Why choose our course?
Are you still confused about GDPR? If you don't know where to start or want to quickly identify what you need to do to make your organisation GDPR compliant, you are in the right place.
Our experts have advised top tech companies such as Amazon and top pharmaceutical companies such as Novartis. We are also specialised in life sciences and worked extensively with innovative healthcare companies and startups on how to manage their sensitive data.
This course has been expertly designed and is led by a team of lawyers from the No 1 European law firm in data protection as well as international strategic consultants.
We believe in a privacy by design approach that puts customers first. We help companies build meaningful, culturally-sensitive and customer-centric brands.
Who is this course for?
Our seminar is catered to startup founders, CTOs, marketing officers or any one responsible for legal governance who wants to understand how to efficiently implement GDPR-compliant technical and organisational measures.
No prior knowledge or skills are required.
Why take action now?
GDPR was introduced in 2018 and affects most businesses dealing with personal data.
Your organisation does not have to be in Europe to fall under the scope of GDPR.
Individuals are increasingly concerned about data privacy and how businesses are using their data.
Taking action now will increase trust with your customers.
"My own point of view on GDPR is it's a fantastic start on really treating privacy as a human right"
Satya Nadella, CEO Microsoft
Authorities are increasing GDPR enforcement not only against large corporations but also against startups.
Total Number of GDPR Fines
Total Amount of GDPR Fines
Largest Fine to Date to Google in France
Average fine can be the size of first seed round!
Most startups do not know whether they are violating applicable laws.
Startups are still either:
Complacent - overconfident about their GDPR compliance and taking insufficient actions and/or relying on the wrong interpretation of GDPR.
Daredevils - willing to take the legal and financial risks by postponing or overlooking GDPR compliance altogether.
Overwhelmed - unfoundedly concerned and consequently willing to abandon products and/or services due to the potential risk of non-compliance.
Things to take into account when considering GDPR compliance:
Complying with GDPR may be an important marketing tool and may be a competitive advantage that can help increase your bottom line. Recent evidence shows that GDPR sparked a “buy European” effect as companies and consumers seem to be increasingly wary of buying products and services from providers that may fall foul of data protection law.
The risk is not worth the fine. GDPR fines are getting larger and more frequent. There is a real risk of being fined. The fines can go up to EUR 20 million or to 4 percent of the total worldwide annual sales of the previous financial year, whichever is higher. An average fine is now more than $500,000, making a GDPR fine equivalent to a whole seed round! See examples of fines below.
The supervisory authorities consistently investigate violations. Not only big organisations are getting audited and fined, startups and smaller entities have been fined more often than larger corporations. Startups get fined mostly for having insufficient legal basis for data processing and insufficient technical and organisational measures to ensure information security.
Many violations may lead to claims against companies and individuals for negligence and/or wrongful acts. Founders may also be personally liable.
Complaints from individuals about the security of their data is rising. The UK has the highest number of complaints in Europe, exceeding 41,000. Public awareness about the data protection rights is increasing. Failure to comply or misusing personal data may result in significant reputational damage and provoke consumer-led lawsuits.
What will you learn?
This course is specifically designed so you can take action as soon as possible. We have structured the course to give you the tools and information needed to identify priority actions and next steps required to ensure, maintain and/or improve compliance with GDPR.
Topics covered in this course:
Privacy by design – why does it matter? how to educate your teams? how to take an organisation-wide approach?
GDPR at a glance - what are the main concepts and principles of data protection?
Compliance - how to demonstrate compliance? what are privacy compliance frameworks? how to perform a gap analysis? when to use Data Protection Impact Assessments?
Extraterritorial scope - where does it apply and who does it cover?
Gateways for Processing - what is lawful processing? when and how to anonymise personal data?
Records of processing activities - what records do you need to keep, when and how?
Privacy Notices and Consent - what are they? when and how to use them?
Direct Marketing - when and how to use consent? what are the different opt-ins and opt-outs methods? what are the best practices?
Contracts - which contracts need to be reviewed/revised? what specific clauses do you need to pay attention to?
Data Subject Rights - what are they? how to deal with specific requests?
Data Breaches - what are the risks? how to prevent fines? how to deal with breaches? when to report to the authorities?
International transfers - what are the best practices? what are the current legal frameworks?
Strategy & Management - how to balance risk, how to best implement technical, organisational and regulatory obligations
Cookie policies - what are the main rules that apply to online tracking techniques?
Security - what are the best practices for keeping data from third parties?
What is included?
Live & interactive online class sessions.
Guidance from privacy experts.
Hands-on exercises including guided questionnaires and case studies.
Recordings and transcripts to revisit the material.
Bonus resources and templates.
Access to a startup network to connect and share GDPR insights.
20% Discount on personalised consultations.
Examples of obligations you probably did not know existed
In the UK organisations that determine the purpose for which personal data is processed (controllers) must pay a data protection fee unless they are exempt.
If you collect personal data such as emails and names through a survey/questionnaire, you have to record the legal basis for doing so and provide certain rights to the data subjects.
Collecting sensitive data (such as personal health data) implies more stringent requirements including recording a lawful basis under Article 6 of the GDPR and another under Article 9 of GDPR.
Five trends for GDPR in 2020
1. Europe's data protection authorities are expected to increase GDPR enforcement.
2. Ad-tech issues (cookies and other trackers) will be at the heart of the discussion.
3. Data protection authorities will prioritise the protection of children’s data.
4. Data subject rights will be further strengthened.
5. Private actions (civil claims) are expected to rise.