The GDPR requires a DPO to have expert knowledge of data protection law and practices and the ability to fulfil the article 39 tasks.In this four day course CRANIUM prepares you for the DPO role. The first two days you will become acquainted with the GDPR and other laws that are essential on a European level. The last two days focus on applying these in practice. Every day is full of exercises, real life examples, group discussion and sample exam questions.
€ 1.850 (excl. VAT)
Anyone taking on any of the following functions:
- Compliance Officer
- Head of legal
- Privacy Officer
As we start with a comprehensive overview of GDPR, no prior knowledge on privacy is required. Experience in data protection legislation and/or ICT is a plus.
Day 1 and 2:
- Introduction into the privacy legislation and historical background
- Current national legislations vs. the GDPR to come
- Exploring the different types of personal data:
- Personal data and “sensitive” data Anonymised personal data vs. pseudonymised personal data
- Defining and qualifying the three main actors in data protection: controller, processor and data subject
- How to qualify?
- What is a joint controller?
- What is their respective role?
- How to process data lawfully? What are the legal grounds to process data? The other basic principles explained
- What is new in the GDPR?
- Overview of the different data subject rights
- The need for a register, a DPO and a Data Protection Impact Assessment
- Data breaches: how to define and what to do? A word on codes of conduct and certifi cations
- The role of the national data protection authority and the supervisory authority
- International transfer of data
Day 3 and 4:
- Your DPO role: DPO in GDPR, privacy management, awareness and training
- The privacy principles applied: lawfullness, fairness, transparancy, purpose-limitation, data-minimisation, accuracy, storage limitation, integrity and confidentiality
- Building the register including examples of common operations Formalities: notice, consent, data subject rights, data processor agreement ISO 27000 applied to the processing of personal data
- Privacy by Design and by Default, Data Protection Impact Assessment
- Compliancy: certification, infinite data protection, code of conduct
- Data breaches: from definition to daily management
After actively attending day 1-4, trainees can take the online exam within 2 months after the course.
TRAINER: Bavo Van den Heuvel
Bavo Van den Heuvel is commercial engineer and is recognised as a true specialist in applied privacy and IT-security. He is FIP, CIPP/E, CIPM, CIPP/IT certified and ISO27001 Lead and Forensic Computer Auditor.
He became Certified European Privacy Expert for Technical and Legal evaluations of Products and Services (CEPE TL PS) at EuroPrise in 2018 and is ready for future GDPR certification audits. Translating the data protection needs between legal/business and IT-(security) people is his daily challenge!