What is the GDPR Foundation?
Introduction to EU-GDPR
The EU-General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) that came into effect on May 25, 2018. It aims to enhance individuals’ control over their data and unify data protection regulations across the EU. The EU-GDPR represents a significant shift in data protection regulation, emphasizing transparency, accountability, and the rights of individuals while placing stringent requirements on organizations handling personal data.
Training Objectives
The training program helps the learners understand the significant shift in the data protection landscape, emphasizing transparency, accountability, and the rights of individuals while placing stringent requirements on organizations handling personal data.
The training program emphasizes 4 aspects of the EU-GDPR;
1. The Key Principles.
- How must personal data be processed lawfully, fairly, and transparently?
- Why must data be collected for specified, explicit, and legitimate purposes?
- Why data collection should be adequate, relevant, and limited to what is necessary?
- How must personal data be accurate and kept up to date?
- What is the storage limitation of personal data?
2. Rights of Data Subjects
- The Right to be Informed
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restrict Processing
- The Right to Data Portability
- The Right to Object
- The Rights Related to Automated Decision-Making and Profiling
3. Obligations for Businesses and Organizations
- Why and how do organizations integrate data protection into their processing activities and business practices from the design stage and by default?
- How to conduct data protection impact assessments (DPIAs)?
- How to report data breaches to the relevant supervisory authority?
- What is the role of the data protection officer (DPO)?
- How to perform international data transfers?
4. Enforcement and Penalties
- Who is a supervisory authority & where to find them?
- What are the penalties for not complaining to EU-GDPR?
Training Program Contents
Module 1 – Fundamentals of Data Privacy
- Understanding Data Privacy
- Purpose of Data Privacy
- Why Does Data Privacy Matter
- Need for Data Privacy Regulation
- Privacy Regulation Worldwide
- Data Privacy Principles
- Data Privacy by Design & Default
Module 2 – GDPR Foundation
- Understanding GDPR
- The objectives of the GDPR
- Who are subject to GDPR?
- What type of data does GDPR address?
- How Does GDPR Affect other countries outside EU?
- What happens when companies fail to comply with GDPR?
- What are GDPR articles & recitals?
- Who does the GDPR apply to?
- What is personal data?
- What is special category of personal data?
Module 3 – GDPR critical Roles
- The Controllers & Processors
- The Data Protection Officer (DPO)
Module 4 – GDPR Principles
- The seven key principles of GDPR
- Lawfulness, Fairness & Transparency
- Purpose Limitation
- Data Minimization
- Data Accuracy
- Storage Limitation
- Integrity & Confidentiality
- Accountability
Module 5 – GDPR Individual Rights
- The eight Individual Rights of GDPR
- Right to be Informed
- Right of Access
- Right to Rectification
- Right to Erasure
- Right to Restrict processing
- Right to Portability
- Right to Object
- Rights in relation to Automated Decision making & Profiling
Module 6 – GDPR Consent
- What is Consent?
- Obtaining, Recording & Managing consent
Module 7 – Personal Data Breach & International Transfers
- What is Personal data breach?
- Reporting Personal data breach
- What are international transfers?
Module 8 – GDPR & BREXIT
- Relevance of GDPR & BREXIT
Module 9 – Operationalizing GDPR
- Identifying the Business Process
- Identifying data privacy champions
- Conducting data discovery (data mapping/data inventory)
- Categorizing Controllers & Processors
- Establishing the Record of Processing Activity (RoPA)
- Establishing data subject access request
- Conducting Data Protection Impact Assessment (DPIA)
