Course Outline
Day 1
I. Selecting a Personal Data Protection Management Model?
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes.
II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of a Monitoring Officer
3. Key knowledge areas for the DPO
4. Sources for gaining knowledge
5. Qualifications to act as a Monitoring Officer
6. Employment status of the Supervisor
7. Professional development of the DPO
8. DPO tasks
III. Data Flows
1. What the DPO needs to know about data flows?
2. Capabilities required for a DPO
3. DPO tasks in this context.
IV. Preparing and Conducting an Audit
1. Preparatory activities for the audit
2. Audit plan – how to prepare?
3. Appointment and assignment of tasks to the audit team
4. Creation of working documents
5. Audit checklist
6. Case study: the course of the auditing process.
V. Assessing the Degree of Compliance
1. Key considerations:
2. Security of processing
3. Legal grounds for processing
4. Principle of consent
5. Principle of data minimization
6. Principle of transparency
7. Entrustment of processing
8. Transfer of data to third countries and international transfers.
VI. Audit Report
1. How to prepare an audit report?
2. Components of an Audit Report
3. Areas requiring special attention
4. Case study
5. Cooperation with employees – building employee awareness
6. How to verify the Data Controller warranty?
VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential documentation
4. Continuous monitoring
Day 2
VIII. Introduction to Risk Management
1. Organization of the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a DPIA
IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes
X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When is it obligatory to perform a DPIA and when is it not?
3. Necessary elements of the process
4. Inventory of processing activities
5. Identification of processing resources, particularly those with high risk
XI. Risk Analysis Exercises
1. Estimating the probability of a hazard occurring
2. Identification of vulnerabilities and existing security measures
3. Assessment of effectiveness
4. Estimating the consequences
5. Risk identification
6. Determination of the risk level
7. Determination of the risk acceptability threshold
XII. Asset Identification and Security Exercises
1. Determining the process risk value for the resource
2. Estimating the probability of the hazard occurring
3. Vulnerability identification
4. Identification of existing safeguards
5. Estimating the consequences
6. Risk identification
7. Determining the risk acceptability threshold
Requirements
Target Audience
- Individuals serving as Data Protection Officers
- Anyone interested in expanding their knowledge in this field
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
