This is a practical workshop for people that are wrestling with how to manage RoPA creation and maintenance, and not for beginners – the assumption is that you are very familiar with data protection.
By taking part in this training, you will learn how to complete your organisation's Record of Processing Activities in accordance with Article 30 of the UK GDPR.
The content of the course will be driven by your organisation's needs, however the below should give you some indication of the topics that can be covered by our expert trainers:
- Does it matter?
- Does the ICO care?
- Potential changes to the law
- What use it is in the real world
- What do you need the RoPA to do for you – do you also need an IAR?
- How to sell it internally to your SIRO, Caldicott Guardian, DP Risk Committee, Senior Leadership, IAOs, Information Champions and Information Asset Administrators (the list of people can be endless)
- Job descriptions and roles – what do these people do?
- How do you explain an information asset – is it a process or a container of data?
- Working out what to record
- How does these integrate with other documents such as IARs, incident logs and risk registers
- Tailoring the method to your organisation and buy in
- A you-do-it-all method
- Questionnaire method
- Champions method
- Hybrid methods
- Where and how do you record this?
- Excel (building your own, templates, etc)
- Other programmes – are they worth it and do they work?
- Connecting information assets where there is a data flow
- How often and how should you update the RoPA?
- How long should it all take and how many people?