1 - The social, historical and legal background leading to the General Data Protection Regulation (GDPR)
The scope and global context of the GDPRThe key concepts within the GDPRThe definition of all key words and phrases relating to this Data Protection regulation
2 - Principle One: The criteria governing fair, open and transparent processing of personal data
Principle Two: Purpose Limitation, the challenge of limiting the processing within the context of specified and lawful purposesPrinciple Three: Minimisation of processing, and ensuring that only that data is processed which is necessary to achieve the purpose.Principle Two: Purpose Limitation, the challenge of limiting the processing within the context of specified and lawful purposesPrinciple Three: Minimisation of processing, and ensuring that only that data is processed which is necessary to achieve the purpose.Principle Four: Ensuring that any personal data held by the organisation is kept accurate and current, and that any processing of such data is appropriatePrinciple Five: Management and storage of personal data in a manner that meets regulatory obligations, while minimising the time that the individual remains identifiablePrinciple Six: The criteria governing safe, secure and confidential processing of personal data in order to protect its integrityPrinciple Seven: The key roles, responsibilities and accountabilities of those involved in Data Management within an organisationEstablishment within a single Member StateJoint ControllersPrivacy by Design and by DefaultNominated RepresentativesThird-party Contracts and shared liabilityLogging of data management processesData Breach Notification obligationsPrivacy Impact AssessmentsOverseas transfer of personal dataL2.8 The Data Subject Rights, and their implications for the Data Controller and the Data ProcessorL2.8.1 The ‘right to be forgotten’L2.8.2 The right to restriction of processingL2.8.3 The right to object to certain processingL2.8.4 The right to have inaccurate data amended or erasedL2.8.5 The right to data portabilityL2.8.6 The right of access to one’s personal dataL2.8.7 Rights in relation to automated decision-making and profiling
3 - The role of the Data Protection Officer (DPO)
The role of the Data Protection Officer (DPO)Criteria for designating a DPOTasks of the DPOPosition of the DPO within the organisationThe role of the Supervisory Authority within the Member StateThe Lead Supervisory Authority and independenceInvestigative, corrective and advisory powersIndependence of the Supervisory AuthorityCollaboration with other Supervisory AuthoritiesCodes of Conduct and CertificationThe role, powers and tasks of the European Data Protection Board (EDPB)
4 - The remedies, liabilities and penalties available under the GDPR
Right to raise a complaintRight to representationRight to effective judicial remedyRight to compensation and liabilityAdministrative fines of up to €10m or 2% of GATAdministrative fines of up to €20m or 4% of GAT
5 - Provisions for specific processing situations
Freedom of ExpressionProcessing of official documentsProcessing of National Identification NumbersProcessing regarding employmentProcessing for archiving purposesProcessing under obligations of official secrecyProcessing of data by religious organisations
6 - Preparing for implementation of the GDPR
Review of data management policies and proceduresReview of data assets and security structuresTraining and Awareness-raisingData management governance structuresEmbedding Privacy By Design and DefaultCodes of Conduct and Certification against standardsBreach detection and notification proceduresReview of third-party agreements, contracts
Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Who is it For?
A prior understanding of EU Data Protection legislation is recommended. Candidates are typically management professionals and decision-makers who already have responsibility for data protection compliance within their organisation.Co-Requisite Subjects Candidates should have a good understanding of their own organisation’s data management activities through the life cycle from initial acquisition, through the various areas of processing and usage, to eventual removal or destruction.