PDP - Compliance News Updates - 24 July 2018

UK regulator receives record number of breach notifications
 
 
PDP header graphic
  Issue: 24.07.2018

News 
UK regulator receives record number of breach notifications
The ICO has published its Annual Report, showing some of the early effects of the GDPR. The number of self-reported data breaches increased by 29% from 2,447 last year to 3,156 this year. In June, the ICO received 1,700 notifications which was a sharp increase compared with previous levels (around 360-390 breach notifications per month). Last year also saw the regulator issue the largest number and amount of civil monetary penalties in the Office's history. This included 26 penalties totalling £3.28 million for breaches of electronic marketing laws relating to nuisance calls and spam text messages, eleven fines totalling £1.29 million for serious security failures under the Data Protection Act 1998, 11 fines to charities totalling £138,000 for unlawfully processing personal data and an £80,000 fine issued to a data broking organisation.   

Japan gets adequacy status
The European Union and Japan have successfully concluded negotiations on a reciprocal finding of an adequate level of data protection. The agreement will allow personal data to flow safely between the EU and Japan, without being subject to any further safeguards or authorisations. This is the first time that the EU and a third country have agreed on a reciprocal recognition of the adequate level of data protection. So far, the EU has adopted only unilateral adequacy decisions with 11 other countries: Andorra, Argentina, Canada (organisations subject to PIPEDA only), the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.    

Inquiry into child sexual abuse fined £200,000 in UK
The Independent Inquiry into Child Sexual Abuse has been fined £200,000 by the Information Commissioner's Office after sending a bulk email that identified possible victims of non-recent child sexual abuse. The Inquiry was set up in 2014 to investigate the extent to which institutions failed to protect children from sexual abuse. In February 2017, an IICSA staff member sent a blind carbon copy email to 90 Inquiry participants telling them about a public hearing. After noticing an error in the email, a correction was sent but email addresses were entered into the 'to' field, instead of the 'bcc' field by mistake. This allowed the recipients to see each other's email addresses, identifying them as possible victims of child sexual abuse. 52 of the email addresses contained the full names of the participants or had a full name label attached.         

Singer's privacy ruling could restrict reporting of police investigations
Resolving a dispute between Sir Cliff Richard and the BBC, the UK High Court has ruled that "as a matter of general principle, a suspect has a reasonable expectation of privacy in relation to a police investigation". As a result of the ruling, the media will only be able to identify the individual in question if it can show that, on the facts of the case, its rights of freedom of expression and the public's right to know outweighs the privacy rights of the individual concerned. The finding has major implications for journalists, who will now need to consider carefully whether they can report information which comes into their hands, for example from anonymous sources, even where they have been able to confirm the accuracy of that information.     

Browser setting rules could be dropped from new e-Privacy Regulation
Plans to compel web browser providers to ask users to set their privacy preferences could be scrapped, according to proposals under consideration by EU lawmakers. The European Commission had set out plans to require web browsers, and other providers of software that permit electronic communications, to inform users of their options to "prevent third parties from storing information on the terminal equipment of an end-user or processing information already stored on that equipment", and to require those users to select a particular privacy setting at the point of installation. However, the Austrian presidency of the Council of Ministers has now proposed to remove those provisions from the new e-Privacy Regulation that is being developed. The Austrian presidency said the original proposals had "raised a lot of concerns" related to "the burden for browsers and apps, the competition aspect, the link to fines for non-compliance but also the impact on end-users and the ability of this provision to address e.g. the issue of consent fatigue", it said.          

Singapore personal data hack hits 1.5m
Hackers have stolen personal data in Singapore belonging to 1.5 million people - about one quarter of the population. According to officials, the hackers broke into the government health database in a "deliberate, targeted and well-planned" attack. Those targeted visited clinics between May 2015 and July of this year. Data taken include names and addresses but not medical records, other than medicines dispensed in some cases. The data of Prime Minister Lee Hsien Loong, who has survived cancer twice, including information on his outpatient dispensed medicines, was "specifically and repeatedly targeted".     
 
Dutch regulator to check compliance with GDPR
The Dutch Data Protection Authority has started an exploratory investigation to see how well large organisations are complying with the new European privacy regulations. The sample will come from ten sectors: industry and metal, water supply, construction, trade, catering, travel, communication, financial services, business services and healthcare. No names will be mentioned in the study and there will be no consequences for any company found lacking.    

More in depth data protection news and articles... 

PDP Journals logo
 
Privacy & Data Protection journal
Privacy & Data Protection Journal 
 
 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.
 


17th Annual Data Protection Conference (GDPR)

17th Annual Conference

11th & 12th October 2018 - London, UK 
** London's leading two-day GDPR Conference **  

Keynote:
James Dipple Johnstone
 
How the ICO will exercise its New Powers
James Dipple-Johnstone 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the General Data Protection Regulation, and to help organisations ensure they are compliant.
 
16th Annual Data Protection Compliance Conference

  
* Speaker Highlight *
 
Naomi Vann 
Outsourcing - Overcoming the GDPR Challenges         
 
Naomi Vann - Managing Legal
Counsel, RBS
 
Commencing and maintaining relationships with service providers has become more challenging under the GDPR. This talk looks at the increased need for due diligence before engaging a provider, the changes to contracts that are needed under Article 28 GDPR, the complexities that arise when a provider can be a controller for some activities and a processor for others, and the practical issues that must be considered in relation to sub-processors. Naomi describes her experience of handling the changes required to her organisation's relationship with hundreds of processors as a result of the enhanced GDPR requirements.
 

For more information and to book your place:
  • Visit PDP Conferences 
  • Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. 
  • Telephone +44 (0)207 014 3399
 
 
PDP Training logo


Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
 
Here is a selection of courses taking place shortly:
Damien Welfare_ Cornerstonoe Barristers
Damien Welfare
Cornerstone Barristers
The Data Protection Act 2018 makes key changes to data protection law in the United Kingdom. It supplements the GDPR, and the two have to be read together to have a complete picture of the UK position. It adds to the "lawful bases" on which special category data may be processed, sets out the extensive exemptions to the GDPR which apply in the UK, defines the scope of much processing in the public sector, and applies rules based on those in the GDPR to processing for activities which fall outside EU competence. This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective, including:
  • modifications to key definitions contained in the GDPR, and their significance
  • the lawful bases  for processing special category personal data in the UK - when and how they will apply, and how controllers can take advantage of them
  • exemptions from the GDPR in the UK
  • the age of consent of children to processing for internet society services
  • how provisions based on the GDPR are applied by the Act to activities outside EU competence
  • the conditions for processing personal data on criminal matters
  • modifications to the rights of individuals
  • public interest processing - scope and applicability
  • restrictions on the applicability of certain aspects of the GDPR in the UK
  • enhanced powers of the Information Commissioner, including entry and inspection, and the new enforcement regime
It is recommended that delegates attending this session have at least a basic knowledge of current data protection legal requirements under the GDPR. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is next taking place on the following dates (further dates available online):
  • London           Monday, 1st October 2018
  • Manchester    Monday, 12th November 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Accountability - How to Comply with the GDPR's Requirements
Jenai Nissim_ TLT
Jenai Nissim
TLT
For the first time in data protection law, the GDPR introduces the requirement of "accountability". In basic terms, accountability means that organisations are not only be required to comply with data protection requirements, but also that they must demonstrate that they comply.Demonstrating compliance consists of several elements, including preparing policies, monitoring compliance with internal policies and procedures, amending job roles and updating customer facing documentation such as websites and offline forms.This highly practical sessions looks at the detail of what accountability requires, and provides delegates with all the knowledge and tools necessary to achieve compliance in their organisations.It is recommended that delegates attending this session have a basic knowledge of current data protection legal requirements. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is taking place on the following dates:
  • Brussels         Friday, 14th September 2018
  • Manchester    Friday, 28th September 2018
  • Isle of Man     Monday, 15th October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
 
Estelle Dehon_ Cornerstone Barristers
Estelle Dehon
Cornerstone Barristers
This course is an introductory level course for all those that are new to data protection and the GDPR, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.This invaluable and practical training session examines core concepts of practical data protection compliance.This course can be used as credit towards the Practitioner Certificate in Data Protection.The upcoming available dates for this course are (further dates available online):
  • Belfast     Monday, 10th September 2018
  • London    Monday, 17th September 2018
  • Bristol      Monday, 22nd October 2018 
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
     
This practical training session is designed for those that work in the field of data protection. The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.The Level 2 course is designed as a natural progression from Data Protection Essential Knowledge - Level 1, although attending Data Protection Essential Knowledge - Level 1 is not a pre-requisite to attending the Level 2 unless you are a complete beginner to data protection.Attendance on this course can be used as credit towards the Practitioner Certificate in Data Protection.The upcoming available dates for this course are (further dates available online):
  • Belfast     Tuesday, 11th September 2018
  • London    Tuesday, 18th September 2018
  • Bristol      Tuesday, 23rd October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue

Practitioner Certificate in Data Protection - GDPR Conversion Programme
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
 
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis.
 
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
MutualOne 
 
Find out more >
   

 
   
*Autumn training course dates have been announced*
 
DPA 2018 training

This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective. 
   

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR. Find out more & Order your copy here >

Practitioner Certificate in Data Protection - GDPR Conversion Programme
The online self-study Programme for candidates who gained their qualification prior to 2018 to upgrade their qualification for the GDPR era.

"I'm delighted to have passed the GDPR Conversion Programme Examination. The Programme was both enjoyable and challenging, providing an in depth look at the changes GDPR brings and how to apply these in practice.  I am now confident that my knowledge of Data Protection Law remains up to date and comfortable that I can apply the new regulations in practice in my day to day role."
Find out more >
   


Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
IBM
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Investigator
Pearson Education
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
mutualone
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
 
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom
 
 
 

Medical records - did you know?

PDP - Compliance News Updates - 17 July 2018

Facebook faces record £500,000 fine for breaching Data Protection Act
 
 
PDP header graphic
  Issue: 17.07.2018

News 
Facebook faces record £500,000 fine for breaching Data Protection Act
The UK regulator intends to fine Facebook £500,000 for breaches of the Data Protection Act. In a progress report about its ongoing investigation into the misuse of personal data by political parties, the Information Commissioner's Office said the social media giant broke the law by failing to safeguard people's information, and failing to be transparent about how people's data were harvested by others. The regulator also issued a Notice of Intent to fine data broker Emma's Diary (Lifecycle Marketing (Mother and Baby) Ltd) for selling data for use in the 2017 general election campaign without disclosing it might do so, and warning letters to 11 political parties and notices compelling them to agree to audits of their data protection practices. The ICO's investigation is expected to be concluded in October 2018.   

UK government stands by 'adequacy-plus' Brexit data protection proposals
The UK government has reiterated its call for a new 'adequacy-plus' style deal with the EU27 on data protection to apply post-Brexit in its recently published White Paper. The government said it is looking for an agreement on data protection that builds on the traditional adequacy arrangements, but goes further in two respects: "On stability and transparency, it would benefit the UK and the EU, as well as businesses and individuals, to have a clear, transparent framework to facilitate dialogue, minimise the risk of disruption to data flows and support a stable relationship between the UK and the EU to protect the personal data of UK and EU citizens across Europe; and on regulatory cooperation, it would be in the UK's and the EU's mutual interest to have close cooperation and joined up enforcement action between the UK's Information Commissioner's Office and EU data protection authorities," the government said. The UK is ready to begin preliminary discussions on an adequacy assessment so that a data protection agreement is in place by the end of the Brexit implementation period (scheduled for the end of December 2020).   

European Parliament calls for suspension of EU-US Privacy Shield unless US can comply fully
The European Parliament has issued a nonbinding resolution calling on the European Commission to suspend the EU-US Privacy Shield unless US authorities can "fully comply" with the framework by 1st September 2018. The Resolution states that the data transfer mechanism does not provide the adequate level of protection for personal data as required by EU data protection law. The Resolution takes issue in particular with the potential access to EU residents' personal data by US national security agencies and law enforcement, citing the passage of the US CLOUD Act as having "serious implications for the EU, as it is far-reaching and creates a potential conflict with the EU data protection laws." The Resolution is nonbinding, and the European Commission reportedly has stated that a suspension of the framework is not warranted at this time.        

New training course on UK DPA 2018
The Data Protection Act 2018 makes key changes to data protection law in the United Kingdom. It supplements the GDPR, and the two must be read together to have a complete picture of the UK position. This training course focusses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective. Information on the  content, and upcoming dates, can be viewed here.     

New restrictions to be placed on UK communications data access
New restrictions are to be placed on accessing communications data in the UK after the government moved to implement an EU court ruling applicable to surveillance laws in place in the country. The proposals are contained in the draft Data Retention and Acquisition Regulations 2018 and the draft Investigatory Powers (Codes of Practice and Miscellaneous Amendments) Order 2018, both of which have been laid before the UK Parliament. The changes will, among other things, cut the number of cases in which communications data can be accessed by UK authorities for the purposes of fighting serious crime. They will also require the authorities to seek the approval of an independent body for the right to continue accessing communications data three days after they were given the right to do so through an 'urgent' internal sign-off process.         

Scale of cybercrime behind new London cyber court plans, according to experts
Plans to open a new court in London to specialise in resolving cases concerning cyber-crime, fraud, and economic crime have been welcomed by legal experts, who believe the move reflects the scale of cyber-related crime businesses are dealing with. Earlier this week, the Ministry of Justice and HM Courts & Tribunals Service announced that a new 18 courtroom premises on the site of Fleetbank House in London is to be built. Planning permission is still to be obtained and funding arrangements finalised, but the court is due to be completed in 2025. Lord Chancellor David Gauke said the new court would send "a further message to the world that Britain both prizes business and stands ready to deal with the changing nature of 21st century crime".        

Brazil's Senate passes data protection law
Brazil's Federal Senate has approved a Data Protection Bill of Law. The Bill, which is reportedly inspired by the EU General Data Protection Regulation, is expected to be sent to the Brazilian President in the coming days. The Bill will take effect 18 months after it is published in Brazil's Federal Gazette.     

'Legitimate interest' may permit processing of 'silent party data' under PSD2
Businesses in the payment services market do not necessarily require consent of 'silent parties' to process their personal data when providing payment initiation or account information services to their customers, the European Data Protection Board has said. The clarification was given after Member of the European Parliament, Sophie in't Veld, asked the EDPB to clarify whether data protection laws allow Account Information Service Providers and Payment Initiation Service Providers, as defined by the revised Payment Services Directive, to process data of silent parties, so as to perform the services requested of them by customers where they have not obtained the consent of the silent parties to do so. The EDPB said AISPs and PISPs may not require the consent of silent parties to process their data.       

Kenya considers Data Protection Bill
A draft Bill that would establish a comprehensive data protection regime in Kenya has been introduced. The Data Protection Bill would require "banks, telecommunications operators, utilities, private and public companies and individuals" to obtain data subjects' consent before collecting and processing their personal data. The Data Protection Bill also would impose certain data security obligations related to the collection, processing and storage of data, and would place restrictions on third-party data transfers. Violations of the Data Protection Bill could result in fines up to 500,000 shillings (£3750) and a five-year prison term.          
 

More in depth data protection news and articles... 

PDP Journals logo
 
Privacy & Data Protection journal
Privacy & Data Protection Journal 
 
 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal.
 


17th Annual Data Protection Conference (GDPR)

17th Annual Conference

11th & 12th October 2018 - London, UK 
** London's leading two-day GDPR Conference **  

Keynote:
James Dipple Johnstone
 
How the ICO will exercise its New Powers
James Dipple-Johnstone 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the General Data Protection Regulation, and to help organisations ensure they are compliant.
 
16th Annual Data Protection Compliance Conference

  
* Speaker Highlight *
 
Eduardo Ustaran  
The Long Term Viability of the Privacy Shield and Model Clauses        
 
Eduardo Ustaran - Partner, Hogan Lovells
 
Some of the most commonly used methods to legitimise international data transfers are under serious scrutiny. For data exports to the United States, the Privacy Shield is an attractive option. But the constant challenges to the legality of the Shield, as well as the political climate, are questioning its survival. Commonly used tools like model clauses have also been challenged and will likely need to be revised. How can companies proceed in the uncertain world of data globalisation?

For more information and to book your place:
  • Visit PDP Conferences 
  • Send us an This email address is being protected from spambots. You need JavaScript enabled to view it. 
  • Telephone +44 (0)207 014 3399
 
 
PDP Training logo


Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
 
Here is a selection of courses taking place shortly:
Damien Welfare_ Cornerstonoe Barristers
Damien Welfare
Cornerstone Barristers
The Data Protection Act 2018 makes key changes to data protection law in the United Kingdom. It supplements the GDPR, and the two have to be read together to have a complete picture of the UK position. It adds to the "lawful bases" on which special category data may be processed, sets out the extensive exemptions to the GDPR which apply in the UK, defines the scope of much processing in the public sector, and applies rules based on those in the GDPR to processing for activities which fall outside EU competence. This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective, including:
  • modifications to key definitions contained in the GDPR, and their significance
  • the lawful bases  for processing special category personal data in the UK - when and how they will apply, and how controllers can take advantage of them
  • exemptions from the GDPR in the UK
  • the age of consent of children to processing for internet society services
  • how provisions based on the GDPR are applied by the Act to activities outside EU competence
  • the conditions for processing personal data on criminal matters
  • modifications to the rights of individuals
  • public interest processing - scope and applicability
  • restrictions on the applicability of certain aspects of the GDPR in the UK
  • enhanced powers of the Information Commissioner, including entry and inspection, and the new enforcement regime
It is recommended that delegates attending this session have at least a basic knowledge of current data protection legal requirements under the GDPR. Delegates with no existing knowledge may find it helpful to attend Data Protection Essential Knowledge Level 1 before attending this training course.The course is next taking place on the following dates (further dates available online):
  • London           Monday, 1st October 2018
  • Manchester    Monday, 12th November 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
 
Estelle Dehon_ Cornerstone Barristers
Estelle Dehon
Cornerstone Barristers
This course is an introductory level course for all those that are new to data protection and the GDPR, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.This invaluable and practical training session examines core concepts of practical data protection compliance.This course can be used as credit towards the Practitioner Certificate in Data Protection.The upcoming available dates for this course are (further dates available online):
  • Belfast     Monday, 10th September 2018
  • London    Monday, 17th September 2018
  • Bristol      Monday, 22nd October 2018 
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
     
This practical training session is designed for those that work in the field of data protection. The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.The Level 2 course is designed as a natural progression from Data Protection Essential Knowledge - Level 1, although attending Data Protection Essential Knowledge - Level 1 is not a pre-requisite to attending the Level 2 unless you are a complete beginner to data protection.Attendance on this course can be used as credit towards the Practitioner Certificate in Data Protection.The upcoming available dates for this course are (further dates available online):
  • Belfast     Tuesday, 11th September 2018
  • London    Tuesday, 18th September 2018
  • Bristol      Tuesday, 23rd October 2018
     
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
 
Modern Slavery Act - Essential Knowledge
Keith Read, Compliance Expert
Keith Read
LRN
The UK Modern Slavery Act became law in March 2015 and has now become a very high profile issue for organisations, not least due to the recent £40M government boost to battle against modern slavery in the UK.The legislation includes several new obligations, including a requirement on organisations with a turnover of £36M or more to prepare an annual slavery and human trafficking statement. As part of their modern slavery strategy, organisations are likely to need to appoint someone senior to be responsible for compliance, as the Act has numerous repercussions and involves risk assessments, due diligence and the introduction of new policies and training practices. Modern slavery may be unfamiliar territory to many organisations.This one-day training course provides a thorough foundation in practical modern slavery, covering all the critical areas. MoreDelegates have the opportunity to work through a number of practical case examples and a major case study drawn from industry-specific scenarios, supported by relevant internationally-published Whitepapers produced by the course Trainer. The course is highly interactive, with plenty of opportunity for questions.  The next available date for this course is:
  • London    Thursday, 27th September 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

 
   
*Autumn training course dates have been announced*
 
DPA 2018 training

This course focuses on assisting those working in mainstream data protection compliance (in both the private and public sectors) to understand the DPA 2018's implications from a practical perspective. 
   

Practitioner Certificate in Data Protection - GDPR Conversion Programme
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
 
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis.
 
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
MutualOne 
 
Find out more >
   

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR. Find out more & Order your copy here >

Practitioner Certificate in Data Protection - GDPR Conversion Programme
The online self-study Programme for candidates who gained their qualification prior to 2018 to upgrade their qualification for the GDPR era.

"I'm delighted to have passed the GDPR Conversion Programme Examination. The Programme was both enjoyable and challenging, providing an in depth look at the changes GDPR brings and how to apply these in practice.  I am now confident that my knowledge of Data Protection Law remains up to date and comfortable that I can apply the new regulations in practice in my day to day role."
Find out more >
   


Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
IBM
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Investigator
Pearson Education
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
mutualone
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
 
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom
 
 
 

The history of the NHS

To celebrate the 70th birthday of the NHS,

NCCQ Successful Candidates - March 2018

 

Congratulations to the following candidates who were successful in passing the National Clinical Coding Qualification Examination held on 27 March 2018.

IHRIM's 70-year Platinum Anniversary Giveaway!

To celebrate IHRIM's 70-year Platinum anniversary, we are giving away prizes

Legals

Quick Links

Connect with IHRIM
February   2019
M T W T F S S
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28      

Mobile Menu