25th June 2019 10:00
25th June 2019 16:00
SCVO Member £100, Third sector non-member £150, Private/public £200
One brand new course, two subjects. This specially developed course is designed to look at how third sector
organisations should handle and deal with Subject Access Requests (SAR) and how to carry out Direct
Marketing under the General Data Protection Regulations (GDPR). It will demonstrate how they should be
interpreted using the GDPR and the Data Protection Act 2018 (DPA), and Privacy and Electronic
Communications Regulations (PECR).
Participants will leave the course feeling more aware and knowledgeable of Data Subject Access
Requests. You'll feel more comfortable with your SAR plans and be able to identify what time and
resources may need to be set aside for these instances. You’ll leave feeling empowered and more
knowledgeable regarding your marketing activities, and feel more comfortable with your direct marketing
plans, especially in respect to volunteers who fundraise etc. on your behalf.
Overall course aim
The overall aim of the course is
for you to get an understanding of Data Subject Access Rights, Subject Access Requests, what you can, and
can’t, do with a request and, crucially, whether there are any exemptions you can use to minimise disruption
to your organisation. You’ll also get an understanding of what you can, and can’t, do with direct marketing
and the way in which the three pieces of legislation ‘dovetail’ together to make this necessary function,
sometimes, difficult to manage.
protection and the GDPR raises many questions for third sector organisations. What is your organisation
to do when it receives a Data Subject Access Request? Which of your client-users, customers, staff
member or ex-staff member can submit at SAR? What is your organisation supposed to do with
marketing? How can it market? To whom can they market? How can it fundraise? What will happen if they
fall foul of the legislation?
answer these questions and many more, you’ll concentrate on:
brief overview and reminder of GDPR and DPA 2018
Data Subject Rights
Subject Access Requests
timescales and (possible) exemptions
penalties for getting it wrong
• the PECR
• the legal bases for
• consent and ‘opt-in’ and
Who is the course aimed at?
course is designed for anyone who might receive Data Subject Access Requests (from a user, client, customer,
staff member or ex-staff member) and/orundertakes direct marketing and who may use ‘volunteers’
in support of their organisational objectives.
are no formal entry requirements.