ISO in the Sun: PECB EU General Data Protection Regulation (GDPR) Data Protection Officer

This five-day course provides an overview to the requirements of the GDPR in force and applicable since 25th May 2018, and how to implement the same in an organization dealing with data subjects in the European Union.

Overview:

This five-day course enables participants to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regard to the protection of personal data.

By mastering all the necessary concepts of EU General Data Protection Regulation (GDPR), participants will gain a thorough understanding of the gap between the GDPR and the current organizational processes including privacy policies, procedures, working instructions, consent forms, data protection impact assessments, in order to assist organisations in the adoption process to the new regulation.

The course consists of a mix of presentation, discussion and exercises based on real-world examples.

Outline:

Introduction to GDPR Essentials

• Fundamental Principles of the GDPR
• Initiating the GDPR Implementation
• Understanding the Organization
• Clarifying the Data Protection Objectives
• Analysis of the Existing System

Planning the Implementation of the GDPR

• Leadership and Project Approval
• Data Protection Policy
• Definition of the Organizational Structure
• Data Classification
• Risk Assessment under the GDPR

Deploying the GDPR

• Privacy Impact Assessment (PIA)
• Design of Security Controls and Drafting of Specific Policies
• Implementation of Controls
• Definition of the Document Management Process
• Communication, Training and Awareness Plan

Monitoring and Improving the GDPR compliance

• Operations and Incident Management
• Monitoring, Measurement, Analysis and Evaluation
• Internal Audit
• Data Breaches and Corrective Actions
• Continual Improvement

Objectives:

Completion of this course will enable students to

• Gain a comprehensive understanding of the concepts and approaches of the GDPR
• Understand the new requirements that the GDPR brings for EU and non-EU organisations and when it is necessary to implement them
• Manage a team implementing the GDPR
• Gain the knowledge and skills required to advise organisations how to manage personal data

Audience:

This course is aimed at students with (future) roles like

• Project managers, consultants, advisors and team members implementing the GDPR
• Data Protection Officers and senior managers responsible for the personal data protection
• Members of information security, incident management and business continuity teams

Prerequisites:

General understanding of common business processes.

Some past exposure to data protection helpful, but not required.

Examination and Certification:

The course includes access to PECB's three-hour exam available in multiple languages to be taken online on the last day or any time after the course (own laptop required). Exam and first year certification fees are included in the course fees.

This course is designed by PECB in Canada, who also mark the exam and issue respective certifications as per their criteria. PECB is a personnel certification body, accredited to ISO/IEC 17024:2012 by IAS. See www.pecb.com for full details.