13th February 2018 – GDPR and the role of the Data Protection Officer


Time: 9:30am to 12:30pm

Cost: £349 + VAT

Location: Cordium UK offices, 130 Jermyn Street, London SW1Y 4UR

Course Overview:

Data security and protection are now at the fore-front of the fight to prevent both fraud and regulatory censure for lax controls over customer data. Firms registered with the Information Commissioner’s Offices should of course currently be compliant with the UK Data Protection Act. However, firms should also be considering the impact of the new General Data Protection Regulation (GDPR) that comes into force on 25 May 2018.

Latest statistics indicate that UK business is facing an annual £98.6 billion fraud bill. Instances of white collar crime are on the rise, evidenced by the huge rise in cyber-crime and cyber-enabled fraud. Seven out of ten frauds involve some kind of technology. Prosecutions have trebled over the last three years, with a 200% increase in the number charged with “cyber” offences.

The law (Reg 24 of the MLR 2017) requires firms to ensure employees are trained on data protection as it relates to money laundering. Regulation 40 specifies in detail a Data Processor’s obligations under the 1998 Data Protection Act.

From the Regulatory perspective firms are expected to be able to demonstrate that they have complied with “Senior Management Arrangements, Systems and Controls”:

A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime.”

While there is currently no legal requirement to appoint a DPO, best practice is for firms to have an individual responsible for compliance with the UK Data Protection Act. In May 2018 this will change and the obligation on firms to appoint a DPO will become statutory requirement under the GDPR.

Course Objectives:

This course is aimed at ensuring current DPOs have a good understanding of their current responsibilities and are able to prepare for life under the GDPR.

 Key topics:

  1. The best practice role & responsibilities of the Data Protection Officer
  2. The Fraud Act 2006, the Regulatory approach & a joined-up approach to compliance & financial crime risks
  3. Cybercrime, types of attacks & building an effective defence
  4. What to do if you fall victim to a scam or cyber-attack
  5. The EU Data Protection Regulation 2016, in force from May 2018, its key features & required outcome for firms
  6. Towards an Action Plan

Course aimed at: Senior Management/Data Protection Officers/Compliance Officers/Internal Auditors/Fraud Prevention Officers/Risk Managers

If you would like to discuss your training requirements in more detail please contact Graham Dix on 020 7484 3987 or your usual Cordium consultant.