Following the outcome of the EU referendum, the UK Government will still need to implement the GDPR or a piece of similar legislation. Processing personal data relating to European citizens will be covered by the GDPR, even if the processing takes place outside the EU. Therefore, if your company is based in the UK but trades within the EU, compliance of the GDPR will still be mandatory. The Information Commissioner’s Office (ICO) and the DMA are both advising companies that there is no reason to delay plans to implement the GDPR as a result of Brexit.
Why does Data Protection matter to marketers?
- Background to the regulation – why was it needed?
- Scope of the GDPR
- Penalties and enforcement
Are the concepts in the GDPR completely new?
- A review of the GDPR vs. the Data Protection Act 1998
- Principles of Data Protection
- GDPR scope and implementation
- Defining Personal Data and a Data Subject
- Special categories of data
How can “Consent” be obtained?
- Defining Consent
- New conditions for obtaining Consent
Is there an alternative to Consent?
- Defining Legitimate Interests
- Conditions for Legitimate Interests
Profiling under the GDPR
- Defining Profiling under the GDPR
- Legal effects of Profiling
- Rules for direct marketing Profiling
The Right to object to direct marketing and Profiling
- Right to object and how to communicate it
What other information must you provide to users?
- What specific rights do individuals have under GDPR?
- Right to erasure
- Retaining data for suppression
- Right to data portability
Impacts on the database and records of processing
- What proof of Consent is required?
Obligations of Data Processors
- Obligations of Data Processors
Data breach notification
- Notifications of data breaches
Accountability and Data Protection Officers
- Principle of accountability
- Data security
- Appointing a Data Protection Officer
- Transfer of Personal Data overseas
- Cross-border campaigns and accountability