This full day course is essential for any firm that uses personal data of customers and/or staff. Delivered in two workshops:
• The morning workshop examines (a) the Data Protection laws & the eight data protection principles (i.e. collection, treatment, permitted processing, retention, storage & security of electronic and manual personal data); and (b) practicalities of compliance (i.e. drafting policies & procedures, staff training, privacy statements) and responsibilities of the Data Protection Officer.
• The afternoon workshop develops relevant skills required to confidently carry out a data protection audit.
Do you know that:
* The DPC continues to investigate and prosecute firms for breaches of the data protection legislation.
* The DPC issued a Personal Data Security Breach Code of Practice in 2010
*New fines of up €250,000 or 10% of a business turnover are provided for and individuals liable up to €50,000 fine.
*The use of Access Requests by individuals – both customers and employees – is increasing every year.
All firms which hold, use or control personal data are bound by the Data Protection laws, regardless of whether or not they need to register with the Data Protection Commissioner (DPC). Recent interventions by the Data Protection Commissioner relating to:
(i) loss of laptops and other data storage devices;
(ii) misuses of personal data by real estate, mortgage, bank and insurance businesses;
(iii) failing to safeguard data on a company’s system;
(iv) individuals’ rights to see their medical reports;
(v) transfer of persons’ transaction data from the EU to the US;
(vi) data security breaches;
(vii) breaches of e-marketing/unsolicited e-communication requirements,demonstrate the DPC’s desire to raise & enforce data protection in Irish society.
The afternoon session provides an intensive workshop on How to Conduct a Data Protection Audit at which attendees will apply their data protection knowledge to learning about the most effective ways to carry out a data protection audit/self-assessment. Compliance Ireland is retained to assist firms inspected by the Data Protection Commissioner, so we know the practical aspects of handling an inspection, dealing with the Commissioner and implementing sound data protection standards. We will share these skills with attendees of this course.
The course contains the following sessions:
- What is Personal Data and Sensitive Personal Data under the Data Protection Acts – getting to grips with the definitions and examples of personal data and sensitive personal data
- The key provisions of the Data Protection Acts – this session will focus on key legislative requirements such as processing of personal data, security of personal data, the statutory requirement for record retention, access requests, transfers of personal data outside the EEA, corporate and senior management responsibility, unauthorised disclosure, confidentiality and whistle-blowing.
- The Eight Data Protection Principles enshrined in law – this session will explain what each principle means, examples of how others have fallen foul of them and most importantly what you can do to help ensure that your firm doesn’t. This session will use examples of employee and customers records and case studies to explain what your obligations include
- Employee records – how to deal with personal data collected in the recruitment process, employment records generally including details of sickness and other absences, as well as records of employees’ personal use of email, internet access & taped telephone calls.
- Practicalities of Data Protection compliance – drafting a data protection/data handling policy and procedures; training of staff; monitoring your firm’s compliance; privacy statements; and the responsibilities of the Data Protection Officer.
How to conduct a Data Protection self-assessment
The afternoon workshop provides attendees with the training and development of relevant skills required to confidently carry out a data protection audit (without which it will be difficult to identify gaps in your business).
Compliance Ireland will provide a step-by-step guide to conducting a self-assessment audit, using specially designed checklists which are fully referenced to the latest legislation to enable attendees to assess and demonstrate their compliance with key sections of the Acts, including:
(a) Drafting a High Level Data Protection Fact Find covering:
Personal data - the reason it is obtained
source of data
Identification of data processors and associated contracts
Third party disclosures · Registration
Data Protection Policy
Staffing and Reporting Structures
Planning and implementing of data protection standards
System audits and reviews
Job descriptions and staff contracts
Key Business Processes.
(b) Checklists for
(1) each of the eight data protection principles;
(2) transfers of personal data outside of the EEA; and
(3) website Privacy Statements.
Who Should Attend:
- Compliance Officers
- HR Managers
- All individuals who hold, control or use personal data are bound by the Data Protection laws and should be aware of their obligations.
Please click here for the latest dates for this course:
Institute of Bankers: Formal CPD Hours
QFA: 2 hours
CPD Member: 2 hours
RS CPD Member: 2 hours
LCOI: 3 hours
Chartered Banker: 6 hours
CeB (Certified Banker): 6 hours
Insurance Institute of Ireland: Formal CPD Hours
CPD Member: 4 hours for MCC Product Categories 4,5,6
ACII/FCII Chartered Insurance Institute CPD Scheme: 4 hours
Irish League of Credit Unions (ILCU)
Operations Stream: 4 hours
Governance Stream: 4 hours