Training Programme for Data Protection Officers / Leads
A complete Programme of training sessions, delivered in convenient schedule, to support individuals with overall responsibility for data protection in their organisation.
£945.00 plus VAT per person.
Course detail at a glance
- Duration: 6 modules on separate dates (approx. 14 hours in total)
- LIVE online
- Also available as a private session for your team. Ask for details.
- Certificated training
- Copy of the course materials to take away
- Interactive session delivery
- Intended for all sectors
Keeping data protection on the organisational agenda is often a challenge for Data Protection Officers or Data Protection Leads, particularly if this is an additional responsibility to their main role.
Databasix provides a complete Programme of training sessions to support individuals with overall responsibility for data protection in their organisation. The Programme provides training on key operational aspects and responsibilities for the role, and promotes a healthy understanding of the practical implementation of those responsibilities.
Facilitated by Kellie Peters, co-founder of Databasix, the Programme modules are delivered in separate manageable blocks of time, to allow individuals time to reflect on what they’ve learnt and so as to fit in with other demands on their diary.
Throughout the modules of the Programme, delegates are asked a questions to ensure that the course material is understood. Delegates are provided with a copy of the module materials. Upon completion of the Programme, delegates receive a PDF Diploma certificate.
Who is this course intended for?
- Private, Public, Charity and Voluntary sectors
- Data Protection Officers
- Data Protection Leads
- Operations Directors
- HR Directors
- IT Directors / IT Managers
- Business Owners
- Practice Managers and Partners
The training course includes the following modules
The six modules, at a glance
1. Course syllabus; The Role and Duties of a DPO
- The circumstances in which a DPO needs to be appointed
- The knowledge, qualifications and qualities need to fulfil DPO tasks
- The duties of a DPO
- The tasks/duties that could result in a conflict of interest
- The relationship between the DPO and senior management/board of directors
- Raising the profile of data protection with employees
- Communicating with data protection regulators
- When a data protection impact assessment is requirement
- The requirement for the DPO to be 'independent’
- Why it is important for the DPO to be approachable
- The organisation's responsibility to support the DPO by providing necessary resources
- The organisation's obligations to involve the DPO in key decisions
2. Course syllabus; Managing Personal Data Breaches
- The definition of a personal data breach
- The processes for incident response
- How to assess the risks to Data Subjects
- Communication messages to Data Subjects and other relevant stakeholders
- What steps to take when notifying the supervisory authority (i.e. UK's ICO)
- Record keeping requirements for personal data breaches
- Evaluating the appropriateness of the technical and organisational controls in place to prevent personal data breaches
- Data Controller and Data Processor responsibilities in the case of a breach
- Consequences for failing to notify a supervisory authority of a personal data breach
- Implication for the right to compensation
3. Course syllabus; Handling Subject Access Requests
- Defining the 'Right of Access' under GDPR
- Discussing the importance of the 'fair, lawful and transparent' principle under GDPR
- How to determine whether a DSAR is valid or not
- How to liaise with an individual when seeking to clarify the DSAR
- How and when to verify the identification of the Data Subject
- What are the timescales for responding to a DSAR, and when is it possible to extend the response period
- How to deal with third-party information
- What exemptions can be applied and when is it appropriate to apply them
- What to consider when redacting personal data
- How to respond to the Data Subject, and what should be included
- How to deal with unfounded and excessive requests
4. Course syllabus; Data Protection Impact Assessment (DPIA) Training
- What is a DPIA
- When is a processing activity likely to result in a high risk to individuals’ rights and freedoms
- When should a DPIA be carried out
- What should a DPIA contain
- The stages of a DPIA, including the initial assessment
- Roles and responsibilities associated with the completion of a DPIA
- How a DPIA fits with the project lifecycle
5. Course syllabus; GDPR Training: Storage Limitation, Retention Schedules and Disposal
- The risks of keeping data for too short a period versus too long
- The importance of data mapping to inform your data retention policy & schedule
- Understanding your legal obligations to retain personal data
- Understanding ‘what is necessary’ for the organisation to keep when there is no statutory retention period
- What should be included in a data retention policy
- How to create a retention schedule, including the importance of stakeholder engagement
- Obligations for Data Controllers, Processors and sub-Processors, including contractual instructions
- How to manage data destruction
- Winning hearts and minds: implementing your retention policy & schedule
6.1. Course syllabus; GDPR ‘refresher’ training
- Processing personal data for a specific purpose(s)
- Processing only personal data that enables you to make decisions
- Processing personal data for only as long as is necessary
- Ensuring that you are being fair, lawful and transparent with the personal data you are processing
- What needs to be considered when the person whose data you want to collect needs to give their consent
- Understanding and respecting the rights of the person whose data you are collecting
- What operational and technical security measures need to be considered when processing personal data
- Storing data securely
- How and when to report a personal data breach
6.2. Course syllabus; Data Protection Training: GDPR for Beginners
- An overview of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018
- Explanation of personal data and special/sensitive categories of personal data
- Explanation of the difference between a Data Controller and Data Processor
- Accountability, governance and controls
- Introduction to the principles of the GDPR, including relevant examples
- Overview of individual rights including relevant examples
- Recognising and reporting Data Subject Access Requests
- Explanation of a personal data breach and the process of reporting breaches
Click to download a PDF of the learning outcomes.
Programme cost: £945.00 (+VAT)
(Buying each session separately would usually cost £1182.00 +VAT)
Client testimonials: Data Protection Officer training that delivers!
One of the biggest challenges when choosing a training course is knowing whether it will be worthwhile. Will it teach you what you need to know and will it be worth the time and money?
Our clients certainly think so! Take a look at a selection of recent independent customer testimonials.
Call us to book your place
Please call us to book your place onto the programme. We’ll invoice you for the total amount and arrange which sessions you’d like to book onto.
If you’d prefer to focus on just one aspect of the programme or the role of the DPO itself, each individual session is available to book directly via the website.