GDPR Awareness

objectives

proficiency in the following fields:

  • Understanding the reasons behind the creation of this new regulation and the extents of its enforcing
  • Identifying the parties involved in personal data-processing and their responsibilities
  • Discussing key principles and conditions that determine the legal basis of data-processing
  • Describing the main regulatory aspects which affect organisations, the risks and the opportunities that subsequently arise
  • Identifying the missing steps to achieve compliance and build a culture of privacy awareness

test’s details

Type: Multiple choice questions
Number of questions: 20
Passing score: 10/20
Texts: not allowed
Allotted time: 20 minutes

contents

  • Introduction to the main principles and concepts of GDPR
    • Reasons behind the regulation and its entry into force
    • GDPR and the previous legislation D.Lgs. 196/2003
    • Field of application of the regulation
    • What does personal data-processing mean
    • The key roles in data protection
    • The six principles of the data protection
    • The six conditions that provide a legal basis for data-processing
  • Key aspects of GDPR – Agreement and rights of the data subject
    • Changes in the data subject’s rights
    • Privacy policy
    • Data subject’s rights granted by the GDPR
  • Accountability and Governance
  • The purpose of impact assessment on data protection and when it needs to be performed
  • Who is the DPO and when one must be appointed
  • The concepts of privacy by design and by default, technologies and methods that can help:
    • Anonymisation vs pseudonymisation;
    • Data transparency;
    • Data minimisation vs minimal access to data;
    • Planning around privacy principles;
    • A strong BYOD policy.
  • The need for record in order to prove that one is “accountable”:
    • Register of processing operations;
    • Data protection policies and procedures
  • Codes of conduct and certification schemes
  • DPO’s responsibilities
  • Actions required in the event of data breach
  • The impact of the regulation on international data transfers

partecipants

The course is meant for all company assets that, in one way or another, handle personal data:

  • Managers and Senior Managers
  • Team leaders
  • Project and program managers
  • Supervisors
  • Advisors
  • Employees at large, in the context of an internal awareness campaign

prerequisites

None.

duration: 1 day

back to training