Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamental Principles of Personal Data Processing
- Sources of national and international law.
- Scope of application for personal data protection laws.
- Powers of the data protection authority.
- Judicial protection of the right to personal data protection.
- GDPR - fundamental information and definitions - selected issues.
- Sector-specific GDPR regulations.
- Definition of personal data.
- Processing of personal data.
- Legal bases for processing personal data.
- Responsibilities of the Data Controller.
- Rights of data subjects.
- Administrative fines.
- Personal Data Protection Act of 10 May 2018 - scope of regulations.
- Appointment of a Data Protection Officer.
- Proceedings for infringement of personal data protection laws.
- Monitoring compliance with personal data protection regulations.
- Civil, criminal, and administrative liability.
- Conditions for the admissibility of processing personal data (ordinary and sensitive data).
- Legal requirements for entrusting the processing of personal data to other entities.
- Data Protection Impact Assessment (DPIA).
- Data protection by design and by default.
- Legal bases for transferring personal data to a third country.
- Protection of personal data in employment relations.
Appointment of a Data Protection Officer
- Mandatory appointment of a Data Protection Officer.
- Optional appointment of a data protection inspector.
Eligibility for the Role of Data Protection Officer
- Qualifications required to act as an inspector.
- Form of employment for the inspector.
Status of the Data Protection Officer
- Direct reporting of the inspector to top management.
- Arranging support for the supervisor.
- Participation of the inspector in all matters related to personal data protection.
- Prohibition of giving instructions to the supervisor regarding duty execution.
- Avoiding conflicts of interest within the organization - tasks of the supervisor.
- Prohibition of dismissal or punishment of the inspector.
- The duty of the inspector to maintain secrecy or confidentiality of performed tasks.
Information Security Management
- Discussion of the security management system in the organization, based on Polish standards among others.
- Identification of privacy risks and their legal implications.
- Principles of risk assessment and evaluating the impact of specific solutions on safety management effectiveness.
- Understanding and applying a risk-based approach - practical completion of the Risk Analysis template.
- Personal Data Lifecycle Management.
Performing the Duties of the Data Protection Officer (DPO)
- Legal basis for the appointment of the DPO.
- Who must appoint a DPO, when, and how.
- DPO status and qualifications.
- DPO tasks and rules for planning their performance.
- Conducting reports on compliance with personal data protection provisions in traditional and IT systems.
- Documenting activities carried out by the DPO.
- Preparation of inspection reports.
- Rules for supervising the documentation of personal data processing.
- Scope of UODO's powers in relation to DPOs.
Practical Insights on Inspections by the Office for Personal Data Protection
- Requirements for auditees.
- How to prepare for an inspection.
- Case study.
Practical Activities
- Development of an exemplary Information Security Policy.
- Development of management instructions.
- Development of a Register of Processing Activities.
- Preparation of the so-called Small Personal Data Protection Documentation.
- Case study.
- Common errors in documentation preparation.
Additional Materials for Course Participants:
Useful Forms and Templates:
- Consent to the use and dissemination of the image.
- Event newsletter entry.
- Consent to receive an offer.
- Sending offer emails.
- Sending general emails.
- Example of a personal data protection policy.
- Template for preparing the information obligation in accordance with GDPR, including instructions.
- Risk analysis template.
- Register of personal data processing activities - template.
- Register of categories of processing activities - template.
- GDPR Breach Register - Template.
- GDPR Compliance Checklist Template.
- Instructions on how to proceed in the event of a breach of personal data protection regulations.
- Data Protection Breach Report Template.
- Register of security incidents and corrective and preventive actions.
- Register of corrigenda.
- Register of restorations.
- Model corrigendum.
- Restoration pattern.
- Model Objection.
- A model contract excluding further processing of personal data.
- Sample consents for competitions, marketing, publications.
- Obligation to provide information for ferry crossing.
- Obligation to provide information for meeting monitoring.
- Obligation to provide information on recruitment.
- Obligation to provide information to the National Revenue Administration.
- Information obligation of the LES.
- Public Procurement Law (UCoC) information obligation.
- Information obligation: Labour Code.
- Tax information obligation.
- Authorization to process personal data for employees: a template to be filled in with an example.
- Notification of a breach to data subjects - template.
- Personal Data Processing Agreement for the Controller - template.
- Personal Data Processing Agreement for the Processor.
- And many more.
Requirements
Target Audience
- Individuals beginning their role as a Data Protection Officer.
- Individuals who are slated for appointment to this position in the future.
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
