Training for health and social care bodies on the General Data Protection Regulation (GDPR)

In May 2018, the Data Protection Act 1998 (DPA) will be scrapped and replaced by the new EU General Data Protection Regulation, with significant implications for information governance in the health and social care sector. This will include new rights for data subjects, special rules for children’s personal data, changes to consent requirements, scrapping of subject access fees, a new enforcement regime and bigger financial penalties for breaches.

Are you ready for the GDPR?

As part of our ongoing commitment to providing high quality legal services and supporting NHS bodies in achieving best practice, we are pleased to offer innovative training options to the health and social care sector on the GDPR. Designed to assist you to tackle the new GDPR practically, our training can assist your organisation to ensure that it is compliant with the new legislation.

Reform of EU Directive 95/46/EEC (upon which our beloved DPA is based) has been on the cards since 2012. The need for reform is generally considered to be uncontroversial; the current law requires modernisation to reflect changes in technology and how personal data is processed. More generally, recognition of the importance of individuals’ rights over their data requires reform of data protection law to provide for improved rights and strengthened enforcement.

The new GDPR will enable greater harmonisation across the EU and is more prescriptive as to what member states must do, and how, than the current Directive 95/46/EC. Crucially, the GDPR will have ‘direct effect’ and does not need to be implemented by domestic legislation.

It will come into force on 25 May 2018, while the UK remains within the EU, and will be converted into UK law when the UK leaves the EU. As stated by the Information Commissioner, ‘The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.’

Our specialist information governance lawyers have a wealth of experience of advising health and social care bodies on data protection issues. Our understanding of the unique issues facing the health and social care sector, combined with our technical expertise and practical experience, enables us to provide training that is informative, valuable and relevant to you.

Together, we can help ensure that your organisation is ready for the GDPR.

Comprehensive training package

Our recommended full training package is aimed at staff who are involved in the day-to-day management of information governance issues and lasts four hours. Through a combination of formal training, interactive case studies and informal discussion, the key issues that will be explored by this training package include: 

• An overview – you will learn your way around the GDPR
• Key definitions – you will consider the new definitions on which the GDPR is based including the more detailed definition of ‘personal data’, ‘special categories of personal data’ and the new principles of the GDPR
• Processing conditions – discuss the new processing conditions and how they should be applied by your organisation. Consider the changes that may be required to existing grounds for processing used by your organisation
• Rights of the data subject – learn about the new rights of data subjects including changes to rights of access
• Data controllers and data processors – understand the new obligations that are being imposed on data processors and recognise what should be included in data processing agreements
• Remedies, liabilities and sanctions – understand the risks to your organisation if it does not comply
• Key areas to consider – leave our training session with an understanding of the GDPR and what it means for your organisation together with actions to take to assist in preparation for its implementation

Cost: £1200 plus VAT and expenses.

Short overview or focussed sessions

If you have a more specific training requirement, we would be happy to offer shorter sessions focusing on a specific aspect of the GDPR or providing a broad overview of the regulation. For example, a one hour board development session on the GDPR costs just £500 plus VAT and expenses. 

We would be happy to discuss your organisation’s particular training needs and to tailor a GDPR training package to you.

Venue

Unlike impersonal conferences, our training can be provided at a time and location convenient for you. We can come to you or we can host training at our offices in Liverpool, London or Manchester.

Advice

We can also help you ensure that your organisation has appropriate structures, policies and procedures in place to comply with the GDPR, for example, by auditing your organisation’s readiness for the GDPR, reviewing your existing or proposed policies and documentation or providing advice on any specific issues you might face. Please contact a member of our team to discuss your requirements.

Feedback

Previous feedback received from recipients of our information governance training include:

‘Better than expected. Very informative and engaging’

‘Great! Made a dull subject live’

‘Very knowledgeable and happy to discuss issues/questions freely’

‘Very engaging style and able to speak into real examples raised’

‘Very open, personable and knowledgeable’

Our GDPR training packages and GDPR advice is always delivered by a specialist information governance lawyer, within our health business group, who will be happy to answer any questions on the GDPR that your organisation might have.