Presented by

Complying with the new General Data Protection Regulation

A one-day programme providing expert advice on the complex and confusing implications of the GDPR and the new Data Protection Act.

Find out more

  • Format: Bespoke training
  • CPD: 6 hours for your records (depending on your requirements)
  • Certificate of completion

What this programme is about

The EU General Data Protection Regulation (GDPR) is a major new piece of legislation which came into force across the EU on 25 May 2018. It provides a single data protection law for the whole EU. It is Brexit- neutral in that the government has said it will apply in the UK even after Brexit through the new Data Protection Act. The new stringent data protection requirements apply to all organisations in the EU (and it is even extra-territorial in that it also applies to many organisations entirely outside of the EU).

The GDPR implements a raft of new rights for individuals and how their personal data is processed – and processing includes every activity known to man: reading, storing, manipulating, transferring – even possessing.

Every business now uses personal data in some way, whether staff data, customer data, prospect data or supplier data. And there’s plenty more data too. The maximum penalties for getting it wrong have been increased to the greater of 4% of annual global group turnover of an organisation or 20 million Euros, depending on the severity of the breach. The definitions of ‘personal data’ sometimes even applies when that data appears to be anonymised. It is essential to know what the law requires – as it should now be part of ‘Business as Usual’ for every business worldwide.

Mark Weston is a leading expert on GDPR having carried out and supervised over 80 GDPR audits and provided advice to organisations of all types and all sizes. One key benefit of the course is the ability to ask Mark Weston about particular issues that may affect you and your business.

Benefits of this in-house programme

  • Learn about the GDPR and the new personal data regime
  • Understand how it affects your business – root and branch
  • Get-to-grips with the basics (and many of the nuances) of the new
    data protection law
  • Consider how it affects you and the business you work for
  • Get up-to-date with an in-depth knowledge of the law and practice of
    GDPR implementation
  • Understand the pitfalls – and how to avoid them
  • Clarify the roles of controllers, processors and sub-processors
  • Master the ins and outs of the rules on obtaining consent
  • Expand your knowledge of privacy by design
  • Appreciate how to best avoid breaches and fines that may result
  • Understand the risks that can be created through poor implementation
    or non-implementation of data structures mandated by the new regime
  • Understand how to effect change in your organisation so as to instil a
    correct data culture – which will manage your risk and exposure

Who is this programme for?

This programme has been specifically designed for those who deal with personal data in any way:

  • In-house lawyers
  • Private practice lawyers
  • Compliance officers
  • Company secretaries
  • Board members
  • HR professionals
  • Marketing professionals
  • Anyone who uses or possesses personal data

Programme at a glance...

  • Essential EU GDPR background, terminology and rights
  • The roles of and relationships between controllers and processors and sub-processors
  • Data subjects
  • Implementation of GDPR requirements
  • Enforcement and regulatory and compensatory aspects of the GDPR
  • Data breaches
  • International data transfers
  • The Data Protection Officer (DPO)
  • Demonstrating compliance

All sorts of scenarios are covered, including questions such as:

  • Can you keep business cards when they are handed to you?
  • What happens to that ‘private data’ you keep in Outlook notes field?
  • What controls do you need on the person who cleans out the bins?
  • Are you a processor or controller – or both? What if this is true for the same data that you use for different purposes?
  • How do you tell people you have their data and what you do with it?
  • What is the difference between a privacy notice and a privacy policy?
  • Do you have to comply with the GDPR if you are based outside the EU?
  • What if you process EU citizen data and non-EU citizen data (whether you are in or out of the EU)?

Mark Weston

Mark Weston is a Partner at Hill Dickinson LLP where he is Head of Information Technology, Intellectual Property and Commercial. His practice covers all areas of commercial law and he has a wealth of industry experience having worked in-house at Hewlett Packard. He regularly appears on BBC1 and Sky News as a legal commentator.

More details

We don't have any currently scheduled dates for this course but we can customise it to your requirements and deliver it on an in-house basis for any number of your staff or colleagues.

See below or contact us to discuss yor requirements.

Reviews of IPI's Complying with the new General Data Protection Regulation training course

A very good and informative course

Nov 6 2018

David Goodwin
Group Health and Safety Manager, Design and Management Contractors Ltd

Nov 6 2018

Excellent in building foundation in this area, Mark is a brilliant speaker and teacher.

Sunny Sandhu
Solicitor , Saint-Gobain

Mar 7 2018


James Jordan
Group Legal Director & Company Secretary, Taylor Wimpey UK Ltd

Mar 7 2018

The best course I have attended in a long time.

Matthew Joy
Group General Counsel, Low & Bonar PLC

Nov 6 2018

The content of the course was a good overview of the key provisions of the GDPR and this was delivered very well.

Kelly McAuslan
Legal Counsel, Financial Times

Nov 28 2017


Melanie Surfraz
Senior Compliance Officer, LHi Group Ltd

Nov 28 2017

A good overview of the coming regulations

Heinz-Uwe Karl
Contracts Officer, European Space Agency


  • Beggars Group Media Ltd
  • Beko Plc
  • Design and Management Contractors Ltd
  • Financial Times
  • Gazprom Marketing & Trading
  • Intertanko
  • Jisc
  • LHi Group Ltd
  • Low & Bonar PLC
  • Payment Systems Regulator
  • Saint-Gobain
  • Taylor Wimpey UK Ltd
  • Wavecrest (UK) Ltd


  • Nets A/S
  • Nets Denmark A/S


  • Debiopharm
  • Medicines for Malaria Venture

Czech Republic

  • Kooperativa pojistovna


  • Guernsey Financial Services Commission


  • European Space Agency


  • Banco de portugal

Multiple colleagues?
Talk to one of our training experts to discuss how to:

Run this course conveniently and cost-effectively in-house for your staff and colleagues

Aleksandra BEER
Training expert

+44 (0)20 7749 4749