When the General Data Protection Regulation (GDPR) was introduced across the EU and into UK Law (Data Protection Act 2018) a lot of media attention was given to the financial penalties organisations could face, should they be subject to a personal data breach.
A personal data breach is more likely to have an immediate impact on an organisation's reputation, and dent the trust of its employees, customers and suppliers.
Our 90 minute course is designed to provide practical guidance on how you can manage a personal data breach, should you encounter one. The course will cover:
- The definition of a personal data breach
- The processes for incident response
- How to asses the risks to Data Subjects
- Communication messages to Data Subjects and other relevant stakeholders
- What steps to take when notifying the supervisory authority (i.e. UK's ICO)
- Record keeping requirements for personal data breaches
- Evaluating the appropriateness of the technical and organisational controls in place to prevent personal data breaches
- Data Controller and Data Processor responsibilities in the case of a breach
- Consequences for failing to notify a supervisory authority of a personal data breach
- Implication for the right to compensation
The training course will use real life scenarios to support the course material. We aim to make the session interactive, we have built in time for you to ask questions. We have also created a number of quick questions to ensure that the course material has been understood.
The course will be facilitated by either Kellie Peters or Regina Lally, both co-founders of Databasix UK and between them have 35+ years experience in the field of data protection.