With GDPR day less than a month away, Director of Course Development Nick Henderson continued to help organisations prepare for the new EU wide regulation. During the webinar, Nick guided listeners through the process of conducting a DPIA. He also answered questions on the topic of DPIAs and gave guidance on next steps to those who have already begun the process.
Read more: The VinciWorks GDPR training suite
The webinar covered:
- The seven steps of conducting a DPIA
- The suggested DPIA timeline
- What to do if you haven’t yet started conducting your DPIAs
- Who should be responsible for conducting and monitoring DPIAs
- Shared tips from attendees
Key findings
- 55% of attendees said they haven’t consulted externally on their DPIA while 27% said they have and 8% said they haven’t but they should have done
- Biometric and genetic data are now special categories of data under GDPR and are required to be included in a DPIA
- It is important to act on the recommendations of the DPIA and often are required to share findings with a third party, such as the Information Commissioner’s Office (ICO)
- Only 4% of attendees have conducted a DPIA on everything while 30% are planning to begin the process soon
Watch previous GDPR webinars on-demand
The webinar on DPIAs is part of a series of webinars VinciWorks will be hosting in the run-up to GDPR day on 25 May.
GDPR – privacy notices
Nick and Gary discussed what should be included in a privacy notice, the changes required under GDPR and conducted some insightful live polls.
GDPR Mythbusters
Should we be deleting our whole email marketing list? How much can you actually be fined for a GDPR offence? Will HR policies and practices be affected by GDPR? Nick Henderson explores some of the myths surrounding GDPR and helps organisations determine between helpful guidelines and scary myths.
GDPR – 10 steps to take before May
Nick and Gary discussed what organisations need to do to prepare for GDPR. During the webinar, live polls revealed that 49% of organisations are not yet sure what to do with their marketing lists ahead of GDPR day and that almost half of organisations have yet to carry out a Data Protection Impact Assessment.