Management accountability is the backbone of the General Data Protection Regulation. Named senior management will be accountable for personal data. Regulators have the tools and teeth to hold senior managers to account and sanction failings.
On the positive side, GDPR is intended to foster an environment of trust between organisations, their clients, employees and regulators. For many organisations, GDPR compliance will mean an overhaul of how they manage data about people. The tasks will include:
- Implementing new processes/systems/controls/oversight to satisfy (1) new rights of Data Subjects, (2) new demands from regulators and (3) upgraded risk management, compliance, governance and internal audit
- Upgrading systems/data architecture to provide a cohesive framework for the above changes
- Effecting cultural change, ensuring "Privacy by design and default" is placed at the heart of the organisation and enforced through policies and codes of conduct
- Designing and implementing a data ownership model
- Defining management roles, responsibilities and accountabilities
- Communicating with, and training, your people
WHAT you have to do is reasonably clear. This course is about HOW you go about doing it! It provides a comprehensive overview of the challenges facing senior management and industry best practice approaches for addressing them.
This course is part of the Data Management Agenda for Privacy
- A broad understanding of GDPR with specific depth in the areas that impact senior management
- Senior management perspectives on the challenges posed by GDPR for medium to large organisations
- The broad landscape for managing data about people
- Knowledge of best practice data ownership models
- Typical roles and responsibilities for key staff
- Outline training plans
- GDPR Key Facts and Impacts eLearning course is included in this course for the basic content on rights, obligations, sanction etc. It is important to be familiar with the core concepts before attending the workshop.
- A two hour seminar format (breakfast or end of day) to discuss key concepts and approaches as detailed below
The eLearning Module takes approximately 40-60 minutes.
The seminar lasts for two hours.
The eLearning module comes with an optional certification.
The seminar has an optional certificate of attendance.
The eLearning course modules and certification test are globally available without restriction.
They can be accessed 24/7.
Please contact us by clicking the button below or emailing info@emworks.com.
The cost of the course for one delegate is GBP 250.00 (plus VAT where applicable). This cost includes a licence for GDPR Key Facts and Impacts plus attendance at one of the breakfast briefings.
If you would like to pay against an invoice then please email us with Purchase Order details at sales@edmworks.com.
If you are interested in making a bulk corporate order, please email sales@edmworks.com for more information.
- The eLearning Course
- A recognised certificate
- An entry in the EDMworks Global Register
GDPR and the Senior Manager (SM)
- The rights of data subjects under GDPR
- The implications for the organisation
- The implications for senior managers
Responses required for GDPR
- Key processes for normal and exceptional operations
- Risk Management, governance and oversight
- A culture of respect and protection
- An understanding of personal data management
The Data Management Perspective
- Data is at the heart of the organisation
- Privacy is just one aspect to be managed. Other demands on data about people
- Where is the data?
- What are the flows, controls and quality?
Best Practice Ownership and Accountability Models
- Lessons learned from the banking crisis
- Proven governance and control models
- Risk based prioritisation and allocation of resource
- Development of key practitioners in key areas
- Collaboration
- Pragmatic approach to data flows and storage
Do's and Don't for Senior Managers
- Do focus on culture and empowerment
- Do have clear governance, escalation and remediation capabilities
- Do identify and document key systems and data
- Do scope roles, define responsibilities and name names
- Don't create a goverance monster you can't control
- Don't create a separate 'tick in the box GDPR' project
- Don't assume. Period!
