Project Description

General Data Protection Regulation (GDPR) 


“We have an opportunity to set out a
new culture of data confidence in the UK”

The EU General Data Protection Regulation (GDPR) came in to force in the UK on May 25th, 2018. The scope of the changes under the new Regulation means that preparing for the GDPR will have been a high priority for the past 6 months. The workshop will explore the detail of the new GDPR regulation – it will look at what has been done within the practices, how they have done it, who is responsible – and will also assess what else they need to do or indeed what they can do differently. The second part of the programme will focus on the role of the DPO – the role and the responsibilities and how they manage GDPR compliance for the practice.

Practices will need to carry out audits of the patient data and employee personal data that is collected and processed to ensure that it meets GDPR conditions for patient and employee consent. New governance and record-keeping requirements mean that you will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests. There is a much greater emphasis on compliance following a widely-held belief that business up to now has not taken data privacy seriously enough. Possible penalties are considerably harsher and importantly now include small and medium businesses within the Public Sector. But, remember the new GDPR compliance requirements are not just about waving fines – they’re about realising that the data, upon which your business or practice is built, is managed in an appropriate, respectful, and lawful manner – and that the right levels of accountability and governance are applied by the practice.

There has never been a more important time to ensure that best practice is in place to secure patient and staff data, protect reputation and ensure compliance. A planned and structured approach is required to fully understand the necessary changes for both systems and user behaviour. And the role of the Data Protection Officer is pivotal to the GDPR compliance of the practice.

  • Duration: All day

  • Location: On-site/locally

  • This workshop can be delivered on its own or as a two-day programme.

Who should attend?

Don't miss opportunity to work with leading specialists in a series of full day workshops specifically focused on the ‘business’ aspects of General Practice.
  • General Practitioners

  • Practice Managers

  • Senior Practice Nurses

  • GP Administrator Managers


This workshop has been designed to be practical and easily digestible for those who will have responsibility for Data Protection and GDPR compliance within the practice. This workshop focuses on the post-implementation phase of the new EU General Data Protection Regulation. Throughout the day we will drill down into the steps you have taken so far, to assess what you have in place. This will help you to understand how compliant you are, where you might have gaps and how these can be plugged. The session will look at who is doing what within the practice and their roles and responsibilities. We will also explore your understanding of risk management, impact assessments, and how to achieve Data Protection by Design – all integral to GDPR compliance.

The programme will be facilitated by experts in both Information Governance and Primary Care. It will be interactive, detailed and practical providing clarity on all aspects of GDPR compliance.

Workshop Agenda

Below is an outline of the proposed agenda, if you have any questions please get in touch.

09.15 Registration & Coffee
09.30 Introduction and Welcome

Open Forum – your challenges and concerns

09.45 Overview of the programme & objectives

  • What is GDPR – what do we need to know?
  • DPO – who am I?
10.00 What is the Data Protection Officer (DPO) role?

  • Inform and advise the practice of GDPR obligations
  • Monitoring GDPR and Data Protection compliance
  • Monitoring the assignment of responsibilities
  • Awareness training and staff training
  • Data protection impact assessments (DPIAs)
  • Serve as the contact point for all data protection issues
  • Serve as the contact point for data subjects
10.30 BREAK
10.45 How compliant are we – what have we done so far…?

  • Understanding GDPR – what have we done? how have we done it?
  • The good the bad and the ugly
  • What else do we need to do?
11.15 Understanding the steps we have taken so far… what have we got in place?

  • Audit – Share and develop
  • Privacy Notices
  • Staff Awareness
  • Lawful Processing
  • Consent
  • Children
12.30 Appointing expert advisors, delegating duties

  • Data Controllers
  • Data Processors
  • Outsourcing the DPO role
  • The GDPR allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, outsourcing these tasks and duties can help you address the compliance demands.
13.00 LUNCH & Networking
Practical – Group Sessions

The workshop is very much a sharing and learning workshop – we would ask that delegates bring with them copies of their audit forms, DPIA’s and their SARs procedures so that these can be shared and critiqued and we learn from each other.

13.45 Data Protection Impact Assessments

  • Advise on the necessity of data protection impact assessments (DPIAs)
  • What is a DPIA
  • How do we conduct a DPIA?
  • How do we record, manage, and mitigate the data risks?
15.00 BREAK
Practical – Group Sessions cont. 
15.15 Achieve Data Protection by Design

  • Physical design
  • Systems design
    • An assessment of policy/procedures
    • Subject Access requests SARs
    • How to include/consider DP in all procedures
16.30 Summary of Key Considerations and Q&A
16.45 Close
View our workshops

The PMA delivers a range of Workshops

If you would like information about workshop dates or would like to develop a specific programme or host this workshop, please call 0330 111 6459 or email

View our workshops

Join Over 25,000 PMA members today and benefit from our services

As a PMA member, you will benefit from regular news and updates on key issues and regulatory changes that affect GP practices. You will gain access to exclusive training and events that ensure you maintain currency of knowledge and skills. You will have the opportunity to meet and network with your peers from around the UK.

Join PMA