We have your course. Please kindly fill below your contact details to receive full course information and pricing.
Businesses that have a central data processing or storage function are required to have a Data Protection Officer - they should be impartial and should not be challenged or pressured by management entities. A DPO must report to the highest level of management, usually at board level, and must not face dismissal or any discriminatory employment action for conducting any data protection tasks. The DPO can be employed internally if they meet the knowledge requirements and do not have any conflicts of interests; some companies may choose to hire an external DPO as a contractor to prevent conflicts of interests and to gain expert advice.
Given that the GDPR will place a much greater emphasis on the professional role of a DPO and hold Controllers responsible for financially costly security breaches, aspiring officers need to acquire extensive knowledge to conduct the role with professional rigour, respect, and authority - all of which can be achieved through undertaking GDPR training courses. Our GDPR courses cover the legal recitals and articles in depth to ensure that all candidates are aware of the legal basis and consequence for each compliance action, in addition to practising proactive data mapping tasks to establish where and how data is transferred within their business.
The new statutory obligation gives citizens new rights, such as the ‘Right to be Forgotten’ which allows them to have their Personal Identifiable Information deleted by an organisation holding personal data on them. Hence, DPOs must possess the skills to quickly but effectively communicate with the public, and have technical system knowledge to respond to such requests. Our GDPR courses are highly proactive and our trainers are engaging, to ensure that candidates can fully comply with all expected legal requirements of the impending GDPR, as dictated by Article 39 - DPOs shall be “designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices”.
Article 39 of the GDPR delineates the expectations of a DPO - as a minimum the DPO must:
Monitor an organisation’s compliance with the GDPR and ensure that there is a common regard and appreciation for the data protection requirements of the new laws amongst individual’s processing or handling personal data of EU citizens
Report security breaches to, and cooperate with, the Supervisory Authority
Monitor the performance of the implemented compliance programme and conduct data protection impact assessments (DPIAs)
Provide and act as a contact point for processing issues raised by the Supervisory Authority and Data Subjects
Assess risks of processing operations - the context, size, and purpose of processing
According to Article 38 of the GDPR, the Data Protection Officer:
Is bound by confidentiality requirements in accordance with Member/Union State law
Must be regularly updated by the Controller and the Processor of all issues concerning personal data protection
Ensure that alternative work conducted does not cause any conflict of interests
Must be a contact point for Data Subjects and must ensure that all requests relating to the rights of Data Subjects are met, including, but not restricted to, subject access requests, data modification, and data erasure
The average salary of a DPO is £62,500**, which represents how valued the role of a Data Protection Officer is. A Data Protection Officer can also operate within alternative aspects of a company to enhance their earning potential, as long as their alternative role does not result in a conflict of interests.
**Information extracted from IT Jobs Watch
The GDPR will elevate the professional profile of both Data Controllers and Processors, however, it will also significantly raise the risk profile - individuals within these roles will require an extensive knowledge of the GDPR articles and compliance strategies. A Data Controller “determines the purposes for which and the manner in which any personal data are, or are to be, processed” and refer to an individual, or an organisation if mentioned as plural (Data Controllers). A Data Controller can be a self-employed consultant or an individual acting on behalf of an organisation. A Data Controller differs from a Data Processor, who “processes the data on behalf of the Data Controller”. Under the old Data Protection Act, the Data Controller was held accountable and liable for compliance, not the Processor; however the new GDPR will enforce an obligation for both Processors and Controllers to be liable for their actions, including direct action from Supervisory Authorities, fines and compensation. The new role definitions will allow the role of Processors and Controllers to become extremely rewarding financially. Given the new liability and knowledge requirements of these roles, it is advised that candidates attend GDPR courses to enhance their awareness of compliance strategies and of the legal basis of the articles.
Click here to see what GDPR Courses we can offer you.