GDPR Compliance in Investigative Services - Elstree
General Data Protection Regulation
It's all about ACCOUNTABILITY.
“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham (April 2019).
Articles 25(1) and 25(2) of the GDPR outline your obligations concerning ‘data protection by design and by default’. This requirement ensures that the six data protection principles are implemented, and that individuals’ rights are always safeguarded. Applying appropriate technical and organisational measures to any processes within your organisation that involve personal data will help achieve this.
The six data protection principles cover:
Fairness and transparency
Data accuracy and storage limitation
Integrity and confidentiality.
Data protection by default is simple when these six principles are embedded in every one of your organisation’s processes. Data protection by default means that the individual’s rights are safeguarded from the very beginning of a process, before any additional measures are implemented.
Data Controller or Data Processor?
The data controller determines the purpose of the processing of personal data, in what way it should be done and that data is processed in accordance with the requirements of the GDPR.
A data processor processes personal information on behalf of the data controller. The data processor has independent responsibility for having satisfactory information security to protect the personal data. The data processor may only process personal data in accordance with what has been agreed with the data controller.
If you process any personal data, then you need to understand the implications of GDPR.
This might mean that you have a website, promote yourself through email marketing or that you employ staff. The very business activity of a professional investigator inevitably involves processing personal data.
No matter what size your company is, you need to comply with this regulation.
There is no shortage of advice on GDPR some of it good, some not so good and some very confusing.
GDPR will introduce new contractual and legislative responsibilities on ABI members when receiving clients’ instructions as Data Processor or even as joint Data Controller and stringent requirements apply when working inter-agency.
This ABI GDPR dedicated Workshop will cover the essential documentation and thought process necessary to remain compliant.
This 5-hour workshop [with 1-hour break] offers a small group of Members the opportunity to learn how to apply the new regulation with practical demonstration on delegates' own live cases, tackling the data protection impact assessment process and how to compose a GDPR compliant Proposal, whilst meeting the client's expectations.
The Workshop will discuss:
- Data Controller or Data Processor?
- The ABI Members' suggested Data Protection Policy
- Member's Data Audit
- Members' Personal Data Audit Trail (Case Management)
- Data Protection Impact Assessment with talk through application on delegates' own live case
- The case Proposal with development of sample Proposals based on delegates' own live case
- Model Terms of Business (Member and Client) update and how to apply
- Model Terms of Business (Member to Member) and how to apply
- Security of Data in transit (encryption -v- password protected)