GDPR (General Data Protection Regulation) is getting closer (May 2018), so getting your charity, business or organisation ready is getting more urgent. If you’re already well advanced with preparations, then well done, but if you’re just getting started, need to understand the basics or simply need to get more staff up to speed, then perhaps our upcoming GDPR training session will be useful.
“GDPR basics – getting yourself ready” is a two hour briefing/workshop to help you get up to speed.
There’s already no shortage of information and guidance on GDPR. You can get to lots of that via my article here. There’s nothing stopping you reading it all and getting your own plan together (indeed you probably should start looking at it all). But two (many?) heads are better than one. So I hope by coming together in this workshop I can summarise all this information, clarify practical issues, give examples and templates and allow discussion around our real life examples and how we might solve them (before May).
Places are limited. Booking essential. £20 per person (for VANEL member organisations) or £30 for non-members. If necessary we may restrict numbers of people attending from one organisation. Book directly with me (Karl Elliott – firstname.lastname@example.org)
There are currently 3 scheduled dates (each is the same course)
Tuesday 12th June, 2-4pm
Sessions can also be scheduled with your group at a convenient date/venue. Please enquire.
Each session takes place at VANEL offices in Grimsby and is delivered by Karl Elliott, Development Manager at VANEL (who is leading on establishing GDPR compliance for VANEL).
Please bear in mind that this is not a legal briefing. This is a briefing from within the voluntary sector trying to interpret GDPR in a practical way so that you are clearer on how if affects your own organisation. You’ll still need to read available information, advise and guidance from other sources and make your own judgements on what is best for your organisations. But hopefully we can provide useful guidance as you do this.
Further detail about the content of the training session.
What am I aiming to cover in this two-hour workshop?
Firstly it’s about the practicalities and the process of getting your organisation ready for and compliant with GDPR. It’s not a legal briefing.
I’ll set out the context for Data Protection and what GDPR is, what is new and different, and we’ll explore the various terminology. There is a huge amount of information already out there, an expanding set of advice and interpretation of the legislation, videos, webinars and so much more. You’ll need to take heed of much of this, but I’ll cover all the essential information and where to find more.
I’ll look at each step along the journey of getting your organisation GDPR compliant. Steps include:
getting management, trustees and the team onboard
training staff and volunteers
assessing what personal data you collect, store and process
understanding what legal basis you use to process this data
setting up recording and evidencing systems including ROPA (your Records of Processing Activities)
updating privacy policies
putting procedures and processes in place to deal with access requests
dealing with data security
understanding consent vs legitimate interests
We’ll look at some real world scenarios and understand how they will map onto your organisation and onto GDPR. And we’ll look at detail when it’s necessary to help you understand the practical implications of GDPR better.
We’ll also quickly discuss other legislation that’s relevant – the Privacy and Electronic Communication Regulations (PECR), the Fundraising Code of Practice, Telephone Preference Service and more. These have an impact too on the way you handle data.
Our smaller charities seldom transfer data internationally. We’re unlikely to need independent Data Protection Officers. And there’s probably lots more that we don’t need to lose sleep over. However, we do need to understand what we need to do, be rigorous, record and evidence our decision making processes and be ready to deal with new aspects of data protection such as access requests.
After the session I’m hoping you’ll be able to understand GDPR much more clearly as well as understanding how to prioritise everything you need to do – both before and after 25th May 2018.
Karl Elliott, Development Manager, VANEL
article updated 20th March 2018 to reflect additional description of the course