Certified EU General Data Protection Regulation (EU GDPR) Practitioner - Kyrgyzstan

Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course Outline

Module 1: Data Subject Rights

• Must I Always Obey a Right?
• Rights and Third Parties
• Requests Made on Behalf of Other Data Subjects
• Guidelines for Children's Maturity
• Responding to a Rights Request
• What is a Month?
• Rights Request Flow Chart
• Right to be Informed
  • When Should Information Be Provided?
  • Best Practice Guidance
• Right of Access
• Right to Rectification
• Right to Erasure
  • When can I Refuse to Comply with a Request for Erasure?
  • Erasing Children's Data
• Right to Restrict Processing
  • When Processing Should be Restricted?
  • Protecting PII
  • Other Issues about Restricting Processing
• Right to Data Portability
• Right to Object
  • Complying with the Right to Object
  • Rejecting the Right to Object
  • Processing for Direct Marketing Purposes
  • Processing for Research Purposes
• Rights Related to Automated Decision Making and Profiling
  • When does the Right not apply?

Module 2: Subject Access Requests

• Provenance
• Overview: SARs
• SAR is an Activity, Not a Title
• How can a SAR be Submitted?
• What Information Should the Response to a SAR Contain?
• Additional Information
• Replying to a SAR
• Confirming a Data Subject’s Identity
• Scope
• Electronic Records
• Non-Electronic Records
• SARs Involving 3rd Party PII
• Fees
• Refusing a Subject Access Request
• Access Requests from Employees
• Credit Reference Agencies
• Best Practice for SARs

Module 3: Lawful Processing

• Lawful Processing: A Reminder
• User Rights Change Depending on the Justification
• Lawfulness of Processing Conditions
• Lawfulness for Special Categories of Data
• UK ICO Tool
• Consent
• Key Points About Consent
• Affirmative Action and Explicit Consent
• Introduction of Affirmative Action
• What is Not Affirmative Action?
• Examples of Affirmative Action from the ICO
• Introduction of Explicit Consent
• Explicit Statement
• Obtaining Explicit Consent
• ICOs View of a Poor Form of Explicit Consent
• Obtaining Consent for Scientific Research Purposes
• Getting Consent
• What Should Go into the Consent Request?
• Consent Granularity
• Right to Withdraw Consent
• Children
• Consent Records
• ICOs Examples of Record Keeping
• Key Points When Establishing Consent
• Legitimate Interests
• Getting the Balance Right
• Consent or Legitimate Interest?
• What Lawful Basis Can be Used for Processing Marketing PII?

Module 4: Third Country Data

• Cross Border Transfers
• Transfer Mechanisms
• Derogations
• Adequacy
• Adequate Ways to Safeguard Transfers of PII
• Consent
• One-Off or Infrequent Transfers
• Who is Responsible?
• Transferring PII Between EEA Members
• Adequate Countries Outside of the EEA
• Binding Corporate Rules (BCR)
• What a BCR Must Cover?
• Authorisation for BCRs
• EU-US Privacy Shield
• Privacy Shield Overview
• Privacy Shield: Mechanics
• Model Clauses
• Public Authority Agreements

Module 5: Introduction to Protecting Personal Data

• Need to Secure
• What is Appropriate?
• Protecting PII – 3 Key Areas
• Coverage
• Defensive Design
• Single Point of Failure (SPOF)
• Incident Response
• Data Breach Reporting Requirements
• Incident Response Team

Module 6: Data Protection Impact Assessments (DPIA)

• Introduction
• What Triggers a Data Protection Impact Assessment?
• Cases Where DPIA is Not Required
• Benefits of DPIA
• Processes to be Considered for a DPIA
• Responsibilities
• DPIA Decision Path
• DPIA Content
• How Do I Conduct A DPIA?
• Signing Off the DPIA
• Mitigating Risks Identified by the DPIA

Module 7: Need Want Drop

• Overview
• Need-Want-Drop: Concept Diagram
• Need-Want-Drop: Categorising Data
• Need/Want/Drop Methodology

Module 8: Dealing with Third Parties and Data in the Cloud

• What is Cloud Computing?
• Myths of Cloud
• Cloud Challenges
• Controller-Processor Contract
• Checklist
• Data Controller - Summary

Module 9: Practical Implications: GDPR

• Brexit and its Impact on the GDPR
• Adequacy
• What does this Mean in Practice?
• EU and UK Representatives
• Exemption Rule
• One-Stop Shop

Module 10: Legal Requirements of the GDPR

• Lawful, Fair, and Transparent Processing
• Limitation of Purpose, Data and Storage
• Data Subject Rights
• Consent
• Personal Data Breaches
• Privacy by Design
• Data Protection Impact Assessment
• Data Transfers
• Data Protection Officer
• Awareness and Training

Module 11: Privacy Principles in GDPR

• Lawfulness, Fairness, and Transparency
• Purpose Limitation
• Data Minimisation
• Accuracy
• Storage Limitation
• Integrity and Confidentiality

Module 12: Common Data Security Failures, Consequences, and Lessons to be Learnt

• Common Data Security Failures
• Consequences
  • Fines Relating to Data Breaches
  • Litigation from Customers Relating to Data Breaches
  • Directors, Officers, and Professional Advisors
  • Reputational Damage
• Lesson Learned
  • Knowing When and How to Communicate with Affected Individuals is Not Easy
  • GDPR is Important, as are Other Legal Frameworks

Who should attend this Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course?

The Certified EU GDPR Practitioner Course goes a step beyond the foundational principles provided in the GDPR Foundation course. It is designed to give professionals a more detailed insight into the GDPR. This GDPR Training can be beneficial to a variety of professionals, including:

• Data Protection Officers
• IT Security Managers
• Legal Counsel & Compliance Lawyers
• Senior HR Managers
• Risk and Compliance Managers
• Chief Information Officers (CIOs)
• Digital Marketing Directors
• Database and System Administrators

Prerequisites of the Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course

There are no formal prerequisites required for the Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course.

Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course Overview

The EU General Data Protection Regulation (GDPR) represents a comprehensive set of laws that oversee the handling of personal data within the European Union. It is crucial to establish technical and organisational safeguards to safeguard data. Pursuing this GDPR Training equips individuals with the expertise and capabilities necessary to ensure that their organisations adhere to GDPR regulations. This GDPR Training also enables learners to grasp the significance of assessing GDPR compliance and making adjustments to maintain ongoing adherence. Undertaking this training empowers individuals with the essential skills and methods to improve their professional prospects and ultimately boost their income as well.

The EU GDPR Practitioner Course is designed for individuals seeking a deeper and practical understanding of the General Data Protection Regulation (GDPR) within the European Union context. This advanced course delves into the intricacies of GDPR implementation, compliance strategies, and how to effectively manage data protection within an organisation. Participants learn to conduct Data Protection Impact Assessments (DPIAs), manage data breaches, and develop and maintain GDPR-compliant policies and procedures.

In this two-day EU GDPR Training for practitioners, participants will acquire an in-depth understanding of managing personal data within the European Union. Throughout the course, attendees will be equipped to stay current with evolving GDPR standards, adjusting policies and procedures as necessary. Furthermore, they will gain proficiency in GDPR and the competencies essential for ensuring adherence within their respective organisations. This training will be led by our  experienced and highly professional trainers , boasting years of teaching expertise.

Course Objectives

• To understand the rights of data subjects and how to handle their requests
• To learn how to conduct a Data Protection Impact Assessment (DPIA)
• To develop and implement effective data protection policies and procedures
• To know the importance of continuous improvement in GDPR compliance
• To gain knowledge of how to handle data subject requests and complaints
• To provide a clear explanation of why and how you are processing AI

At the end of this GDPR Training, delegates will be able to develop and implement effective data protection policies. They will also be able to identify and assess the risks associated with the processing of personal data.

What’s included in this Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course?

• Certified EU General Data Protection Regulation (EU GDPR) Practitioner Examination
• World-Class Training Sessions from Experienced Instructors
• Certified EU General Data Protection Regulation (EU GDPR) Practitioner Certificate
• Digital Delegate Pack

EU GDPR Practitioner Exam Information

To achieve the Certified EU General Data Protection Regulation (EU GDPR) Practitioner, candidates will need to sit for an examination. The exam format is as follows: 

• Question Type: Multiple Choice 
• Total Questions: 30 
• Total Marks: 30 Marks 
• Pass Mark: 57%, or 17/30 Marks 
• Duration: 90 Minutes
• Open Book/ Closed Book: Closed Book