Course Outline
Day I
I. Selecting a Personal Data Protection Management Model
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes.
II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of an Inspector
3. Essential knowledge required for the DPO
4. Resources for gaining knowledge
5. Qualifications to act as an Inspector
6. Forms of employment for the Supervisor
7. Professional development for the DPO
8. DPO tasks
III. Dataflows
1. What the DPO needs to know about data flows
2. Capabilities expected of a DPO
3. DPO tasks in this context.
IV. Preparing and Conducting an Audit
1. Pre-audit preparatory activities
2. Developing an audit plan
3. Assigning tasks to the audit team
4. Creating working documents
5. Audit checklist
6. Case study: The auditing process course.
V. Assessing the Degree of Compliance
1. Key considerations:
2. Processing security
3. Legal grounds for processing
4. Principle of consent
5. Principle of data minimization
6. Principle of transparency
7. Entrustment of processing
8. Transferring data to third countries and international transfers.
VI. Audit Report
1. Preparing an audit report
2. Audit Report contents
3. Key areas of attention
4. Case study
5. Employee cooperation – building awareness
6. Verifying CPU warranty.
VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential, minimal documentation
4. Continuous monitoring
Day II
VIII. Introduction to Risk Management
1. Organizing the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a DPIA
IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes
X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When a DPIA is obligatory vs. when it is not
3. Necessary elements of the process
4. Inventory of processing activities
5. Identification of processing resources, particularly those with high risk
XI. Risk Analysis Exercises
1. Estimating the probability of hazard occurrence
2. Identifying vulnerabilities and existing security measures
3. Identifying effectiveness
4. Estimating consequences
5. Risk identification
6. Determining the risk level
7. Determining the risk acceptability threshold
XII. Asset Identification and Security Exercises
1. Determining the process risk value for the resource
2. Estimating the probability of hazard occurrence
3. Vulnerability identification
4. Identification of existing safeguards
5. Estimating consequences
6. Risk identification
7. Determining the risk acceptability threshold
Requirements
Target Audience
- Individuals serving as Data Protection Officers
- Anyone interested in expanding their knowledge in this field
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
