Course Outline
Day I
I. Selecting a Personal Data Protection Management Model
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes.
II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of a Data Protection Officer
3. Essential knowledge for a DPO
4. Resources for acquiring necessary knowledge
5. Qualifications required to act as a DPO
6. Employment status of the DPO
7. Professional development for DPOs
8. Key DPO tasks
III. Data Flows
1. What a DPO needs to know about data flows
2. Capabilities expected of a DPO regarding data flows
3. DPO tasks related to data flows.
IV. Preparing and Conducting an Audit
1. Preparatory activities for audits
2. Preparing an audit plan
3. Assigning tasks to the audit team
4. Creating working documents
5. Audit checklists
6. Case study: The audit process in action.
V. Assessing Compliance Levels
1. Key considerations:
2. Security of processing
3. Legal bases for processing
4. The principle of consent
5. The principle of data minimization
6. The principle of transparency
7. Entrusted processing
8. Transferring data to third countries and international transfers.
VI. Audit Reporting
1. How to prepare an audit report
2. Components of an audit report
3. Areas requiring special attention
4. Case study
5. Collaboration with employees – building awareness
6. Verifying Data Processing Undertaking (DPO) compliance.
VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential documentation
4. Continuous monitoring.
Day II
VIII. Introduction to Risk Management
1. Organizing the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a Data Protection Impact Assessment (DPIA).
IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes.
X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When a DPIA is obligatory versus optional
3. Necessary elements of the process
4. Inventory of processing activities
5. Identification of processing resources, particularly those with high risk.
XI. Risk Analysis Exercises
1. Estimating the probability of a hazard occurring
2. Identifying vulnerabilities and existing security measures
3. Assessing effectiveness
4. Estimating consequences
5. Risk identification
6. Determining the level of risk
7. Establishing the threshold for risk acceptability.
XII. Asset Identification and Security Exercises
1. Determining the risk value for resources
2. Estimating the probability of hazards occurring
3. Vulnerability identification
4. Identification of existing safeguards
5. Estimating consequences
6. Risk identification
7. Determining the risk acceptability threshold.
Requirements
Target Audience
- Individuals serving as Data Protection Officers
- Professionals seeking to expand their knowledge in this field
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
