GDPR Advanced Training Course

Data privacy impact assessment

• What this is and why you need to do this
• Examining existing data
• The role of the DPO and do you need one.
• Key legislation
• Risk management framework
• Data mapping
• Dealing with cloud providers
• Demonstrating compliance
• Developing data collection policies and procedures
• Developing permission policies and procedures.
• Developing data loss prevention and data breach strategies and management programs
• How to proceed and how to address individuals’ requests and complaints
• Employees’ training and awareness program
• Anonymizing and pseudo-anonymizing data

Maintenance

• Data inventory and data transfer mechanism
• Track legislation changes etc.
• Monitor data handling practices
• Internal audits and assessments – also ad-hoc in case of an event
• Documentations, certifications, accreditations etc.

Security risks

• Look at existing security measures
• Integrate the new GDPR with security measures (intrusion detection, firewalls)
• Maintain human resources security (pre-screening, referencing paper-based files)
• Implement data protection into information security policy
• Establish data loss prevention strategy
• Conduct regular tests

Data Breach management program

• What to do if you have a data breach
• Create a data privacy incident / breach response plan

• Maintain a log of incidents
• Create a policy for a data breach
• Appoint a forensic investigation team.