General Data Protection Regulation (GDPR) Implementation
The General Data Protection Regulation (GDPR) 2016/679 is aimed at unifying data protection regulation. Its scope is broad reaching and impactful, bringing an up-to-date approach to data protection and encompassing modern technology and societal expectations. The GDPR expands the rights of individuals (data subjects) to control how their personal data is collected and processed, and places a range of new obligations on organizations to be more accountable for data protection.
The GDPR imposes a number of mandatory requirements on organizations to establish practical policies and processes in order to deliver compliant services to internal and external data subjects. And that’s where this course can help.
By attending this two-day course you’ll understand how to implement the requirements of the GDPR into your organization, with a focus on those requirements which can be particularly challenging.
You’ll get practical guidance on integrating requirements into current practices where appropriate as well as learn ways to ensure that suitable levels of protection are applied to fulfil compliance requirements, which can often reduce costs. You’ll learn what evidence and reporting is required by the regulation, as well as how to align this with your existing governance processes to ensure that GDPR compliance is maintained as part of business as usual.
For both controllers and processors of personal data, this course is relevant to your organization whether they are yet to start or in the process of implementing policies and processes to meet the GDPR requirements
Who should attend?
- Data protection officers, managers or leads, information security managers, project managers, corporate governance managers or similar roles who:
- Require an understanding of data protection and the GDPR to fulfil their role
- Want to understand how the GDPR may be implemented from a practical perspective
- Wishes to understand how to leverage the benefits and address the challenges of complying with the GDPR.
The course is applicable to representatives from any size or type of organization who are involved in the planning or implementation of a data protection compliance programme. The course is equally applicable to controller and processor organizations.
The mandatory prerequisite for attending this course is the BSI General Data Protection Regulation (GDPR) Foundation training course.
What will I learn?
You will learn how to:
- Create accountability
- Conduct a gap analysis
- Compile a data inventory
- Conduct a data mapping exercise
- Determine the legal basis for processing
- Plan and conduct a data protection impact assessment (DPIA) / risk assessment
- Carry out a privacy notice review and update
- Respond to subject access requests (SARs)
- Manage data breaches (including reporting and communication)
- Transfer personal data to third countries or international organizations
- Manage the controller / processor relationships, including joint controller arrangements
- Develop training and awareness programmes
- Maintain a GDPR compliant management approach.
How will I benefit?
This course will help you:
- Understand how to establish a GDPR compliance programme
- Understand how to practically meet the requirements of the GDPR
- Understand the approach to determining personal data and the relevant obligations of controllers and processors
- Understand the importance of determining the legal basis for processing personal information
- Understand how to adopt a risk-based approach to data protection
- Understand how the implementation of a GDPR compliance programme impacts the whole organization
- Demonstrate to data subjects (customers, staff), regulators and other stakeholders that you have a GDPR compliant approach to data protection
- Understand the benefits of adopting a recognised technical and organisational framework to support compliance.
This course will help you understand how your organization can implement processes and practices to ensure ongoing compliance to the requirements of the GDPR.