The General Data Protection Regulation (GDPR) will be law on 25th May 2018. It represents a fundamental redrawing of the way organisations will manage personal data in the physical and digital world of the 21st Century. It is an extensive regulation with major penalties for failings and non-compliance.
It is one of many regulations that organisations have to implement concerning personal data:
Organisations have other objectives around managing personal data:
All of these objectives have to be achieved. It is critical that GDPR is implemented in way that supports these other goals and avoids wasted effort. A silo'ed approach to implementing GDPR or any project concerning personal data will create more problems than it solves.
Respect for and protection of personal data needs to be embedded in the culture, values, systems, processes and management of organisations. It requires a multi-faceted approach:
GDPR tells you WHAT TO DO.
EDMworks Data Management Agenda for Privacy explains HOW TO DO IT.
It is designed to provide a comprehensive set of communications and training courses to enable organisations to implement both top-down and bottom-up approaches effectively and economically. The following courses are included in the programme:
Over the last 20 years the internet and mobile apps have fundamentally changed our world. Data growth is exponential and cyber crime is growing. The law needed to catch up and GDPR is the European Union's response.
GDPR: Key Facts is a short, concise course aimed at communicating the key principles, data subject rights, obligations of organisations, sanctions and supervisory regimes.
It is ideally suited as a general awareness module for all staff
GDPR: Key Facts and Impacts is an extended version of GDPR: Key Facts . It goes into much greater detail about the regulation and contains additional material describing how organisations should go about planning and implementing GDPR.
It provides a realistic grounding for all staff working on any GDPR related activities. It looks at GDPR within the context of other priorities for reforming and improving the way organisations need to manage personal data
The course contains a certification test to assure appropriate understanding of the concepts, purpose of GDPR together with sensible approaches for implementation
Why do we have problems with data?
We can never get exactly what we need, the quality is not good enough, it takes too long and costs too much to fix and nobody is accountable for it when it is wrong.
Most organisations struggles with data. The bigger the organisation, the bigger the struggle and the greater the negative impact of bad data.
So maybe we are not 'seeing' data in the right way.
In this short course we step back from the normal views of data. We look at the ideas of leading thinkers such as David Eagleman, Edwards Demming and Peter Senge. We explore the impact of 'command and control against 'bottom up driven change'. Then we 'play' with a few data problems to get some new perspectives around data and how to manage it.
In the data protection space, the course will give real insights into data and will provide sensible perspectives on issues like pseudonymisation and separation of control. A poor implementation of these concepts can cause serious commercial damage.
Management Accountability is the backbone of GDPR. Regulators have the tools and teeth to hold senior managers to account and sanction failings. On the positive side, GDPR is intended to foster an environment of trust between organisations, their clients, employees and regulators.
This means respecting the privacy rights of individuals (as listed in GDPR) by ensuring appropriate:
WHAT you have to do is pretty clear. The challenge lies in HOW you go about doing it!
Organisations have found it extremely difficult to allocate accountability for data to senior management in a meaningful way. There are numerous impediments including (1) complexity of data systems architecture for medium to large firms, (2) separation of systems from process owners. (3) alignment with other accountability regimes, such as the Senior Management Regimes for banking and insurance and (4) the need to focus on other business priorities.
This course is based on several years experience of data governance and oversight projects concerning allocation of ownership and accountability for data for management and regulatory purposes. The course will clarify the issues in this area and describe various management models that have been used successfully.
Data about people is one of the most important data sets an organisation possesses.
Failure to realistic, comprehensive and aligned policies and strategies causes confusion, inefficiency, poor decisions, excess cost and waste.
GDPR and numerous other factors are causing firms to fundamentally reappraise their approach to managing data about people.
The first priority is to create realistic policies and strategies that are appropriate to the specific organisation. One size does not fit all.
This course reviews the various issues that data related policies have to address (e.g. security, records management, data management) and describes structures and approaches for devising and writing policies and strategies appropriate for each organisation.
GDPR grants new rights to individuals concerning data that organisations hold on them. It also imposes new demands on organisations and accountabilities for the people that manage them. The regulators have greater powers of access to and audit of data and the processes, systems, controls and governance around them.
Data governance is a critical part of an organisations response to GDPR and the creation of a trusted partnership between the organisation and its stakeholders.
This course provides best practice data governance approaches, describes the key aspects of GDPR and explains how governance should be implemented to support GDP compliance.
This course is designed for people working either in data privacy or data governance who need an in depth understanding of how GDPR compliance will be supported by and aligned with data governance.
GDPR is a major regulation concerning data privacy and the management of data about people.
Many other regulations impact data about people.
There are also may regulations impacting areas relating to GDPR. It is important relevant other regulations and priorities are taken into account when preparing plans for transforming processes, systems and accountabilities within the organisation.
This course provides an overview of major legislation impacting financial services. It also provides a realistic data model that provides a common basis for assessing regulatory impact and creating a cohesive plan for data.
There is a significant amount of 'self-regulation' involved in many of the new pieces of legislation that are being implemented. BCBS 239, MIFID II and KYC all contain elements involving internal scrutiny and compliance with regulation.
Inevitably, the burden falls on the internal and external auditors to review processes and controls in order to assess capability and report on compliance.
Data quality and management has become increasingly central as a target for compliance monitoring.
This course provides an overview of data strategy, architecture and models at a level that can be used for internal audit review and constructive formulation of audit points.
The course contains EDMworks regulatory data model and describes enhanced internal audit processes that support the development and growth of best practice data governance and management.
The General Data Protection Regulation will enter into force on the 25th of May 2018. There are numerous measures which need to be taken by organisations to prepare for implementation.
One of the most important measures for GDPR is to make sure that organisations have the right senior staff in key roles. In some circumstances, companies may be required to designate a Data Protection officer (DPO). Failure to appoint a Data Protection Officer could lead to security systems or process failures. This could give rise to administrative fines as high as €10,000,000 or 2% of the company’s worldwide turnover, depending on which amount is higher.
A survey of the International Association of Privacy Professionals claimed that there would need to 28,000 new DPOs in the European Union to comply with GDPR.
The Data Protection Officer is an important figure who will help the company to prepare for the changes. A Data Protection Officer is already the organisation's expert in data protection. The DPO role has new duties according to GDPR.
This course concentrates on the responsibilities of Data Protection Officer according to the requirements of GDPR.
A Privacy Impact Assessment is a key decision–making process aimed at identifying and mitigating privacy risks throughout the lifecycle of a system or product.
GDPR has transformed the need to create an organisation wide understanding of personal data processing and usage.
Thi GDPR ready course describes the PIA process within the organisation wide context of personal data being managed in different ways in different parts of the organisation.
The course describes the usage of best practice data governance techniques to create a personal data inventory to understand data collection, flow, storage and usage.
The PIA becomes a living document that can be used to manage privacy risk as the organisation evolves.
One of the most striking features of GDPR is the need for organisations to manage security breaches and the risks to the organisation and data subjects impacted by the breach.
It is essential to have a best practice approach to managing breaches and to know how to use the governance tools and data inventories to support rapid analysis of the impact of the breach and to take action to minimise damage to affected parties.
Each organisation will need policies and strategies for overhauling their processes, systems and accountabilities to ensure they are fit for purpose for GDPR.
Design, governance, consent management, operations, risk, audit and many other functions will need to work in a consistent, collaborative manner in order to achieve an environment where personal data is managed efficiently and effectively.
That success will be based on having a cohort of key data practitioners placed around the organisation who understand the big picture and are tasked to make their part of the organisation compliant with the overall approach.
GDPR is essentially a law about the control of personal data.
The success of GDPR implementation and compliance is critically dependent upon an enterprise wide understanding of the data in scope and the consents model controlling access and usage to that data.
The GDPR Architecture and Model for Privacy and Consent course provides a comprehensive data model that will support product/system design, PIA review, Breach Incident Management, data governance, Risk Management, Audit and oversight functions.
The course comes with EDMworks proven enterprise data model and is customisable for your organisations own internal data architecture and model.
The course also describes best practice for writing auditable transformation specifications for the transmission of data from one system to another.
Fit for purpose data and associated processes and controls lies at the core of GDPR compliance.
Data is typically consumed in multiple places in an organisation so "fitness for purpose" can vary accordign to the needs of each consumer. For example, the requirements for completeness, accuracy and timeliness will vary for according to consumer needs.
A data quality management process that works on a risk based, consumer lead priority basis is the smart way to ensure the effort is focused for maximum benefit.
This data quality course provides best practice DQ processes and techniques and focuses strongly on the needs of GDPR to support full and effective compliance together with the development of trusted stakeholder relationships based on accurate and timely data.
+44 (0) 20 3397 3462
37 Warren St, London, W1 6AD
© 2020 Digital Innovation Systems Ltd firstname.lastname@example.org | +44 (0) 20 3397 3462