Data Protection: Privacy Notices, SARs, Consent and More
The General Data Protection Regulation (GDPR) came fully into force in May 2018 and places additional burdens on the data controller. In particular it requires enhanced information for data subjects in Privacy Notices and responses to Subject Access Requests. This means that organisations must be able to provide not just the information they hold about the subject, but also where the information came from, where it is stored and for how long and for what purpose it is stored.
The GDPR also requires that data controller organisations record their authority for processing the personal data (‘lawfulness of processing’). This applies even to data subject consents which are also becoming more onerous.
This course gives guidance as to how to set up procedures to meet these requirements and maintain compliance. It also examines the new data subject rights (the right to be forgotten, data portability and data restriction) and how these are to be implemented.