It is impossible to be compliant with data protection legislation unless the data controller organisation knows exactly what personal data it processes and why. This is the more urgent since the General Data Protection Regulation (GDPR) came fully into force in May 2018 and places additional burdens on the data controller.
This course guides practitioners through the kinds of questions to ask in order to discover what data they are handling, how the data was obtained and updated, where it is stored and for what reason it is stored.
This discovery process will feed into the HR, business development and IT departments’ policies and procedures designed to keep the organisation compliant, including the ongoing process of monitoring data and its status.
It will also help organisations to meet the GDPR’s enhanced requirements in relation to the information they may be required to provide to data subjects in Privacy Notices and responses to Subject Access Requests. This subject is explored in more detail in the complementary course taking place on the same day: Data Protection: Privacy Notices, SARs, Consent and More.