Personal Data Protection Officer - Basic Level Training Course

Fundamental Principles of Personal Data Processing

• Origins of national and international legal frameworks.
• Scope of application for personal data protection laws.
• Authority powers of data protection supervisory bodies.
• Judicial recourse for the right to personal data protection.
• GDPR - Key information, definitions, and selected topics.
• Sector-specific GDPR applications.
• Definition and classification of personal data.
• Processes involved in data processing.
• Legal grounds for processing personal data.
• Obligations of the Data Controller.
• Rights of data subjects.
• Administrative fines and penalties.
• The Personal Data Protection Act of 10 May 2018 – Regulatory scope.
• Appointment procedures for a Data Protection Officer.
• Legal proceedings for violations of personal data protection laws.
• Monitoring compliance with personal data protection regulations.
• Civil, criminal, and administrative liability.
• Conditions for lawful processing of personal data (standard and sensitive categories).
• Legal requirements for entrusting data processing to third parties.
• Data Protection Impact Assessment (DPIA).
• Data protection by design and by default.
• Legal grounds for transferring personal data to third countries.
• Personal data protection in the context of employment relationships.

Appointing a Data Protection Officer

• Mandatory appointment requirements for a Data Protection Officer.
• Optional appointment of a Data Protection Inspector.

Eligibility for the Data Protection Officer Role

• Qualifications required to serve as an Inspector.
• Employment status options for the Inspector.

Status and Independence of the Data Protection Officer

• Direct reporting lines from the Inspector to senior management.
• Ensuring adequate resources and support for the Supervisor.
• Inspector involvement in all matters concerning personal data protection.
• Prohibition on instructing the Supervisor regarding the execution of duties.
• Avoiding conflicts of interest within the organization – Supervisor's responsibilities.
• Protection against dismissal and punitive measures for the Inspector.
• The Inspector's duty to maintain confidentiality regarding performed tasks.

Information Security Management

• Analysis of organizational security management systems, referencing Polish standards.
• Identification of privacy risks and their legal implications.
• Principles of risk assessment and evaluating the impact of specific solutions on safety management effectiveness.
• Understanding and applying a risk-based approach – practical completion of a Risk Analysis template.
• Management of the Personal Data Lifecycle.

Executing Data Protection Officer (DPO) Duties

• Legal basis for DPO appointment.
• Criteria for who and when a DPO must be appointed, and the appointment process.
• DPO status and necessary qualifications.
• DPO responsibilities and rules for planning their execution.
• Conducting reports on data processing compliance within traditional and IT systems.
• Documentation of DPO activities.
• Preparation of inspection reports.
• Rules for supervising documentation of personal data processing.
• Scope of UODO’s powers regarding DPOs.

Practical Guidance on Office for Personal Data Protection Inspections

• Requirements for auditees during inspections.
• Strategies for preparing for an inspection.
• Case study analysis.

Practical Workshops

• Developing an exemplary Information Security Policy.
• Drafting management directives.
• Creating a Register of Processing Activities.
• Preparing the "Small Personal Data Protection Documentation" package.
• Case study exercises.
• Reviewing common documentation errors.

Additional Course Materials:

Useful Forms and Templates:

• Consent for image use and dissemination.
• Event newsletter registration form.
• Consent to receive offers.
• Template for sending offer-related emails.
• Template for general correspondence.
• Example personal data protection policy.
• Template for preparing information obligations in accordance with GDPR, including instructions.
• Risk analysis template.
• Register of personal data processing activities – template.
• Register of processing activity categories – template.
• GDPR Breach Register – Template.
• GDPR Compliance Checklist Template.
• Procedures for handling personal data protection breaches.
• Data Protection Breach Report Template.
• Register of security incidents and corrective/preventive actions.
• Register of corrigenda (corrections).
• Register of restorations.
• Model corrigendum document.
• Restoration pattern/example.
• Model objection form.
• Model contract excluding further processing of personal data.
• Sample consents for competitions, marketing, and publications.
• Information obligation for ferry crossings.
• Information obligation for meeting monitoring.
• Information obligation for recruitment processes.
• Information obligation for the National Revenue Administration.
• Information obligation for LES entities.
• Public Procurement Law (UCoC) information obligation.
• Information obligation under the Labour Code.
• Tax information obligation.
• Authorization for employee personal data processing: a template with examples.
• Notification of breach to data subjects – template.
• Personal Data Processing Agreement for the Controller – template.
• Personal Data Processing Agreement for the Processor.
• And many more resources.