The Data Protection Act 1998 (DPA) places a requirement on all organisations; large or small, public or private, to process personal data or sensitive personal data in a manner that complies with the eight Data Protection Principles enshrined in the Act. The Information Commissioner (ICO); the office charged with managing the Act's outworking and with policing the practices, procedures and compliance standards of those responsible for the processing of personal or sensitive personal on a day-to-day basis, has exercised their rights to fine or place enforceable practice notices on those who breach these Principles.
The highest fine that can be laid down is £500,000; the highest fine that has been levied is £375,000 for process failures. In these days of financial austerity no organisation can withstand a fine of that magnitude, even the more usual fine of £30,000 would cause serious harm to an organisation's viability.
Many in the data industry today would point the finger of blame at failings in organisational data governance, or the failure of Directors and Management to consider a data breach as a 'business critical' risk. For more detailed information on current action by the ICO go to www.ico.org.uk/enforcement/fines, there you will see a list of fines and enforcements imposed upon private businesses, Councils, and Government Bodies who have been heavily penalised for poor DPA practice or a failure to police their organisation's DPA Policy or procedures effectively. The very existence of this list should cause Directors, Managers and Data Specialists alike to seek guidance and professional assistance.
What you will learn
This one day DPA programme has been specifically designed to allow participants to:
Understand their requirements under the DPA;
Be able to assess their current compliance standards against best DPA processing practice, policies, procedures and protocols;
Develop effective auditable DPA processing practices that include:
a. Subject Access Request handling;
b. Third Party Request handling;
c. Information sharing agreements;
d. Compliant review and complaint handling procedures; and,
e. Higher Level review and decision-making.
Understand the need to align DPA Policies and processes with supporting Data Retention and Disposal, Records
Management, Information Security, Communications, Remote Working, and IT Policies
CCTV and the DPA and the Regulation of Investigatory Powers Act.