£49

The GDPR- Turning Words into Action

Event Information

Share this event

Date and Time

Location

Location

WaterShed

1 Canon's Rd

Bristol

BS1 5TX

United Kingdom

View Map

Refund Policy

Refund Policy

No Refunds

Friends Who Are Going
Event description

Description

The most significant change in data protection law is now less than 12 months away. The time for talking is nearly over...now is the time for action.

But how do you assess whether you are “GDPR ready” and what gaps you have?

Join us for a workshop exploring the steps we believe are required to answer those questions – so you are prepared for 25 May 2018.

  • Introduction: why putting the individual at the centre of your plans is critical to success.

  • Step 1: Maintaining Records of GDPR Compliance

    • The GDPR requires evidence of how you are complying with its principles. This requires clarity on the strategic, operational and technical measures you have in place across your organisation. This step looks at the core processes, standards and procedures you will need, and how to assess whether your current approach is compliant.

  • Step 2: Defining your organisation’s setup

  • Step 3: Establishing the personal information landscape

    • In order to manage individual rights, deliver transparency and demonstrate accountability, all organisations will need know the purposes for which they handle personal information, the lawful basis that supports these purposes, and how it transparently manages the personal information. The key challenged is now to relate these legal terms to your organisation and the day-to-day handling of personal information.

    • These two steps require you to define how your orgsnisation is set up – e.g. the internal teams; databases and systems; physical office and storage locations, and third party supplier and partners you work with – and then look in detail at each of the activities each team delivers – e.g. who is the personal information about; where does it come from; where does it all live?

    • From this information, a clear set of purposes, lawful basis and transparency measures can documented. The information also assists in delivering the operational and technical measures defined in Step 1, e.g. enabling the locating of personal data for subject access; enabling assessments of data minimisation.

  • Step 4: Reviewing the personal information management

    • An output from step 3 will be the locations where personal information is stored. Step 4 expands on this, requiring that you consider the controls and measures in place to manage personal information in three states: At rest; in use and in transit.

About the presenters

Gary Shipsey @protectureDPO

Gary is IRMS third Sector Group chair, and co-founder and Managing Director of Protecture.

Gary is approaching 13 years of practical experience turning information law into practice through a variety of information management roles.

Gary is co-author of the Fundraising Regulator’s Guidance “Personal Information and Fundraising: Consent, Purpose and Transparency” and regularly speaks and advises on all things GDPR, data protection and privacy related.

Gary holds the BCS Practitioner Certification in the Data Protection Act, Information Risk Management and Freedom of Information Act,

Rowenna Fielding @MissIG_Geek

Rowenna is Data Protection Lead at Protecture.

Rowenna brings her years of experience at RNIB and the Alzheimer's Society to Protecture.

Rowenna holds the BCS Certificate in Data Protection; ISO 27001 Internal Auditor; Microsoft Certified Network Administrator (Security Specialist); Institute of Direct Marketing: Award, GDPR.

Share with friends

Date and Time

Location

WaterShed

1 Canon's Rd

Bristol

BS1 5TX

United Kingdom

View Map

Refund Policy

No Refunds

Save This Event

Event Saved