Why do you need Data Protection Officer (DPO) Training

You are a public authority or body and have appointed a new DPO or your current DPO is due refresher training

You are not a public authority or body, but you recognise that the nature of your processing activities requires the appointment of a DPO or a single point of contact to act as Data Protection lead

You have appointed a new lead Data Protection person and want them to have more knowledge and understanding of data protection law and practices.

You want to understand the duties and responsibilities of your organisation and the Privacy standards that you need to achieve.

Effective DPO training will

inform and advise you about your organisation’s obligations to comply with the GDPR and other data protection legislation

help you monitor compliance with the GDPR and other data protection laws

support your understanding of which data protection polices you need to have in place

give you confidence to raise awareness of data protection issues, train staff and conducting internal audits

give you knowledge to advise on, and to monitor, data protection impact assessments

support you to understand how the regulatory and supervisory authority work and what they require you to do

allow you to be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers, patients, parents etc)

enable you to take into account the risks associated with the processing you are undertaking, for example how to assess the nature, scope, context and purposes of the processing

encourage you to provide risk-based advice to your organisation, for example where special category data is being processed, or where the potential impact on individuals could be damaging.

The law

Under the GDPR, you must appoint a DPO if:

1. you are a public authority or body (except for courts acting in their judicial capacity);
2. your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
3. your core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences.

This applies to both controllers and processors.

You can still appoint a DPO if you wish, on a full time or ad-hoc basis even if you aren’t required to.

Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organisation has sufficient staff and resources to discharge your obligations under the GDPR. However, a DPO can help you operate within the law by advising and helping to monitor compliance. In this way, a DPO can be seen to play a key role in your organisation’s data protection governance structure and to help improve accountability.

If you decide that you don’t need to appoint a DPO, either voluntarily or because you don’t meet the above criteria, it’s a good idea to record this decision to help demonstrate compliance with the accountability principle.

Aims of the course

At the conclusion of the course you will have the knowledge through expert tuition and learning from case studies to be able to support your organisation by monitoring compliance with the GDPR and other data protection laws and know how to take steps to improve compliance where appropriate.

You will feel more confident to report Data protection issues to the highest management level of your organisation, i.e. board level.