One-day GDPR conference in partnership with Russell-Cooke
The General Data Protection Regulation (GDPR) takes effect on 25 May 2018. Most charities and not-for-profit organisations realise they should be reviewing their data protection practices now, and taking steps to prepare, but it can be difficult to know where to start.
This one-day conference, organised by Directory of Social Change in partnership with Russell-Cooke , will feature a series of workshops focusing on key areas of the GDPR. The workshops will include practical exercises, tips and suggestions to help your organisation get ready for May 2018.
You will also have opportunities to ask a panel of data protection experts about the issues that are bothering you and to hear what other organisations are concerned about.
Who should sign up?
Staff and trustees of charities who have basic knowledge of the GDPR and delegates who have attended the DSC’s half day course GDPR: What you need to know.
What will I get out of it?
- Four practical, interactive workshops to kick-start your GDPR preparation
- An opportunity to share thoughts and experiences with other organisations and to reflect on practice within the sector
- A chance to ask the experts in Q&A panel sessions
What will the sessions cover?
Fundraising and direct marketing (Gary Shipsey, Managing Director, Protecture)
- What counts as direct marketing? Is consent always needed to send direct marketing material?
- What does GDPR-standard consent look like? How can you get GDPR-standard consent from your existing subscribers and supporters?
- What happens if you don’t get GDPR-standard consent before 25 May 2018 and how long does consent last?
- What are the rules for business-to-business marketing, and what if you receive someone’s contact details from a third party?
- Can you use publicly-available personal information (e.g. LinkedIn and Companies House) to research potential donors? Will fundraising research count as profiling under the GDPR?
- Will the ‘right to be forgotten’ mean you can no longer keep marketing suppression lists?
Privacy notices (Victoria Ehmann, Associate, Russell-Cooke)
- Do you need to have more than one privacy notice for different data subjects? Do you need a special privacy notice for children?
- What information needs to be included in your privacy notice? How much detail do you need to provide?
- What do you have to tell people if you receive their personal data from a third party? Do you have to name third parties with whom you share personal data?
- What information do you need to tell people about their individual rights, such as the right to access their information?
- How can we write privacy policies that contain all of the required information and is also concise, easy to understand and written in plain language?
- Who needs to see a copy of your privacy notice and when do you need to give it to them?
- How should you present your privacy notice? Is a link on your website homepage sufficient? What about when we are speaking to people face-to-face or over the phone?
- When you update your privacy notice, do you need to contact everyone to let them know?
Record keeping and security (Ian Singer, IT Assurance Partner, PKF Littlejohn)
- What are the lawful bases for processing personal data? Is consent the best one and when can you use legitimate interests?
- What are legitimate interests assessments and how do you do one?
- What does the GDPR mean when it says that processing needs to be “necessary”?
- What’s different about processing special categories of personal data and data about criminal convictions or offences?
- When do you need to decide your lawful basis? Can it change at a later date?
- What should you do if someone withdraws their consent to processing their personal data? What about if someone objects to processing on legitimate interest grounds?
Accountability and governance (Carla Whalen, Associate, Russell-Cooke)
- What information do you need to keep about the personal data you collect and hold? How can you organise your records?
- Do you need to appoint a data protection officer? Who can be a data protection officer and what do they do?
- What does data protection ‘by design and default’ mean and what measures should you consider putting in place to meet your obligations?
- When do you need to carry out a data protection impact assessment and how do you do it?
- Do you need to review or negotiate written contracts with third party data processors? What information must the contract contain and what does it mean?
- When do you need to report a data breach to the Information Commissioner and how do you do it?
Each session will be a 90-minute workshop led by an expert consisting of the following:
- 45-minute exercise
- 15-minute review of exercise
- 15-minute break – these will all occur at the same time across all sessions.
- 15-minute Q&A
|8.15 am – 9.00 am||Registration|
|9.00 am – 9.45 am||Welcome Q+A Panel|
|10.00 am – 11.30 am||Session choice 1|
|11.30 am – 13.00 pm||Session choice 2|
|13.00 pm – 13.45 pm||Lunch|
|13.45 pm – 15:15 pm||Session choice 3|
|15:15 pm – 16:45 pm||Session choice 4|
|16:45 pm – 17:15 pm||Closing and final Q&A panel|
*Lunch is included with your booking. If you have any dietary requirements or any other requirements that we need to know about, please fill in the ‘special requirements’ box when booking your place.
In Partnership with
By placing this order you agree to DSC's terms and conditions:
Terms and conditions