GDPR Action & Implementation eLearning - $188

Learning Objectives

 Welcome
 What is Privacy?
 A Brief History of Privacy and the Law
 The Data Protection Directive

Learning Objectives

 Advances in Technology
 Shortcomings in the DPD
 The DPD vs the GDPR

Learning Objectives

 Privacy as a Fundamental Right
 Important Dates
 The Regulation
 The Scope
 The Liabilities and Penalties

Learning Objectives

 Personal Data
 An Evolving Definition
 Special Categories of Data
 Lawful Processing

Learning Objectives

 The Roles
 Data Subjects
 Data Controller
 Data Processor
 Data Protection Officer (DPO)

Learning Objectives

 GDPR Principles
 Principle One: Processed Lawfully, Fairly and Transparently
 Principle Two: Collected for Specified, Explicit and Legitimate Purposes
 Principle Three: Adequate, Relevant and limited to what is Necessary for Processing
 Principle Four: Accurate and Kept Up-to-date
 Principle Five: Kept in a Form that Allows the Identification of Data Subjects only as Long as Necessary
 Principle Six: Processed in a Manner that Ensures its Security
 Accountability

Learning Objectives

 The Data Subject’s Rights
 The Right to Information
 The Right to Access
 The Right to Rectification
 The Right to Erasure
 The Right to Restrict Processing

Learning Objectives

 The Legal Bases
 Consent
 Contractual Necessity
 Legal Obligations
 Vital Interest
 Public Interest
 Legitimate Interest

Learning Objectives

 Privacy Notice Rules under the GDPR
 Privacy Notices - Why?
 Privacy Notices - What?
 Privacy Notices - Where?
 Privacy Notices - When?
 Privacy Notices - How?

Learning Objectives

 Privacy by Design
 The Data Protection Impact Assessment (DPIA) – An Overview
 What does a Data Protection Impact Assessment (DPIA) Address?
 When is a DPIA Mandatory?
 How to Carry Out a DPIA
 DPIA Methodology

Learning Objectives

 Data Breaches and Notification
 What is a Personal Data Breach?
 When to Notify
 Practical Steps
 Communicating to Data Subjects
 Accountability and Record Keeping

Learning Objectives

 Subject Access Requests (SARs)
 What is a Subject Access Request?
 Key Changes to SARs under the GDPR
 SARs: the Implications for your Business

Learning Objectives

 Your First Steps
 Awareness
 Information you Hold
 Communicating Privacy Information
 Data Subject’s Rights
 Subject Access Requests
 Lawful Basis for Processing Personal Data
 Consent
 Vulnerable Data Subjects and Children
 Data Breaches
 Privacy by Design and Data Protection Impact Assessments (DPIAs)
 Data Protection Officers (DPOs)
 International Aspects

'GDPR' stands for 'General Data Protection Regulation'.

'GDPR' stands for the 'General Data Protection Regulation'. It is an EU regulation that addresses the transfer and storage of data in and outside the European Union and the European Economic Area.

The GDPR applies to any organization in or outside the EU that stores or transfers data from within the EU. It also applies to individuals, unless they utilize data solely for 'domestic or personal activity'.

In short, any business from a self-employed trader to an international conglomerate can find GDPR applies to them.

With the GDPR applying to all organizations which utilize EU data, qualified data protection officers are in extremely high demand. According to Glassdoor, data protection officers in the UK can earn between £29,000 and over £89,000, while in the US they can earn up to $150,000 according to Medium.

The fines for failing to be GDPR compliant depend on which articles are breached. The first choice is up to €10 million, or 2% annual global turnover, while the second is up to €20 million, or 4% annual global turnover. In both cases, the fee will be whichever option is higher.

The GDPR is important in two respects: firstly, it protects the data rights of EU citizens. Secondly, it clarifies exactly what steps organizations are required to take in order to safeguard these rights and minimize the possibility of data breaches.

The GDPR works by clarifying what organizations must do in order to protect customer data, setting strict standards for accountability and compliance. It also imposes harsh fines on businesses which fail to take the necessary steps.

All organizations which work with data from EU citizens can benefit from studying the GDPR. GDPR training can also offer help data protection officers and IT managers to take on more responsibilities and earn higher-paying roles.

The GDPR is highly compatible with COBIT 2019, a framework dedicated to aligning business and IT goals. It can also be complemented by frameworks like ITIL 4, which prioritize compliance.