Aims & Objectives

• Identify the key requirements of General Data Protection Regulation
• Familiarize with the rights of data subjects and their relevance in daily life
• Application of compliance mechanisms
• Cover the rules regarding international data transfers under the GDPR
• Show how to audit GDPR as a data protection management system
• Interpret GDPR requirements for internal audit application
• Provide the latest internal auditor techniques and identify appropriate use

Learning Outcomes

Having successfully completed this course you will be able to:

• Demonstrate knowledge on the principles, roles, responsibilities and processes under the Regulation
• Demonstrate understanding on the obligations of data controllers and processors
• Protect your rights as data subject and personal data from unlawful processing
• Apply control measures and compliance mechanisms
• Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act, and the 7 management principles
• Enhance skills to conduct effective audits in any auditing situation
• Identify easier opportunities to improve the Data Protection of your company
• Plan, conduct, report and follow up an internal audit in accordance with the GDPR
• Understand the role of an auditor to plan, conduct, report and follow up an audit in accordance with the GDPR
• Establish and plan the activities of an audit team
• Communicate effectively with the auditee and audit client
• Organise and direct audit team members

Who should attend?

• Any company, big or small, which processes personal data within the EU
• Company executives
• Management representatives
• HR and IT directors
• External appointed auditors
• Company internal auditors
• Anyone who wishes to understand the GDPR audits and application

Prerequisite skills & knowledge: None required

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab

Part A:

Introduction to the General Data Protection Regulation

• General Data Protection Regulation
• Definitions
• Why is the GDPR necessary?

Regulations’ analysis

• Personal Data
• Controller
• Processor
• Principles relating to processing of personal data

Lawfulness of Processing

• Conditions for Lawful Processing
• Conditions for consent
• Processing which does not require identification

Codes of Conduct and Certification

• Codes of conduct
• Monitoring of approved codes of conduct
• Certification
• Certification bodies

Transfers of personal data to third countries or international organisations

• General principle for transfers
• Transfers on the basis of an adequacy decision
• Transfers subject to appropriate safeguards
• Binding corporate rules
• Transfers or disclosures not authorized by Union law
• Derogations for specific situations

Remedies, liability and penalties

• Right to lodge a complaint with a supervisory authority
• Right to an effective judicial remedy against a supervisory authority
• Right to an effective judicial remedy against a controller or processor
• Representation of data subjects
• Right to compensation and liability
• General conditions for imposing administrative fines
• Penalties

Part B:

Security of personal data

• Security of processing
• Notification of a personal data breach to the supervisory authority
• Communication of a personal data breach to the data subject
• Personal Data Hazards
• Dealing with hazards
• Information Security Management Systems - ISO 27001

Data Protection Officer (DPO)

• Designation of the data protection officer
• Position of the data protection officer
• Tasks of the data protection officer (DPO)
• Data protection officer’s skills and education
• Data protection officer and conflict of interests
• Internal or external DPO?

GDPR as a Personal Data Protection Management System

• Data Protection Management System
• Basic Procedures of a Data Protection Management System
• Supportive Procedures of a Data Protection Management System

Epilogue

Part C:

The audit

• What is an audit?
• Why Audit?
• Audit Types

Internal Audit

• Principles of auditing
• Scheduled and unscheduled Audits
• What to Audit – Technical Audit
• Steps involved in internal audit
• Scope of audit
• Frequency of audit
• Internal Audit process

Audit Steps

• Performing audit activities
• Audit Plan
• Developing Checklists
• Opening Meeting
• Conducting the Audit
• Recording Results
• Non-Conformities & Non-Compliances
• Closing Meeting (s)
• Audit Report
• Audit Follow-up Activities

Audit Programme

• Establishing the Audit programme objectives
• Identifying and evaluating audit programme risks
• Process flow for the management of an audit programme
• Managing an audit programme
• Audit programme Implementation

Audit tips & techniques

• Tips to trained internal auditor
• Question Technique
• Competence of the audit programme manager

Auditor’s Performance

• Auditor’s Quality
• The Auditors conduct
• Auditor’s Code of Conduct
• Auditor Characteristics
• Auditor's personal behavior
• Auditee’s conduct
• Audit team leader skills
• How to evaluate an Auditor

Teaching Methods

• Detailed seminar presentations (available for download)
• No. of slides: 277

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 33
  
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment duration: 90 days (from the date of purchase)

Credits

• CPD Points: 33
  
• ECTS/ECVET Points: 1.1