: it’s not what it used to be Rights of a data subject:
- Rights of a data subject:
- The right to be informed The right of access
- The right to rectification The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling
The roles of and relationships between controllers and processors and sub-processors
- Data subjects and their rights
- Dealing with subject access requests
- Mandatory time limits
- Exceptions and vexations
Implementation of GDPR requirements
- Privacy by design
- A privacy compliance framework
- A risk management framework
- Key questions in data mapping
- Data privacy impact assessments (DPIA)
- Data audits
- Training and competence requirements
- Changes to policies and procedures
- Who should be doing this stuff within an organisation?
Enforcement and regulatory and compensatory aspects of the GDPR
- Cyber attack
- Penetration testing and sensible precautions - Incident response
- Breach reporting
International data transfers
- The USA: privacy shield
- Safe countries
- Unsafe countries
The Data Protection Officer (DPO)
- Evidence and audit
- Common data security failures, consequences and lessons to be learnt
Mr Mark Weston,
Mark Weston is a partner at Hill Dickinson having joined the firm on 1st February 2016 as Head of Information Technology, Intellectual Property and Commercial (London). Mark joined the firm from Matthew Arnold & Baldwin LLP where for 12 years he was a partner and Head of the Commercial, Intellectual Property and Information Technology Group, before which he spent several years at Baker & McKenzie. Mark’s practice covers both non-contentious and contentious matters in all areas of commercial law, intellectual property law, information technology law, Internet, electronic commerce and on-line services law. He specialises in commercial and tech issues.
He has extensive experience in-house, having been seconded in the past to Hewlett Packard and new technology companies. His practice covers all sorts of commercial areas (including franchising) as well as extensive IT niches including advising clients regarding hardware and software issues (including SaaS, cloud, development, licensing, maintenance and distribution), solutions for and methods of transacting on the Internet, electronic commerce, including B2B, B2C and B2G, S-commerce and M-Commerce, social media, strategies to minimise or maximise liability and carry out compliance audits, outsourcing, facilities management, procurement, company IT policies and data protection (privacy) issues. He also has experience in IT litigation (and different alternative dispute resolution techniques).
Mark is Chairman of the Society for Computers & Law (North London and Home Counties Region), Chairman of the Intellectual Property Interest Group of Lawnet and is a premier member of the Eurojuris Intellectual Property Panel. Mark writes various books on his specialist topics and is an editor and contributor of several publications and articles and lectures at numerous commercial, IP and IT related conferences and training programmes.
Finally, Mark appears regularly on BBC1 (usually providing advice on-screen to BBC Watchdog) and also on Sky News as a legal commentator.
This programme has been specifically designed for those who deal with personal data in any way:
- In-house lawyers
- Private practice lawyers
- Compliance officers
- Company secretaries
- Board members
- HR professionals
- Marketing professionals
- Anyone who uses or possesses personal data
De Vere Grand Connaught Rooms
61 - 65 Great Queen Street