Training is an important part of how organisations comply with their data protection obligations. It helps individuals understand their responsibilities when working for an organisation and handling personal data. Effective training should help to prevent data security breaches or misuse of personal data as well as to demonstrate an organisation’s commitment to accountability – a key requirement under the GDPR.

The Data Privacy Team at Bates Wells can provide training for you and your organisation. We regularly provide training on all aspects of the GDPR and e-privacy rules. This can be training in person to small or large groups or remotely (where technology permits). 

One of the central objectives behind the GDPR is to encourage a privacy focused culture. Cultures don’t typically change overnight – education and training are critical components to help individuals understand and implement change within their organisations. The GDPR requires controllers to implement appropriate technical and organisational measures to demonstrate that their data processing meets the requirements of the GDPR. Training is a crucial way of implementing these measures and demonstrating that they are in place.

Our standard training packages

  • We offer two different ‘off the peg’ online training packages for organisations. These are standard training packages which will reflect current law. If you are seeking a more tailored training approach for your organisation’s needs, please contact us directly.  Bespoke training can focus on specific issues e.g. use of children’s data.
  • All our standard training packages are currently provided online by a member of the Bates Wells Data Privacy team. They include the topics covered below and time for questions and answers.

The Introduction to the GDPR session covers the following areas:

  • The objectives of the GDPR – Why do we have the GDPR and why is compliance important for our organisation?
  • The data protection principles – What are they and what do they mean?
  • Lawful grounds for processing – What lawful grounds can we rely on for the processing we are carrying out?
  • Transparency – What are our transparency obligations and what do we need to include in privacy notices?
  • Individuals’ rights including subject access requests
  • Data Security – What steps should we take to reduce the risk of a data security breach?
  • Controller-Processor contracts – Contracts with suppliers and others who are acting as processors
  • International Data Transfers – How do we make data transfers in compliance with the GDPR?
  • Accountability including Data Protection Impact Assessments and key data protection policies

The Advanced GDPR session covers the following areas:

  • How do we determine whether an entity is a controller, processor or joint controller?
  • A more in-depth look at lawful grounds for processing including under Schedule 1 of the Data Protection Act 2018
  • What do we have to prove in order to rely on valid consent?
  • Handling requests from individuals under the GDPR
  • Handling a data security breach under the GDPR
  • The role of the Data Protection Officer – When do we need to appoint a DPO and what are the implications?
  • Carrying out a Data Protection Impact Assessment – When do we need to carry out a DPIA and what do we need to do?
  • How do we carry out marketing (and in particular e-marketing) lawfully? What is the interplay between the GDPR and e-privacy law

If you’d like to discuss your data privacy training requirements, please contact Eleonor at the details above.