EU GDPR and EU ePrivacy Regulation Compliance for Data Protection Officer (DPO) Training Course
This course is the best practical training course for understanding on "HOW" to compliance with EU GDPR and ePrivacy Directive.
Following the implementation of the “Personal Data Protection Act” in worldwide, the EU-US Privacy Shield Framework between the United States and the European Union, the EU General Data Protection Regulations (EU GDPR) to be enforced by the European Union on May 25, 2018, it requires the organizations have the obligation to protect the personal data.
Therefore, the organization must establish a systematic management mechanism according to law (for example, refer to BS 10012 personal data management system, ISO 29100 privacy protection framework, etc.), and comply with the principle of personal data protection as required by GDPR article 5, it demonstrate that the company is in compliance the requirements of laws and regulations (for example, the establishment of dedicated personnel responsible for personal data inventory, education and training, communication, and notification), on the other hand, can effectively implement personal data protection and control measures (for example, integration of ISO 27001 information security management and ISO 22301 business continuity management).
To participate this training course, the following prior knowledge were expected:
- Knowledge of Management System Compliance (ISO 19600)
- Process approach (Plan-Do-Check-Act)
- Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies and procedures.
- Top management leadership, other roles and responsibilities to support management system
- Consideration of planning a management system - identify the organisational and technical measures to manage the identified risk
- Supporting required by the management system
- Management system operation consideration - monitoring, reporting and communicating
- Performance evaluation of a management - objectives evaluation, Internal Audits and Management Review
- Continual improve the effectiveness of a management system
- Knowledge of data protection principles and concepts, includes but not limited to:
- lawfulness, fairness and transparency;
- purpose limitation
- data minimization
- storage limitation
- integrity and confidentiality
- Knowledge of data protection regulations:
- REGULATION (EU) 2016/679 -EU GDPR (General Data Protection Regulation)
- DIRECTIVE (EU) 2016/680 - Criminal offences or the execution of criminal penalties
- Regulation on "Privacy" and "Electronic Communications
Note. You are advised that course examination questions can relate to the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course.
Who should attend?
This is intended for those who will be involved in GDPR compliance in the organization.
Suggested job functions and their teams include:
- DPO (data protection officer) and representatives
- Information security managers
- IT and corporate security managers
- Corporate governance managers
- Risk and compliance managers
- Information security consultants
- Understand the EU GDPR framework and relevant regulations
- Understand the EU GDPR compliance requirements for product developer, data controller and processor
- Understand the Personal Data Protection Principles
- Improve the overall understanding of EU GDPR compliance requirements
- Identify the opportunity for improvements of personal data protection in the organisation
Day 1, EU GDPR framework and EU GDPR Compliance Assessment Part 1 - Fundamental issues
- EU GDPR framework and relevant regulations
- Product and IT-based services
- Roles: Controller and Processor
- EU GDPR Compliance Assessment Part 1 - Fundamental issues
- Data processing
- Technical construction
Day 2, EU GDPR Compliance Assessment Part 2 - Legal compliance requirements
- Legal Basis for the Processing of Personal Data
- General Requirements
- Special Requirements to the Various Phases of the Processing
- Special Types of Processing Operations
- Compliance with General Data Protection Principles
Day 3, EU GDPR Compliance Assessment Part 3 - Technical-Organisational measures and Part 4 -Data Subjects’ Rights compliance requirements
- General Duties
- Preventing Unauthorised Access to Data, Programs, Premises and Devices
- Logging of Processing Personal Data
- Network and Transport Security
- Mechanisms to Prevent Accidental Loss of Data; Back-up Mechanisms and Recovery
- Data Protection and Security Management
- Disposal and Erasure of Data
- Temporary Files
- Documentation of Products and Services from a Customer’s Perspective
- Technology-specific and Service-specific Requirements
- Pseudonymisation and Anonymisation
- Technical Data Protection Functionalities Required by the ePrivacy Directive (ePD)
- Ensuring Transparency of Automated Individual Decisions
- EU GDPR Compliance Assessment Part 4 - Data Subjects’ Rights
- Rights under the General Data Protection Regulation (GDPR)
- Rights under the ePrivacy Directive (ePD)
- Course Summary and Examination
- Course material
- Course examination
- Course certificate
- Delegates should note that there are evening works during the course
- The minimal numbers of delegates for this course is 4 and maximum is 20. If the students less than 4, the course will be postponed.
- This course is facilitated by TKSG.Global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
- This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes infotech Inc.