Module 1 | Introductions, Learning outcomes |
BCS Exam details & techniques |
Data protection, privacy and its history in the UK • Article 2 Material scope of UK and EU GDPR • Article 3 Territorial scope and jurisdiction of UK and EU GDPR • Awareness of EU Main Establishment, one-stop-shop mechanism (OSS) • Article 27 UK and EU requirements for Representation |
Principles of Data Protection and Applicable Terminology • Article 4 Definitions of UK and EU GDPR • Article 5 Principles of UK and EU GDPR |
Module 2 | Principles of Data Protection and Applicable Terminology (continued)
|
Lawfulness of Processing Personal Data • Article 6 Lawful Basis of Processing • • Article 9 Processing special categories of personal data • Additional safeguards: UK GDPR Article 9 and DPA18 Schedule 1
|
Module 3 | Lawfulness of Processing Personal Data (continued) • Article 9 Processing special categories of personal data (continued) • The Rules for processing criminal offence data
|
Accountability Principle • Article 5(2) Accountability and Article 24 Responsibility of the controller (accountability obligations) • Article 35 Data Protection Impact Assessments (DPIA) • Article 30 Records of Processing Activity (ROPA) • Articles 13 and 14 Interplay with Privacy Notices
|
Module 4 | Accountability Principle (continued) • Article 25 Data Protection by Design and Default • Article 32 Security of personal data • Article 37-39 The position, tasks and role of the Data Protection Officer
|
Obligations of Controller, Joint Controllers and Processors • Article 24 Responsibilities of the Controller • Article 28 Responsibilities of the Processor • Cloud Service Providers (CSPs)
|
Module 5 | Obligations of Controllers, Joint Controllers and Processors (continued) • Article 26 Joint Controllers • Article 28(3) Data processing agreements
|
International Data Transfers under EU and UK GDPR • Article 44 General principles for transfers • Article 45 UK Adequacy Regulations and EU Adequacy Decisions • Article 46 Appropriate safeguards: - UK International Data Transfer Agreement (IDTA) - EU Standard Contractual Clauses (SCCs) • Article 47 Binding corporate rules • Article 49 Derogations for specific situations
|
Data Subjects Rights • Article 12 Transparency and Modalities • Articles 13 and 14 Information to be provided to a data subject • Article 15 Right of Access • Section 184 Prohibition against enforced subject access requests • Section 185 Void contractual terms relating to health records
|
Module 6 | Data Subjects Rights (continued) • Article 16 Right of rectification • Article 17 Right to erasure • Article 18 Right of restriction • Article 19 Notification obligations • Article 20 Data portability • Article 21 Right to object • Article 22 Automated decision making and profiling Restrictions that may affect Data Subject Rights (as per Article 23 Restrictions and DPA18, Schedules 2 and 3) • Access rights of FOI and EIR • Impact of AI on data rights
|
The Role of the Supervisory Authority (EU) • The role and importance of supervisory authorities • Article 57 Tasks of the Independent Supervisory Authorities • Article 68-73 European Data Protection Board (EDPB)
|
Module 7 | The Information Commissioner’s Office (ICO) • The role of the ICO • Investigative and corrective powers of the ICO as the UK regulator • ICO guidance and codes of practice • Promoting public awareness • Promotion of Privacy Seals, certification schemes and commonly used standards • Advice and reporting to Parliament • Data Protection Fees and Exceptions
|
Breaches, Enforcement and Liabilities and Role of the Tribunal • Articles 33 & 34 Obligations to report personal data breaches to ICO and data subjects • Data Protection Complaints • Sanctions that can be imposed due to breaches or complaints • Reprimands • Notices and Administrative fines • Liabilities of controllers and processors
|
Module 8 | Breaches, Enforcement and Liabilities and Role of the Tribunal (continued) • Criminal liabilities – Offences • Offences under the Computer Misuse Act 1990 • The role of the Tribunal
|
Processing of personal data in relation to children • Article 8 Consent in relation to Information Society Service • Children’s right to erasure • Age Appropriate Design Code (Children's Code)
|
Specific provisions relevant to public authorities • Meaning of Public Authority/Body • Article 6(1)(e) Public Task lawful basis of processing considerations • DPA18 Section 7(2) interplay for public authorities with Article 6(1)(f) • Relevant exemptions from Schedules 2 & 3
|
Module 9 | Application of data protection legislation in key areas of industry • Overview of ICO Codes of Practice: - Employment Code - Surveillance Cameras and Personal Information Code - How the use of cookies and digital technologies is governed by data protection law (and PECR) - Data Sharing Code AI and the processing of personal data • What is meant by AI • AI Risks and Benefits • The Data Protection Principles and AI • DPIAs and AI
|
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) • Link to GDPR consent definition • Types of electronic marketing and obligations
|
Module 10 | Questions & Answers
|
Individual 1-2-1 tutorials
|