Aims & Objectives

• Identify the key requirements of General Data Protection Regulation
• Familiarize with the rights of data subjects and their relevance in daily life
• Application of compliance mechanisms
• Cover the rules regarding international data transfers under the GDPR
• Show how to audit GDPR as a data protection management system
• Interpret GDPR requirements for audit application
• Provide the latest lead auditor techniques and identify appropriate use

Learning Outcomes

Having successfully completed this course you will be able to:

• Demonstrate knowledge on the principles, roles, responsibilities and processes under the Regulation
• Know how to prepare your company to be GDPR compliant
• Demonstrate knowledge on the obligations of data controllers and processors
• Protect your rights as data subject and personal data from unlawful processing
• Apply control measures and compliance mechanisms
• Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act, and the 7 management principles
• Gain the skills to plan, conduct, report and follow up an audit in accordance with GDPR
• Explain the role of an auditor to plan, conduct, report and follow up an audit in accordance with GDPR
• Conduct effective audits in any auditing situation
• Establish and plan the activities of an audit team
• Communicate effectively with the auditee and audit client
• Organise and direct audit team members
• Prepare and complete the audit report
• Use remote auditing methods

Who should attend?

• Any company, big or small, which processes personal data within the EU
• Company executives
• HR and IT directors
• Appointed auditors
• Anyone who wishes to understand the GDPR audits and application
• Anyone involved in the planning, implementing, maintaining, supervising, or auditing of a Personal Data Protection Management System
• Anyone interested in Personal Data Protection Management Systems

Prerequisite skills & knowledge: None required

Available in-house/distant learning? Yes

Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab

Part A:

Introduction to the General Data Protection Regulation

• General Data Protection Regulation
• Definitions
• Why is the GDPR necessary?

Regulations’ analysis

• Personal Data
• Controller
• Processor
• Principles relating to processing of personal data

Lawfulness of Processing

• Conditions for Lawful Processing
• Conditions for consent
• Processing which does not require identification

Codes of Conduct and Certification

• Codes of conduct
• Monitoring of approved codes of conduct
• Certification
• Certification bodies

Transfers of personal data to third countries or international organisations

• General principle for transfers
• Transfers on the basis of an adequacy decision
• Transfers subject to appropriate safeguards
• Binding corporate rules
• Transfers or disclosures not authorized by Union law
• Derogations for specific situations

Remedies, liability and penalties

• Right to lodge a complaint with a supervisory authority
• Right to an effective judicial remedy against a supervisory authority
• Right to an effective judicial remedy against a controller or processor
• Representation of data subjects
• Right to compensation and liability
• General conditions for imposing administrative fines
• Penalties

Part B:

Security of personal data

• Security of processing
• Notification of a personal data breach to the supervisory authority
• Communication of a personal data breach to the data subject
• Personal Data Hazards
• Dealing with hazards
• Information Security Management Systems - ISO 27001

Data Protection Officer (DPO)

• Designation of the data protection officer
• Position of the data protection officer
• Tasks of the data protection officer (DPO)
• Data protection officer’s skills and education
• Data protection officer and conflict of interests
• Internal or external DPO?

GDPR as a Personal Data Protection Management System

• Data Protection Management System
• Basic Procedures of a Data Protection Management System
• Supportive Procedures of a Data Protection Management System

Epilogue

Part C:

The audit

• What is an audit?
• Why Audit?
• Audit Types

Audit Steps

• Audit Plan
• Developing Checklists
• Opening Meeting
• Conducting the Audit
• Closing Meeting
• Audit Report
• Audit Follow-up Activities

Audit Programme

• Establishing the Audit programme objectives
• Identifying and evaluating audit programme risks and opportunities
• Process flow for the management of an audit programme
• Managing an audit programme
• Audit programme Implementation
• Process of collecting and verifying information
• Monitoring audit programme
• Improving audit programme

Accreditation & Certification

• Accreditation & Certification Bodies
• Certification Process

Auditor’s Performance

• Auditor’s Quality
• The Auditors conduct
• Auditor’s Code Conduct
• Auditor Characteristics
• Auditor's personal behavior
• Auditee’s conduct
• Selecting the audit team members
• Skills of audit team leaders
• How to evaluate an Auditor
• Maintaining and improving auditor competence

Psychological factors during an audit

• Attitudes and relationships
• Obstacles & communication
• Space & Time issues
• Body language
• Cultural factors
• Principles of Listening
• Questions & questioning

Audit tips & techniques

• Tips to trained internal auditor
• Question Technique
• Competence of the audit programme manager

Teaching Methods

• Detailed seminar presentations (available for download)
• No. of slides: 289

Resources

• Reading lists and resources available in presentations

Study time allocation

• Private study hours: 34
  
• Trainer contact hours: Availability and competence of instructors upon request
• Enrollment duration: 90 days (from the date of purchase)

Credits

• CPD Points: 34
  
• ECTS/ECVET Points: 1.1