Course Outline
Day I
I. Selecting a Personal Data Protection Management Model?
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes.
II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of a Data Protection Officer
3. What the DPO needs to know
4. Where to gain this knowledge
5. Qualifications required to act as a DPO
6. Forms of employment for the DPO
7. Enhancing DPO capabilities
8. DPO tasks
III. Data Flows
1. What the DPO needs to know about data flows
2. Capabilities required of a DPO regarding data flows
3. DPO tasks in this area.
IV. Preparing and Conducting an Audit
1. Preparatory activities for audits
2. Audit plan preparation
3. Appointment and task assignment for the audit team
4. Creation of working documents
5. Audit checklist
6. Case study: The auditing process flow.
V. Assessing the Degree of Compliance
1. Key considerations:
2. Security of processing
3. Legal grounds for processing
4. Principle of consent
5. Principle of data minimization
6. Principle of transparency
7. Entrusted processing
8. Data transfer to third countries and international transfers.
VI. Audit Reporting
1. Preparing an audit report
2. Components of an audit report
3. Key points of attention
4. Case study
5. Cooperation with employees – building employee awareness
6. How to verify processor warranty?
VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential documentation
4. Continuous monitoring.
Day II
VIII. Introduction to Risk Management
1. Organization of the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a Data Protection Impact Assessment (DPIA).
IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes.
X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When is a DPIA mandatory and when is it not?
3. Necessary elements of the process
4. Inventory of processing activities
5. Identification of processing resources, particularly those with high risk.
XI. Risk Analysis Exercises
1. Estimating the probability of a hazard occurring
2. Identification of vulnerabilities and existing security measures
3. Identification of effectiveness
4. Estimating consequences
5. Risk identification
6. Determining the level of risk
7. Determining the threshold of risk acceptability.
XII. Asset Identification and Security Exercises
1. Determining the risk value for the resource
2. Estimating the probability of the hazard occurring
3. Vulnerability identification
4. Identification of existing safeguards
5. Estimating consequences
6. Risk identification
7. Determining the risk acceptability threshold.
Requirements
Target Audience
- Individuals serving as Data Protection Officers
- Professionals interested in expanding their knowledge in this domain
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
