Understanding the General Data Protection Regulation - GDPR

On May 25th 2018, the GDPR goes live. Make sure your business is ready.

GDPR for Charities and Small businesses




Half day

Course code:


The General Data Protection Regulation (known as the GDPR) comes into force on May 25th and will be the biggest shake-up of privacy rules in twenty years – but don’t panic!  This half day workshop is designed to give you everything a small business or charity needs to get prepared and demonstrate your commitment to data protection:

  • The new rules – explained in simple language – and why they’re so important
  • Practical advice on how to implement them and keep data secure
  • Sample templates, policy documents and guidance to take away that will get you started quickly
  • Pointers to further reading, official advice and guidance as it’s published by the EU and UK
  • Optional free e-mail updates to keep you aware of ongoing GDPR developments

Your GDPR Training covered

We promise to avoid unnecessary jargon as we take you through the princples and rules, helping you to understand the background to and importance of data protection.  There will be plenty of opportunities to ask questions and discuss real-life scenarios that will help you make sense of how the GDPR applies to your business.

  • The history of data protection
  • Where data protection goes wrong
  • Common GDPR myths busted
  • Personal data defined
  • The core principles of the GDPR and what they mean
  • Our rights under the GDPR
  • The legal bases and how to choose them
  • Special Categories of data
  • Children
  • Getting consent
  • Impact Assessments
  • How to make your business cyber-secure
  • Documentation
  • How to use your GDPR document pack
  • Questions and answers

What do I take away with me?

You will leave with a completion certificate demonstrating your commitment to the GDPR and full online access to a document pack which includes:

  • A PDF copy of the GDPR
  • Working Party 29 guidance notes
  • Data protection documentation template
  • Data Protection Impact Assessment template
  • Legitimate Interest Assessment template
  • Example Data Protection Policy
  • Example Website Privacy Policy
  • 2BUSY – making your business cyber-secure
  • Cyber security controls – advanced version

In addition, you can sign up for optional (free) e-mail updates.

What organisations are affected by the GDPR?

Any organisation that maintains data on clients, suppliers, patients, members, subscribers, employees or volunteers – that is any natural person – is affected by the new rules.  That includes businesses, charities, social enterprises, clubs and societies.

Don’t delay: the GDPR comes into force 25th May

Whilst there is a lot of hype in the press, the fact is that the GDPR will be law as of Friday 25th May 2018.  Any business suffering a data breach or reported by a data subject regarding their rights will be in very serious trouble if it is found that they have not made a demonstrable commitment to the GDPR.  This course is designed to bring you up to speed quickly, and give you what you need to get prepared, including all the the tools and pointers that will help you make the right decisions both now and into the future.

Frequently Asked Questions

Do I have to book through Eventbrite?

No, you can contact us at [email protected] with your name, company, billing address, PO number if applicable and a note of any access issues. We will issue you with an invoice to be paid in advance of your attendance.

What refreshments are served?

Tea, coffee and biscuits are served on arrival and during the interval.  There will be plenty of opportunity for comfort breaks during the session.

Is the venue accessible?

The venue is fully accessible with disabled toilets on the second floor. The building is serviced by a lift.  Please let us know in advance of any access requirements by e-mailing [email protected].

What is your refund policy?

Brandfire Ltd require a week’s notice of cancellation. We will attempt to transfer you to another course at no extra cost if spaces are available please contact us on [email protected].  If you cancel with less than one week’s notice, we do reserve the right to charge you for the full cost of the course.

Do I need to bring a printed ticket to the course?

There is no need to bring a ticket


There are no pre-requisites, although an understanding of how the Data Protection Act 1998 applies to your business would be useful.

Delegates will learn how to:

  1. Interpret the six principles of the GDPR
  2. Navigate the key differences with the Data Protection Act 1998
  3. Assess your own Data
  4. Establish a legal basis for processing data

You've probably seen the headlines quoting €20million fines - or up to 4% of global turnover.  The Information Commissioner's Office (ICO) has made it clear that any fines for data breaches will be proportionate - and ultimately reserved for the worst offenders.

Course outline

  • The six principles of the GDPR
  • Information you hold
  • Data Protection OFficers
  • Communicating privacy information
  • Legal basis for processing
  • Understanding data subject rights
  • Obtaining consent
  • Data protection by design
  • Exporting data to third parties and internationally

Your tutor

Your tutor is a 25 year veteran of cyber-security - having been on the front line: designing, building and running secure websites and applications to process business-critical and personally identifiable information (PII) for some of the most cyber-targeted organisations on the planet.

From the German and Japanese car industries, the global diamond industry, international and off-shore finance, through to the UK government - he has been pitched against everything from script kiddies to motivated and well-financed international gangs who have openly contacted clients to annouce that they will be disrupting their operations.

With experience throughout the supply chain, he has worked as both poacher and game-keeper - both setting and delivering against standards such as ISO27001. This has given him a unique insight into the strengths and weaknesses of every part of the value chain from the consuming enterprises, through cloud and managed services providers right down to the micro-businesses and sub-contractors that are often the real providers.

FREE course materials

Comprehensive course notes are available during the session for you to take away with you and share with your colleagues.

FREE course updates

Our course notes are regularly updated because the security landscape is changing every day.  If you sign up to our mailing list as a delegate, you get free access to all future updates by e-mail.

Public course

Course fees

All of our training is offered on a not for profit basis and all courses are delivered free of charge. A small contribution towards travel costs and subsistence is normaly requested.

This is a half-day public course designed to help SMEs implement the GDPR within their business

Discover Brand:fire

Get an independent view of your cyber security.

Download brochure or Contact Us