Call to book: 01983 861133

GDPR Planning & Preparation Practical Workshop for Employers

Edinburgh Raddison Blu Hotel , 80 High Street, Royal Mile, Edinburgh EH1 1TH

The UK government has confirmed that GDPR implementation will come in to force on the 25th May 2018 . This will have a huge impact on employers and will affect  all organisations no matter what size. As employers it is imperative that your preparations start now to ensure that your policy and procedures are legally watertight and ICO compliant by the May 2018 deadline as a failure to do so can have serious punitive financial and reputational consequences.

This workshop will provide in-depth hands-on practical advice and strategy, led by top GDPR and legal experts to ensure you receive all the essential information you require to ensure your organisation is prepared and compliant by May 2018.

This workshop will provide delegates with:

  • A practical action plan to write, implement and embed your GDPR policy company-wide
  • An understanding of the implications and impact of GDPR on their organisation
  • Effective strategies to plan and manage a comprehensive audit of their current position
  • A thorough overview of the legal issues involved, implications to your organisation and how to ensure compliance
  • Key areas your policy must cover in order to make it workable

 

Which functions will benefit from attending

  • HR, Pay roll, HR Operations and Admin, Security and Compliance, HR Information Services Management

Hear from

Schedule

Coffee and registration

Welcome and review of learning objectives for the day

AUDIT AND ASSESSMENTS

  • Establishing your current position: key questions to ask
  • Who will perform your audit?
  • Key elements of an impact assessment
  • Summary of mandatory changes required: defining your obligations
  • Gap analysis
  • Privacy risk assessments
  • What personal data do you hold?
  • Privacy risk assessments: essential areas to consider
  • Other risks: internal and external threats
  • Impact assessments: fines scale
  • Processor responsibilities
  • Process mapping requirements
  • Audit trails
  • Correct grounds and accountability

James Leaton Gray
Director
The Privacy Practice

LEGAL

  • Understanding your accountability: scope and timelines
  • The risks: reputational, fines, compensation
  • Making changes to your existing contracts:
    - Employees
    - Suppliers
  • Essential strategies to demonstrate compliance
  • Legacy issues: challenges and solutions
    - Pension
    - Payroll
    - Other potential areas
  • Losing consent as a mechanism: implications for your current contracts and how to make compliance changes

Morning coffee

DATA

  • Data mapping and record keeping
  • Data quality and governance
  • Overcoming poor storage methods
  • Usefulness and usability
  • Assessments and procedures
  • Data breaches: notification procedures
  • Reviewing your HR data to ensure your compliance

Lunch with working roundtables

POLICY REVIEW AND UPDATE

  • Reviewing your sourcing and sharing policy
  • Ensuring your data processing methods are compliant with GDPR
  • Consent, identity and transparency processes and documents
  • Data captured
  • Employee contracts and consent
  • Privacy policy
  • Medical forms
  • Subject access requests: the new landscape
  • Storage protocol and cloud services
  • Screening changes: CRP and new DBR checks and processes
  • Who to check and when
  • Dynamics of outsourcing a relationship
  • Third party and supplier contracts: outsourced contract requirements
  • Record retention schedule


James Leaton Gray
Director
The Privacy Practice

DPO

  • Roles and responsibilities
  • Potential areas of conflict and strategies to avoid them
  • Virtual DPO: how could it work for your organisation – benefits and drawbacks 
  • Dovetailing the role with other working the organisation: how can a dual approach work?

 

Afternoon tea

ACTION PLAN

  • Time-line GDPR: what to do and when
  • What are the key areas to focus on?
  • Analysing your own HR function and processes: where will the biggest GDPR challenges be and how will you address them?
  • Ensuring company-wide buy-in to maximise stakeholder awareness
  • Understanding the human element: what must you mitigate against? Essential training messages
  • What needs to be included in your policy?
  • Managing change with limited resources: getting the most from your budget
  • Checks to ensure all changes are documented, workable and implemented
  • Practical planning and prioritising
  • Demonstrating robust security and risk awareness


James Leaton Gray
Director
The Privacy Practice

Review, outstanding issues and close

Contact us to book or discuss our events & services

Phone icon 01983 861133
Email icon info@bfi.co.uk

In-house training

We can tailor this course to run in-house. Find out more

Go