Aims & Objectives

• Familiarize with the General Data Protection Regulation
• Understand the principles, roles, responsibilities and processes under the Regulation
• Learn the obligations of data controllers and processors
• Familiarize with the rights of data subjects and their relevance in daily life
• Understand and apply compliance mechanisms
• Learn the rules regarding international data transfers under the GDPR
• Learn the first steps for complying with the GDPR
• Learn how to use GDPR as a data protection management system
• Learn the requirements of a DPO
• Gain the necessary knowledge and skills to become a DPO

Learning Outcomes

Having successfully completed this course you will be able to:

• Demonstrate knowledge the principles, roles, responsibilities and processes under the Regulation
• Prepare your company to be GDPR compliant
• Demonstrate knowledge on the obligations of data controllers and processors
• Protect your rights as data subject and personal data from unlawful processing
• Apply control measures and compliance mechanisms
• Undertake duties as a DPO

Who should attend?

• Any company, big or small, which processes personal data within the EU
• Company executives
• HR and IT directors
• Lawyers and Company consultants
• Anyone who wishes to know more about data protection and the GDPR, especially those handling personal data

Prerequisite skills & knowledge: None required

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab

Part 1:

Introduction to the General Data Protection Regulation

• General Data Protection Regulation
• Definitions
• Why is the GDPR necessary?

Regulations’ analysis

• Principles relating to processing of personal data
• Lawfulness of processing
• Conditions for consent
• Conditions applicable to child's consent in relation to information society services
• Processing of special categories of personal data
• Processing of personal data relating to criminal convictions and offences
• Processing which does not require identification

Processing which does not require identification

• Rights of the data subject
• Information provided to the data subject

Part 2:

Independent Supervisory Authorities

• Supervisory authority
• Independence
• General conditions for the members of the supervisory authority
• Rules on the establishment of the supervisory authority
• Competence
• Competence of the lead supervisory authority
• Tasks
• Powers
• Activity reports

Codes of Conduct and Certification

• Codes of conduct
• Monitoring of approved codes of conduct
• Certification
• Certification bodies

Transfers of personal data to third countries or international organisations

• General principle for transfers
• Transfers on the basis of an adequacy decision
• Transfers subject to appropriate safeguards
• Binding corporate rules
• Transfers or disclosures not authorized by Union law
• Derogations for specific situations
• International cooperation for the protection of personal data

Part 3:

Remedies, liability and penalties

• Right to lodge a complaint with a supervisory authority
• Right to an effective judicial remedy against a supervisory authority
• Right to an effective judicial remedy against a controller or processor
• Representation of data subjects
• Right to compensation and liability
• General conditions for imposing administrative fines
• Working Party 29 - Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679
• Penalties

Security of personal data

• Security of processing
• Notification of a personal data breach to the supervisory authority
• Communication of a personal data breach to the data subject
• Personal Data Hazards
• Dealing with hazards
• Information Security Management Systems - ISO 27001

Controller and Processor

• Controller
• Processor
• Processing under the authority of the controller or processor

Part 4:

Data Protection Officer (DPO)

• Designation of the data protection officer
• Position of the data protection officer
• Tasks of the data protection officer (DPO)
• Data protection officer’s skills and education
• Data protection officer and conflict of interests
• Internal or external DPO?

GDPR as a Personal Data Protection Management System

• Data Protection Management System
• Basic Procedures of a Data Protection Management System
• Supportive Procedures of a Data Protection Management System
• Audit

Epilogue

Teaching Methods

• Detailed seminar presentations (available for download)
• No. of slides: 309

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 36
  
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment duration: 90 days (from the date of purchase)

Credits

• CPD Points: 36
  
• ECTS/ECVET Points: 1.2