Course Outline
Day 1
I. Selecting a Personal Data Protection Management Model
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes
II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of an Inspector
3. Essential knowledge for the DPO
4. Sources for gaining knowledge
5. Qualifications to act as an Inspector
6. Employment forms for the Supervisor
7. Professional development for the DPO
8. DPO tasks
III. Data Flows
1. Key knowledge for the DPO regarding data flows
2. Expected competencies for a DPO
3. DPO tasks in this context
IV. Preparing and Conducting an Audit
1. Pre-audit activities
2. Preparing the audit plan
3. Appointing the audit team and assigning tasks
4. Creating working documents
5. Audit checklist
6. Case study: The auditing process
V. Assessing Compliance Levels
1. Key considerations:
2. Processing security
3. Legal grounds for processing
4. Principle of consent
5. Principle of data minimization
6. Principle of transparency
7. Entrustment of processing
8. Transferring data to third countries and international transfers
VI. Audit Reporting
1. Preparing an audit report
2. Audit report components
3. Key areas of focus
4. Case study
5. Employee cooperation – building awareness
6. Verifying CPU warranty
VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential documentation
4. Continuous monitoring
Day 2
VIII. Introduction to Risk Management
1. Organizing the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a DPIA
IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes
X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When a DPIA is obligatory versus optional
3. Necessary elements of the process
4. Inventory of processing activities
5. Identification of processing resources, particularly those with high risk
XI. Risk Analysis Exercises
1. Estimating the probability of a hazard occurring
2. Identifying vulnerabilities and existing security measures
3. Evaluating effectiveness
4. Estimating consequences
5. Risk identification
6. Determining the risk level
7. Establishing the risk acceptability threshold
XII. Asset Identification and Security Exercises
1. Determining the risk value for resources
2. Estimating the probability of hazards
3. Vulnerability identification
4. Identifying existing safeguards
5. Estimating consequences
6. Risk identification
7. Determining the risk acceptability threshold
Requirements
Target Audience
- Individuals serving as the Data Protection Officer
- Professionals interested in expanding their knowledge in this field
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
