The General Data Protection Regulation sets out the requirements for the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data.
This 2 day course provides delegates with an understanding of the General Data Protection Regulation and with guidance on how to address the requirements. Delegates will learn about the Regulation, its impact on the processing of personal data and how personal data can best be protected in accordance with this Regulation.
Participants will learn more about:
- Overview of the General Data Protection Regulation (GDPR)
- The purpose and scope of the GDPR
- The impact of the GDPR on public and private bodies
- Key role players - data subjects, data controller, data processor, representatives, data protection officer
- Responsibilities of the board, executive management, business leaders, legal, compliance, auditors
- Tasks and support tools for the Data Protection Officer
- Handling data subject requests
- The rights of data subjects
- The obligations of those who process and decide on the processing of personal data
- Understanding the principles for the lawful processing of personal data
- How the principles impact normal business operations
- Privacy management objectives
- Choosing a strategy for "compliance" with the GDPR
- Overview of the lifecycle of personal data, from collection to deletion
- Business purpose, specificity, openness
- Conducting a privacy impact assessment
- Information exchanges and trans-border flow
- The control of processors
- Privacy by design and default
- Responding to incidents
- Verification of operator assertions - measuring compliance
- Monitoring and evaluating effectiveness - selecting measures
- Monitoring by competent authorities
- Frameworks and standards for addressing the GDPR obligations (ISO, OASIS, COBIT)
- Designing and implementing a Privacy Management System
- Continuous improvement.
This course is based on over twenty years experience as a DPO in Germany.