New GDPR Health Check Service Launched!

stethoscope, computer, keyboard, data, chart.jpg

 

Act Now is pleased to announce the launch of its GDPR health check service.

GDPR represents the biggest change to the European data protection regime in 20 years. It will take effect on 25th May 2018 and the Information Commissioner’s Office (ICO) has already confirmed that there will be no grace period after that date.

Now is the time to get your GDPR house in order.  There are many practical steps that can be taken quite easily. Some sectors are getting there; recent report by the ICO shows that local government is trying its best but there is more to do.

For those who have started (and may be stalled) or need a customised GDPR action plan, our experts are at hand. Our GDPR health check service will provide your organisation with:

  • A preliminary assessment of your current level of preparedness for GDPR;
  • A prioritised and specific compliance action plan;
  • Pointers to guidance, models and good practice resources relevant to your needs.

If required, we can also discuss how Act Now can assist you with implementation, through our acclaimed training offers or expert consultancy support.

Act Now has a proven track record in this area. We have undertaken many data protection consultancy projects in the last few years. In 2016 we won a contract to deliver consultancy services to a major organisation in the regulatory sector.

Our reputation is international. In 2015 Ibrahim Hasan and Paul Gibbons delivered data protection audit training to the Government of Brunei and our forthcoming GDPR Practitioner Certificate course in London has delegates from Spain and the USA!

Feel free to get in touch to discuss your requirements.

Posted in Audits, Consultancy, Data Protection, GDPR | Leave a comment

GDPR Guidance finalised and more published

Stack of Files and Papers

Unless you live on the planet Zog, you will be aware that the General Data Protection Regulation (GDPR) will come into force on 25th May 2018. Neither Brexit nor the recently announced General Election will have an impact on this date; GDPR is here to stay. There has been a flurry of activity from the Information Commissioner’s Office (ICO) and the Article 29 Working Party (A29WP) on the GDPR front of late.

Consent

Consent under GDPR is a thorny issue. Compare the old and the new definitions below:

Using opt out boxes and inaction as proof of individuals’ consent to processing will no longer be allowed (if indeed they ever were!). Last month the ICO launched its GDPR consent consultation. The deadline for responses has now passed but the document is still worth reading to understand how the landscape is changing.

Profiling

GDPR introduces stricter provisions to protect individuals from a type of data processing known as “profiling”. This is defined in Article 4:

“Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”

The GDPR gives individuals a right to know profiling is taking place and in some cases allows them to object to it or require human intervention.

The ICO’s discussion paper on this topic highlights the key areas it feels need further consideration. This includes subjects like marketing, the right to object and data minimisation. The deadline for feedback is 28th April 2017. The A29WP guidelines on profiling are due to be published later this year and any feedback the ICO receives will inform that work.

Data Portability

Article 20 of GDPR gives individuals the right to receive their personal data, which they have provided to a Data Controller, in a structured, commonly used and machine-readable format, and to transmit it to another Data Controller. This is known as the right to data portability.

In December 2016, the A29WP published draft guidance on this right and a useful FAQ. The final version was published on 5th April 2017. The key themes are the same but the latest version does clarify a few points and gives better examples. Here are the two documents compared.

Data Protection Officer

Section 4 of GDPR introduces a statutory position of Data Protection Officer (DPO) who will have a key role in ensuring compliance with GDPR. But who exactly will need a DPO and what is his/her role? The A29WP has now produced the final version of its DPO guidance, which was published for comments in December. Here are the two documents compared. Again the main themes of the documents are the same with some welcome clarifications in the final version.

Lead Supervisory Authority

Companies will be directly responsible for GDPR compliance wherever they are based (and not just their EU based offices) as long as they are processing EU citizens’ personal data. For those that have multiple processing operations in the EU or where a breach occurs in many countries there will be a need to identify a lead supervisory authority, which will be charged with investigating the breach. The A29WP has now finalised its guidance on this topic.

Data Protection Impact Assessments

Article 35 of GDPR introduces the concept of a Data Protection Impact Assessment (DPIA). In some cases Data Controllers will be required to do a DPIA in relation to one or more data processing operations. It will help them assess necessity and proportionality and to manage the risks to the rights and freedoms of natural persons resulting from the processing of personal data (by assessing them and determining the measures to address them).

Carrying out a DPIA is not mandatory for every processing operation. A DPIA is only required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (Article 35(1)). In certain situations a DPIA will be mandatory (see Article 35(3)).

The A29WP is requesting comments on the data protection impact assessment guidelines it recently published. The deadline is 23rd May 2017. Even if you don’t want to comment its still a useful document to read to understand what steps need to be taken to raise awareness of the DPIA processes and what training will be required for those undertaking this task.

Finally, the A29WP recently published its work programme for 2016 – 2018 accompanied by a supplementary statement explaining GDPR specific priorities.  As from 2018 it will become the European Data Protection Board.

 

Our full day workshops and new GDPR Practitioner Certificate courses are filling up fast. We also offer a GDPR health check service.

Posted in Article 50, Brexit, Data Protection, EU DP Regulation, GDPR | Leave a comment

Local Government GDPR Readiness: Good and will get better!

canstockphoto28466384

The Good Practice department at the Information Commissioner’s Office (ICO) conducted a survey on information governance practices in local government. In particular it was designed to ascertain what progress councils had made in preparing for the General Data Protection Regulation (GDPR), which comes into force on 25th May 2018. The survey received 173 responses. The full results were published on 20th March 2016.

There have been a number of negative headlines (or at least “glass half empty’ style headlines) about the ICO’s conclusion:

Many UK local councils still unprepared for GDPR

Local councils are underprepared for GDPR rules

UK Councils Lagging on GDPR Compliance

The actual ICO conclusion was:

“The overarching conclusion from our analysis of the survey results was that, although there is good practice out there, with GDPR coming in May 2018, many councils have work to do. Adhering to good practice measures under the Data Protection Act (DPA) will stand organisations in good stead for the new regulations.”

So more like “trying but need to do more.” But who doesn’t? I wonder if the same survey was conducted in the private sector would things be any different? Not according to various stories appearing on the web:

Half of businesses still not ready for GDPR

Every fourth company not ready for GDPR

Over half of the businesses are not ready for GDPR compliance

According to a recent survey, many UK businesses mistakenly think that GDPR will not apply to them as a consequence of the UK moving towards Brexit. This is despite the fact that the Government has confirmed that GDPR is here to stay.

Let’s go back to the results of the ICO survey (and let’s be positive):

  • 75% of councils have appointed a Data Protection Officer. Okay 25% have not but there is still plenty of time. Remember this is a compulsory requirement for all public authorities and public bodies. However Data Controllers can share a DPO or buy in the service provided there is no conflict of interest.  (More on the role of the DPO here.)
  • 85% of councils have data protection training for employees processing personal data. Okay 15% don’t but this is easily put right. We have a range of DPA and GDPR courses to suit a variety of budgets. These can be delivered face to face, online or at your premises.
  • Most councils carry out privacy impact assessments (PIAs) but 34% still do not. GDPR makes it a legal requirement for all Data Controllers to conduct data protection impact assessments in certain circumstances. The ICO’s Privacy Impact Assessment Code of Practice provides more advice and will be reissued for GDPR in due course. See also our PIA webinar. 
  • 93% of councils have a data protection and information security policy in place. This is good to see with the additional importance placed on security in GDPR especially breach notification.
  • 90% of councils have created a role of  Senior Information Risk Owner (SIRO) to help manage information risk.

So local government is not in such a bad state, when it comes to GDPR preparations, as some are saying. The messages to local government colleagues should be, “Full steam ahead but don’t panic!”

Who knows the name and place of the above building? Tweet your answers to @actnowtraining

We have a range of GDPR resources to help you including our GDPR Practitioner Certificate, GDPR posters and GDPR legislation booklet. We have also just launched our GDPR health check service.

Posted in Data Protection, GDPR, Privacy | 1 Comment

GDPR: Goodbye Notification, Hello More Fees!

canstockphoto7747142

By Ibrahim Hasan

Currently under the Data Protection Act 1998 (DPA), most Data Controllers have to go through a process of Notification with the Information Commissioner’s Office (ICO). This is a simple process, which involves completing an online form telling the Commissioner about their data processing activities. This appears on a publicaly searchable online register. It costs £35 or £500 to notify depending on the type of organisation.

Failure to notify is a criminal offence under section 17 of the DPA. In September 2016, a recruitment company was found guilty of this offence and ordered to pay a fine of £5,000, costs of £489.85 plus a victim surcharge of £120.

The General Data Protection Regulation (GDPR) come into force on 25th May 2018 replacing the DPA. There is no notification process under GDPR. However Article 30 does require Data Controllers as well as Data Processors to keep detailed records of their data processing activities depending on the size of the organisation. There are some similarities with “registrable particulars” under the DPA which must be notified to the ICO:

  • Name and details of the organisation (and where applicable, of other controllers, any representative and data protection officer)
  • Purposes of the processing
  • Description of the categories of individuals and categories of personal data.
  • Categories of recipients of personal data
  • Details of transfers to third countries including documentation of the transfer mechanism safeguards in place
  • Retention schedules
  • Description of technical and organisational security measures

If the organisation has less than 250 employees it is only required to maintain records of activities related to higher risk processing, such as:

  • processing personal data that could result in a risk to the rights and freedoms of individual; or
  • processing of special categories of data or criminal convictions and offences.


These records must be made available to the ICO upon request.

With the absence of Notification in GDPR, Data Controllers looked set to save some money. (Not a lot but every little helps!) In contrast, the ICO seemed set to lose a lot of money. It is currently funded partly from the annual Notification fees. Last year it collected more than 17 million pounds.  So how to plug the funding gap?

Enter the Digital Economy Bill, which is currently making its way through Parliament. Amongst other things, it contains provisions which will give public authorities (including councils) more power to share personal data with each other as well as, in some cases, the private sector.

But in a good week to bury bad news (aka Brexit and the Scottish Referendum), the Government published a memo, which indicates its intention to amend the Bill to include clauses giving Ministers the power to introduce regulations setting out new charges to be levied by the ICO on Data Controllers (See Para 45 – 53 entitled: Power to make regulations about charges payable to the Information Commissioner).

Note in particular paragraph 49 and 50 of the memo:

“49. The fees regulations may include provision for a free-standing charge – that is, where the charge does not relate to any service provided by the Information Commission to the data controller. They may also make provision about the times or periods within which a charge must be paid; and may make provision for different charges to be payable in different cases (including no charge or a discounted charge).

“50.The clause also confers a related power for the Secretary of State by regulations to require a data controller to provide information to the Information Commissioner, or to enable the Commissioner to require a data controller to provide information, for the purposes of determining whether a charge is payable and the amount of any such charge.”

This development should not surprise Data Controllers.  A few years ago “the Justice Committee found changes to EU data protection laws could leave the taxpayer with a multi-million pound bill if the government does not find a new way to finance the Commissioner.” “Spreadsheet Phil” has enough on his hands without having to worry about filling the ICO funding gap with government money! What is to be seen is what the new charges will be and whether they will impose a further financial burden on Data Controllers when they will already be spending substantial resources implementing GDPR.

Want to know more about GDPR?  Attend our full day GDPR workshop.  

GDPR Practitioner Certificate (GDPR.Cert) – A 4 day certificated course aimed at those undertaking the role of Data Protection Officer under GDPR whether in the public or the private sector.

Posted in Data Protection, EU DP Regulation, GDPR, Privacy | Leave a comment

iPhone -> abcPhone

82b54e6dd1d42e1fbfaa6bac4f93f66c

By Paul Simpkins

First the joke

I had a friend who played in a band. When he got his new smart phone he put all his gigs for the next 12 months into his calendar with an alert set for the day before so he knew when he was needed and he could plan the rest of his life.

A few days later his fellow band members rang him from a venue saying “Where are you, we’re on stage in 3 hours…”.

He looked at his phone and found that almost all the dates except 8 that he’d typed in hadn’t gone into his calendar. Only 8 were listed. The rest had disappeared. He dashed down to the phone shop and asked why to which the teenage assistant replied ”Sorry mate you’ve only got an 8 gig phone” [groan…]

But do you really need a phone with massive capacity and hundreds of apps? Do you need two level security or thumbprint login or many of the fancy apps that make your life so complicated efficient?

Is there a market for a simpler smartphone (maybe a dumbphone) that just has 8 key apps built in and no possibility of adding any more. We could call it the 8 app phone to remind us of the old joke. There would only be one home screen so we could call it… the screen.

Many old people don’t use 99% of the functionality of a smartphone. Yes youngsters are in constant contact with every social media platform that exists and are forever uploading and viewing videos of their friends eating junk food in branded outlets while streaming Spotify tunes but do we need all this connectivity?

This revolutionary concept crossed my mind this morning. I’d installed an update on my i-phone and instead of getting on with being my faithful companion my phone reverted to Hello Hola mode. All I had to do was set it up again and all my data would mysteriously flow back through the air to fill it up again. The problem was that I couldn’t remember my i-Cloud code as I’d bravely migrated to (see I can speak the lingo) two level authentication a few days ago. The phone wasn’t playing until it had the code. (I know I should have written it down on a yellow post it note but most of my reminders are in Notes on my phone). I also know that apple groupies will now be screaming “you stupid old git” at their screens and I acknowledge that I don’t know the front end of a universal serial bus from the back end but I’m happy in my own way. I just don’t see the point of unasked for updates that add on features I don’t think I’ll ever use. I’m often quite a few updates late and I still don’t know why I accepted this one so readily.

I went on the web and signed in with my Apple ID and it said no problem we’ll send a 6 letter code to your trusted device and you can type it in and you’ll be fine. Unfortunately my trusted device was the phone that the update had turned into a small door stop so the code I needed to unlock it was stopping at the door and not going in.

I rang Apple support and pointed out the problem and they ummed and ahhhed for 30 minutes before deciding that I had to take the SIM out of the phone, put it into another phone, set it up as a clone of my small doorstop, look in the text inbox, retrieve the code I’d been sent, take the SIM out, return it to my small doorstop and type in the code which would make my door stop suddenly metamorphose into a beautiful smartphone and fly off into the sunset.

The local phone shop refused to do it as it might lock the donor phone so I went home to find an old i phone. Soon I had no i-cloud code and 2 locked phones.

Fortunately I also had a macbook and an IT literate partner and for 3 hours we trawled the web, switched off this, switched on that, reset the donor phone and through trying every possible route through the Hello Hola roadblock finally made it work. Then we saw 9 texts each containing a 6 letter unlock code.

With feverish glee we put the SIM back where it belonged and tried to replicate the process. We did at one stage receive an email message saying that someone in Middlesbrough had tried to sign into my account but ignored as it was so obviously a ruse de guerre. (Heckmondwike yes but Middlesbrough no way…). An hour later we’d made it. It involved changing an apple ID password and several cups of coffee and a few cookies but we made it. By now darkness had fallen and we were both too tired to actually use the phone.

Back to the brilliant idea. The next development for Apple after the i-phone should (obviously) be the j-phone. The J stands for ‘just a few things on the” phone. Essentials are phone, text, web, calendar, maps, settings, camera, contacts and nothing else. (There will be a focus group later to decide which 8 are essential). {We’ll make them big icons while we’re at it}. But lets make even simpler and to save a law suit, just call it the abc-phone. Being as there’s no video or music or social media this can be produced cheaply and only sold to anyone who can produce a bus pass or a senior rail card (with photo ID  – we’re not letting any spotty youngsters in on the secret). There’ll be no real security on the phone – if someone pinches it there will be no value to sell on and the user can just buy another.

Over to you Apple…

Regards

A grumpy old man.

 

Make 2017 the year you achieve a GDPR qualification? See our full day workshops and new GDPR Practitioner Certificate.

 

 

 

image credits: http://www.techradar.com/reviews/phones/mobile-phones/iphone-6-1264565/review

Posted in Cloud, Data Protection, Personal Data | 1 Comment

The Subject Access Right Under GDPR

canstockphoto710053

When the General Data Protection Regulation (GDPR) comes into force on 25th May 2018, it will introduce a number of new obligations on Data Controllers which will require them, amongst other things, to review their approach to personal data breaches, privacy notices and overall GDPR compliance responsibility. Some new Data Subject rights, including the right to erasure and the right to data portability, will also be introduced.

So there is a lot to learn and do within a short space of time. However the good news is, whilst GDPR will replace the UK’s Data Protection Act 1998 (DPA), it still includes familiar concepts such the right of the Data Subject to request a copy of his/her data, known as a Subject Access Request (SAR) in DPA parlance.

In brief, Article 15 of GDPR gives an individual the right to obtain:

  • confirmation that their data is being processed;
  • access to their personal data; and
  • other supplementary information

The supplementary information mentioned above is the same as under section 7 of the DPA (e.g. information about the source and recipients of the data) but now also includes, amongst other things,  details of international transfers, other Data Subject rights, the right to lodge a complaint with the ICO and the envisaged retention period for the data.

Fees

Under the DPA, Data Controllers can charge £10 for a SAR (£50 for a health record). GDPR allows most requests to be made free of charge. This is a significant change and will hit the budgets of those who receive voluminous or complex requests e.g. local authority social services departments.  However, a “reasonable fee” can be charged for further copies of the same information and when a request is manifestly unfounded or excessive, particularly if it is repetitive. The fee must be based on the administrative cost of providing the information.

Time Limit

The DPA allows Data Controllers 40 calendar days to respond to a SAR.  Under GDPR the requested information must be provided without delay and at the latest within one month of receipt. This can be extended by a further two months where the request is complex or where there are numerous requests. If this is the case, the Data Subject must be contacted within one month of the receipt of the request and explain why the extension is necessary.

All refusals must be in writing setting out the reasons and the right of the Data Subject to complain to the ICO and to seek a judicial remedy.

Format of Responses

Where the Data Subject makes a SAR by electronic means, and unless otherwise requested by the Data Subject, the information should be provided in a commonly used electronic format. Before providing the information, the Data Controller must verify the identity of the person making the request using “reasonable means”.

The GDPR (Recital 63) introduces a new best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information This will not be appropriate for all organisations, but there are some sectors where this may work well e.g. local authorities may look to providing secure online access to social work records.

Article 15 makes it clear that the right to obtain a copy of information or to access personal data through a remotely accessed secure system should not adversely affect the rights and freedoms of others. Therefore, as is the case under section 7(4) of the DPA, careful thought will need to be given to whether third party personal data needs to be redacted before disclosing information.

Exemptions

Data Protection Officers will be familiar with the exemptions in the DPA, set out in Part 4 and Schedule 7, some of which allow a Data Controller to refuse a SAR. There is currently no such list in the GDPR. However Article 23 allows national governments to introduce exemptions to various provisions in GDPR, including SARs, by way of national legislation based on a list set out in that article. This contains the same categories as in the DPA e.g. national security, crime prevention, regulatory functions etc. My guess is that the UK Government will enact the same exemptions as currently exist in the DPA.

Recital 63 states the purpose of the SAR is to make Data Subjects aware of and allow them to verify the lawfulness of the processing of their personal data. This seems to suggest that requests for other purposes e.g. to assist in litigation may be rejected. Compare this to the recent case of Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74 in which the Court of Appeal said that there was nothing in the EU Data Protection Directive (which the DPA implements into UK law) which “limits the purpose for which a data subject may request his data, or provides data controllers with the option of not providing data based solely on the requestor’s purpose.” (More on this case here.)

The GDPR does not introduce an exemption for requests that relate to large amounts of data, but a Data Controller may be able to consider whether the request is manifestly unfounded or excessive. Recital 63 also permits asking the individual to specify the information the request relates to.

Subject Access and Data Portability

How different is the Subject Access Right to the Right to Data Portability set out in Article 20? The latter also allows for Data Subjects to receive their personal data in a structured, commonly used and machine-readable format. In addition it allows them to request it to be transmitted to another Data Controller.

Unlike the subject access right, the Data Portability right does not apply to all personal data held by the Data Controller concerning the Data Subject.  Firstly it has to be automated data. Paper files are not included. Secondly the personal data has to be knowingly and actively provided by the Data Subject. By contrast personal data that are derived or inferred from the data provided by the Data Subject, such as a user profile created by analysis of raw smart metering data or a website search history, are excluded from the scope of the right to Data Portability, since they are not provided by the Data Subject, but created by the Data Controller. Thirdly the personal data has to be processed by the Data Controller with the Data Subject’s consent or pursuant to a contract with him/her.

In contrast, the subject access right applies to all personal data about a Data Subject processed by the Data Controller, regardless of the format it is held in, the justification for processing or its origin.

It is important to note that both rights do not require Data Controllers to keep personal data for longer than specified in their retention schedules or privacy polices. Nor is there a requirement to start storing data just to comply with a request if received.

To discuss this and other GDPR issues, come and say hello to us on stand 15 at the ICO Conference on Monday 6th March in Manchester. 

Make 2017 the year you achieve a GDPR qualification? See our full day workshops and new GDPR Practitioner Certificate.

Posted in Data Protection, Data Sharing, EU DP Regulation, GDPR | 1 Comment

IRMS Certificate in Information Governance Proving Very Popular

banner

In April 2016, Act Now in partnership with the Information and Records Management Society (IRMS) launched IRMS Foundation Certificate in Information Governance. This is the first fully online certificated course on Information Governance and is proving extremely popular amongst public and private sector professionals.

In difficult economic times, traditional face-to-face learning is often the first activity to fall victim to budget cuts. However the area of Information Governance is currently the subject of rapid change. After four years of negotiation, the new General Data Protection Regulation (GDPR) has now been formally adopted by the European Parliament and will come into force on 25th May 2018. The Government recently confirmed that it will be adopting the Regulation despite the Brexit vote. The FOI Commission’s report, published in March, will lead to additional obligations for public authorities under the Freedom of Information Act. With recent high profile hacks, records management and information security are now top of the corporate risk agenda.  And the list goes on…

Employees and managers need timely and cost effective IG training.  The IRMS Foundation Certificate in Information Governance is the solution. This is an online certificated course designed for information management professionals who need to know about the basics of information rights and information management in their job role. It is an ideal starter qualification for those who wish to progress to more advanced qualifications such as the as the Act Now Practitioner Certificate In Data Protection and the BCS FOI and DP Certificates.

There are four learning modules (Records Management, Security and Information Assurance, Data Protection and Freedom of Information). Using the latest web based technology, delegates will be able to learn from the comfort of their own desk by attending four live online webinars. In addition they will be able to tailor their learning through doing four recorded modules from a choice of six. Finally they will do a short online assessment to achieve the certificate endorsed by the excellent reputation of the IRMS.

Since its in inception in April 2016, 70 delegates have successfully completed the course. They represented a diverse range of organisations from the public and private sector including,  HMRC, Prudential Regulation Authority, Ropes and Gray International LLP, 14 local councils, Scottish Government, University of the Arts London and Creative Scotland to name but a few.

Feedback from delegates has been very positive:

“The IRMS Foundation Certificate is a great way to cement a base knowledge, plus I found it useful to update some details and understand what changes may be on the horizon.” LK, Isle of Man Government

“Modules were interesting and packed full of useful content. As someone relatively new to the sector, this was the perfect course for me.” JH, Healthcare Improvement Scotland

“The course was really interesting, I have been in the profession for many years but still found a lot of new content throughout the course that built upon my existing knowledge but also explained some topics much more in depth which was very engaging. The webinars were very useful and gave a good insight into the topics as well as giving a good opportunity to ask any questions and engage with other students and tutors. The course has certainly expanded my knowledge and interest in Information Governance and is very relevant to my work. I will be taking the information I have gained on this certificate further to enhance my career.” RD, Ministry of Defence

Ibrahim Hasan, Director of Act Now Training, has developed the course with IRMS colleagues. He said:

“I am pleased that this ground breaking online qualification is proving a big hit with information governance professionals. We are committed to continuous improvement and hope to add more such qualifications to our training portfolio in the future. “

Scott Sammons, the Chair of the IRMS, recently wrote in the IRMS magazine:

“I am very pleased that the online course is proving extremely popular amongst public and private sector professionals. Bookings have been received from a diverse range of organisations including local authorities, Government departments, Academy Trusts, the NHS, universities and even overseas governments!”

The qualification is also suitable for Scottish delegates who can choose to learn about the Freedom of Information (Scotland) Act instead of the Freedom of Information Act 2000.

IRMS members receive a 10% discount off the normal price of the course (£449 plus vat).

If you would like to know more about this course please see Act Now’s dedicated IRMS Certificate webpages or e mail info@actnow.org.uk.  You can also compare all our certificated courses here.

Posted in BCS, Certificated course, Data Protection | Leave a comment