- September 13, 2017
9:00 am - 6:00 pm
Data Protection Officer – Preparing for the GDPR
Pre-requisites; The course is offered to nominated DPO’s.
The objective is to provide an overview of the new General DP Regulation, and to offer pragmatic suggestions on how to prepare for compliance with the new legislation.
Candidates are typically nominated DPO’s for their own organisations, and are already familiar with the challenges of implementing compliant data management solutions under the 1995 Data Protection Directive.
Co-Requisite Topics Candidates should also have a good understanding of their own organisation’s data processing activities, through the life cycle from initial acquisition, through the various areas of processing and usage, to eventual removal or destruction.
Number of days 1
Subject Aims To provide the candidate with the basic overview of new General Data Protection Regulation and to outline pragmatic suggestions on organisational, technological and procedural solutions to ensure compliance under the new Regulation.
Learning Outcomes; On completion of this module, Candidates will
Overview of Regulation
L1.1 Review the core principals of the General Data Protection Regulation (GDPR)
L1.2 Understand newly-defined terms and concepts relevant to the DPO
Role and responsibilities
L2.1 Understand the tasks set out for the DPO
L2.2 Understand the practical implications of the Principles and Rights contained within the Regulation
L2.3 Understand the obligations for the Data Controller and Processor under the Regulation
L3.1 Consider the requirement regarding Privacy Impact Assessments
L3.2 Third-party Contracts and shared liability
L3.3 Logging of data management processes
L3.4 Data Breach Notification obligations
L3.5 Restrictions regarding overseas transfer of personal data
L4.1 Preparing for the ‘Right to be Forgotten’
L4.2 Implementing ability to enable restriction of processing
L4.3 Enabling the Data Subject to object to certain processing
L4.4 Implement processes to amend or erase inaccurate data
L4.5 Preparing to enable data portability
L4.6 Enabling the Data subject’s right to access their personal data
L4.7 Review of automated decision-making and profiling
L5.1 Prepare templates for Data Management Logs
L5.2 Embedding Breach Notifications procedures
L5.3 Review of data management policies and procedures
L6.1 Planning for implementation of GDPR
L6.2 Nomination of Data Protection ‘Champions’
L6.3 Staff training and awareness
L6.4 Adoption of appropriate Codes of Conduct, Certification
L6.5 Consideration of suitable tools and systems
L6.6 Available support mechanisms
Assessment Criteria There is no exam accompanying this module.
The trainer will follow up with Candidates in the weeks following the course to ensure that they are comfortable with the requirements of the Regulation
Required Reading will be circulated to candidates on registration for the course
Course Material DPO Document templates – these will be issued on the day of the course
The Slide Deck – these will be handed out to each candidate following the course
Supplementary Reading General Data Protection Regulation – final published draft 2016
Article 29 Working Party definitions (Personal Data, Data Controller)
Article 29 Working Party guidance on GDPR (various)
Supervisory Authority guidance on preparing for GDPR (various)