PDP header graphic

Issue: 27.05.2020
 
News 

EasyJet to be sued over customer data breach
A law firm (PGMBM) has issued a group action claim in the UK High Court on behalf of nine million easyJet customers whose details were exposed in a data breach. Since easyJet formally disclosed the breach on 19th May 2020, it has emerged that its systems were hacked in January, meaning it has waited four months to inform its customers that they may be at increased risk of being targeted by criminals. Types of data exposed apparently included names, email addresses, departure dates and arrival dates, potentially exposing customers to security risks. Despite the airline's delay in informing its customers, the ICO - which is currently investigating the breach - was informed of the incident within the relevant legal timeframe. In addition, more than 2,000 customers had their credit card data exposed. The group action, potentially worth £18bn, could see each affected customer receive a £2,000 pay-out if successful.

Regulator bungled Facebook privacy probe, Austrian activist says
The Data Protection Commission in Ireland took "highly disturbing" actions in the course of an investigation into possible legal breaches by Facebook, and has generally fallen short enforcing Europe's privacy rules, Austrian activist Max Schrems has argued in an Open Letter. The letter, which was sent to the European Commission and Parliament as well as several Supervisory Authorities, accused the DPC of improperly providing legal advice to Facebook on how to avoid penalties before Europe's new privacy rules came online, as well as being insufficiently transparent with other regulators. Appealing to other Supervisory Authorities, Schrems said they should invoke emergency powers in the GDPR to circumvent the lead authority.

GDPR enforcement held back by lack of resources, report says
Enforcement of EU data privacy rules is being stifled by a lack of resources across national authorities, according to a new study published on the second anniversary of the GDPR. The report, published by the advocacy group Access Now, finds that due to a significant disparity in the funding of national Supervisory Authorities, larger firms could try and use their economic wherewithal to potentially circumvent privacy provisions laid out in the GDPR. The European Parliament's Chair for the Civil Liberties Committee, MEP Juan Fernando López Aguilar, has called for infringement proceedings to be enacted against Member States who consistently fail to resource their SAs. A review of the GDPR is due to be presented by the European Commission on 3rd June.

EDPB Releases 2019 Annual Report
The European Data Protection Board has released its Annual Report for 2019, providing details of its work during the year. The EDPB adopted five new guidelines and 16 Consistency Opinions in 2019. The Report signals the EDPB's key objectives for 2020, including its intention to provide guidance on controllers and processors, data subject rights and the concept of the legitimate interest legal basis for processing. The EDPB also intends to publish guidance on the implications for data protection in fighting COVID-19, and set out its intention to "intensify its work in the context of advanced technologies, such as connected vehicles, blockchain, artificial intelligence, and digital assistants."

New guidance on AI issued in UK
The ICO and the Alan Turing Institute have released new guidance to help organisations explain the processes, services and decisions delivered or assisted by AI, to the individuals affected by them. The three part guidance gives the basics of explaining AI, deals with AI in practice and addresses what AI means for organisations. The guidance was issued in response to the commitment in the UK government's AI Sector Deal (it is not a Statutory Code of Practice under the DPA 2018).

Swiss game developer settles FTC allegations
The US Federal Trade Commission has reached an agreement with Swiss digital game developer Miniclip SA to settle allegations that the company misled consumers about its membership in a COPPA safe harbor programme. In 2009, Miniclip joined the FTC-approved Children's Advertising Review Unit (CARU) safe harbor programme and remained a member until 2015, when CARU terminated Miniclip's participation. According to the FTC's complaint, Miniclip continued to claim on its website and on its Facebook Games Privacy Policy page that it was a member of the CARU as late as 2019. Under the proposed settlement, Miniclip is prohibited from misrepresenting its membership in or compliance with any privacy or security program sponsored by a government or self-regulatory organisation. In addition, Miniclip is subject to compliance and recordkeeping requirements.

Role of the Data Protection Officer - eLearning
PDP is delighted to announce that the training course Role of the Data Protection Officer is now available to study from home by way of eLearning. All PDP's eLearning courses feature video presentations, written materials and self-assessment questions. A full list of available eLearning training courses can be viewed here.
PDP Journals logo
 
 
Receive further Expert guidance and in-depth articles on data protection direct to your mailbox or home address...  
 
Privacy & Data Protection journal
Privacy & Data Protection Journal 
 
 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal

 
 




 
19th Annual Data Protection Compliance Conference
  
Social distancing measures will be implemented at this Event should government guidance still be in place
   
8th & 9th October 2020 - London, UK
 
London's leading two-day Data Protection Conference
  
This year, the conference is dedicated to examining the developments in data protection; the continued practical implications for organisations of complying with the GDPR, as well as what could be next for organisations post-Brexit.

 
 
Bridget Treacy
Conference Chair: 
 
Bridget Treacy 
Partner
Hunton Andrews Kurth  


 
 
** Day 2 Workshops Topics have been released ** 
 
Full details of each workshop can now be viewed online.  
 
 
 

 
* Workshop Highlight * 

Bridget Treacy Workshop A.  Accountability and Data Protection: What Does the GDPR Require?


Many organisations are grappling with how best to implement the GDPR's accountability requirement. This Workshop provides a practical approach to ensuring data protection accountability in your organisation. Delegates will:
  • learn what accountability is and how other organisations are implementing it
  • discover the practical benefits of formal accountability mechanisms
  • explore the ICO's proposed 'accountability toolkit' and how it will be used


For more information and to book your place:
  1. Visit PDP Conferences 
  2. Send us an Email 
  3. Telephone +44 (0)207 014 3399


 
PDP Training logo

    
 
Classroom and eLearning Training Courses
 
Dedicated eLearning platform
 
A range of training courses can now be undertaken from home on a self-study basis.  
 
Through the use of PDP's dedicated eLearning platform, a range of our leading Training courses can be undertaken remotely at a pace to suit you.  
 
Utilising videos, supplementary documentation and self-assessment questions, our Expert Trainers bring their highly practical knowledge and expertise to each of their eLearning courses.
 
eLearning-graphic
 
 
Find out more about our Online Courses here > 
 
 
Classroom-based sessions 
 
Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance.  
 
Classroom-based Training Courses run throughout the year in cities around the United Kingdom.
 
 
Here is a selection of courses, which are available in both eLearning & Classroom bases
   

Handling Subject Access Requests


Dealing effectively with Subject Access Requests ('SARs') remains a management challenge for many organisations. Requests can come from customers, employees, complainants, and others. The quantities of information typically held on individuals are increasing to vast proportions, sometimes as an unintended consequence of technological advances.


This course can
be undertaken on a trainer-led Classroom basis, or via an online self-study eLearning platform
 
This practical training session, which includes instruction on the provisions of the General Data Protection Regulation and the implications of Brexit, looks in detail at the right of individuals to gain access to their data, as well as the exemptions that organisations can use to withhold information. It gives delegates the information they need to set up an effective SAR handling process in their organisation, and looks at how to avoid the common pitfalls that arise.   

Participants in this session work through a number of practical scenarios and will leave the session knowing how to respond to access requests as well as how to set up an effective SAR handling process in their organisation.

The next trainer-led sessions are taking place on the following dates (further dates outlined online):
  • Belfast     Thursday, 17th September 2020
  • London    Thursday, 24th September 2020
  • Bristol      Thursday, 1st October 2020
For further information, or to book your Classroom or eLearning place:
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 



This course is an introductory level course for all those that are new to data protection, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.

This invaluable and practical training session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the likely implications of Brexit (during the UK's transition period and beyond), examines core concepts of practical data protection compliance.

This course can
be undertaken on a
trainer-led Classroom
basis, or via an online
self-study eLearning
platform
Attendance at the Classroom version of this course can be used as a credit towards gaining the Practitioner Certificate in Data Protection.

The next Classroom sessions are taking place on the following dates (further dates outlined online):
  • Belfast       Monday, 14th September 2020
  • London      Monday, 21st September 2020
  • Bristol        Monday, 28th September 2020 
     
For further information, or to book your Classroom or eLearning place:
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
     

The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.
This course can
be undertaken on a
trainer-led Classroom
basis, or via an online
self-study eLearning
platform
This session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the implications of Brexit, provides a thorough grounding in the following important aspects of data protection practice:
  • transferring data to third parties - the legal requirements for transferring data between organisations
  • data retention - the restrictions on keeping data, and how to establish a retention schedule
  • the main exemptions, including 'crime and tax' and 'disclosures required by law'
  • the role and powers of the data protection regulator, including the circumstances where fines can be imposed
  • an introduction to when it will be necessary to carry out a Data Protection Impact Assessmen
Attendance at the Classroom version of this course can be used as a credit towards gaining the  Practitioner Certificate in Data Protection

The next trainer-led sessions are taking place on the following dates (further dates outlined online):
  • Belfast        Tuesday, 15th September 2020
  • London        Tuesday, 22nd September 2020
  • Bristol          Tuesday, 29th September 2020
     
For further information, or to book your Classroom or eLearning place,
  1. visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
 


The day-to-day work of the DPO is critical to the smooth running of organisations and to establishing and maintaining effective and productive relationships with the organisation's customers, staff members and other relevant individuals. DPOs play a central role in ensuring that the organisation meets its data protection responsibilities and in avoiding unwanted attention from regulators.

This course analyses the role and duties of the DPO in a practical context and provides delegates with the information that they need to become more effective and efficient.

This course can
be undertaken on a
trainer-led Classroom
basis, or via an online
self-study eLearning
platform
Topics include:
  • mandatory and non-mandatory duties
  • relationship between the DPO and senior management
  • the organisation's obligation to involve the DPO in key decisions
  • the organisation's responsibilities to provide appropriate facilities and resources to DPOs
  • the requirement for DPOs to be "independent"
  • handling conflicts of interest
  • understanding data flows and gap analyses
  • key skills, including leadership and conflict resolution
  • the need for confidentiality
  • accessibility of the DPO
  • the requirement to keep records
  • communicating with data protection regulators
It is recommended that delegates attending this course have some existing knowledge of data protection. Those with no existing knowledge should attend Data Protection Essential Knowledge - Level 1 before attending this course.

The next trainer-led sessions are taking place on the following dates (further dates outlined online):
  • Dublin        Friday, 2nd October 2020
  • London     Tuesday, 15th December 2020
For further information, or to book your Classroom or eLearning place,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
     

eLearning courses

   
This online 'self-study' course analyses the role and duties of the DPO in a practical context and provides delegates with the information that they need to become more effective and efficient.
 
Classroom version of this course is also available.
 
 
 


 
 Distance Learning Programme    
 

"I found the Distance Learning option suited my learning style and particularly liked the ability to work at my own speed."
Nicola Young
Complaints and Information Disclosure Officer
University of Portsmouth
 
   
 

 
Social distancing measures will be implemented at this Event should government guidance still be in place
   
8th & 9th October 2020 - London    
 
PDP Conferences  
This year, the conference is dedicated to examining the developments in data protection; the continued practical implications for organisations of complying with the GDPR, as well as what could be next for organisations (in a post-COVID/Brexit era).  
 
 
 

eLearning - Practitioner Certificate in Data Protection

   
A range of PDP's leading training courses can be undertaken on an eLearning basis, including:
 
Data Protection Essential Knowledge Level 1 & 2  
 
Data Security 
 
Handling Subject Access requests
 
Role of the Data Protection Officer
 
A dedicated Online Learning Platform aids learning utilising videos, supplementary documentation and self-assessment questions
 
 
 
 
 
 
Available in eSubscription  
 
Latest edition of Privacy & Data Protection Journal 
 
The latest edition includes the following articles: 

Expert comment - Bridget Treacy, Hunton Andrews Kurth

Understanding the ICO's Age Appropriate Design Code - Emma Erskine-Fox, TLT LLP

A guide to data processing during a pandemic - Olivia Whitcroft, OBEP

Data protection and adtech in Europe: where next? - Julia Kaufmann & Joanna de Fonseka, Baker & McKenzie 
    
The Supreme Court's judgment in Morrisons - a comment - Ashley Roughton
 


 
PDP 2020 Training Catalogue  
 
Download our latest  
Training Catalogue for a comprehensive overview of 2020 training courses and qualifications for those working in Data Protection and Information Management
 
 
 
 
 
 
20th - 23rd October 2020 (early booking recommended)  
 
PC.dp Residential Programme

The residential option on the
Practitioner Certificate in Data Protection Programme (GDPR) provides candidates with the opportunity to study the Programme intensively on four consecutive days (rather than five for the Standard Programme)

Taking place in a well-equipped countryside hotel in Southern England, the Residential offers a comfortable and peaceful location for study (and is inclusive of all food, drink and accommodation). 
 
(Also available on an  
 
 


Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitments

More information >  


"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."   Caroline Chalk
Head External Information Services
Civil Aviation Authority


"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role."
Brendan Byrne
Senior Managing Consultant Security & Privacy
IBM


"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely."
Kim Bellis
Records Service Manager
Royal Cornwall Hospitals NHS Trust


"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance."
Alan White
Data Protection Manager
Pitney Bowes


"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law."
Bleneta Carr
Investigator
Pearson Education


"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation."
Joanne Maurizi
Assistant Manager
mutualone


"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions

PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom

THIS IS A TEST EMAIL ONLY.
This email was sent by the author for the sole purpose of testing a draft message. If you believe you have received the message in error, please contact the author by replying to this message. Constant Contact takes reports of abuse very seriously. If you wish to report abuse, please forward this message to abuse@constantcontact.com.