Workshop 2 – Expanded Detail

Workshop 2
Expanded Detail

Assessing the Assessments

Auditing your application of the GDPR rules

• Legitimately using Legitimate Interest Assessments: Of the 6 lawful grounds for processing under the GDPR, Legitimate Interests is a most useful ground. We will discuss the best ways to rely on legitimate interests.

 

• Effective use of Data Protection Impact Assessments: The GDPR mandates the use of DPIA’s in certain circumstances, but even so DPIA are a good risk management tool. Using case studies, we will explore the effective use of DPIA

• Ensuring Privacy by Default & Design: PbD is a mandatory requirement of the GDPR and demonstrates that the business puts privacy first. Using examples we will examine how and when to assess Privacy by Default & Design

 

• Data Transfer Risk Assessments: Following the Schrems II decision in the European Court of Justice and guidance from the European Data Protection Board, Data Transfer Risk Assessments need to be made when sharing and transferring personal data with Controller, Processors and sub-Processors, particularly to countries that are not deemed “adequate”. We will review how to carry out these assessments

 

• Online Safety Risk Assessments: The UK Online Safety Act and the EU Digital Services and the Digital Markets Act require appropriate risk assessments. We will take a look at what this means for organisations that are caught by these new laws.

 

Assessing the Assessments

Auditing your application of the GDPR rules

• Legitimately using Legitimate Interest Assessments: Of the 6 lawful grounds for processing under the GDPR, Legitimate Interests is a most useful ground. We will discuss the best ways to rely on legitimate interests.

 

• Effective use of Data Protection Impact Assessments: The GDPR mandates the use of DPIA’s in certain circumstances, but even so DPIA are a good risk management tool. Using case studies, we will explore the effective use of DPIA

 

• Ensuring Privacy by Default & Design: PbD is a mandatory requirement of the GDPR and demonstrates that the business puts privacy first. Using examples we will examine how and when to assess Privacy by Default & Design

• Data Transfer Risk Assessments: Following the Schrems II decision in the European Court of Justice and guidance from the European Data Protection Board, Data Transfer Risk Assessments need to be made when sharing and transferring personal data with Controller, Processors and sub-Processors, particularly to countries that are not deemed “adequate”. We will review how to carry out these assessments

 

• Online Safety Risk Assessments: The UK Online Safety Act and the EU Digital Services and the Digital Markets Act require appropriate risk assessments. We will take a look at what this means for organisations that are caught by these new laws.