GDPR Awareness
objectives
proficiency in the following fields:
- Understanding the reasons behind the creation of this new regulation and the extents of its enforcing
- Identifying the parties involved in personal data-processing and their responsibilities
- Discussing key principles and conditions that determine the legal basis of data-processing
- Describing the main regulatory aspects which affect organisations, the risks and the opportunities that subsequently arise
- Identifying the missing steps to achieve compliance and build a culture of privacy awareness
test’s details
Type: Multiple choice questions
Number of questions: 20
Passing score: 10/20
Texts: not allowed
Allotted time: 20 minutes
contents
- Introduction to the main principles and concepts of GDPR
- Reasons behind the regulation and its entry into force
- GDPR and the previous legislation D.Lgs. 196/2003
- Field of application of the regulation
- What does personal data-processing mean
- The key roles in data protection
- The six principles of the data protection
- The six conditions that provide a legal basis for data-processing
- Key aspects of GDPR – Agreement and rights of the data subject
- Changes in the data subject’s rights
- Privacy policy
- Data subject’s rights granted by the GDPR
- Accountability and Governance
- The purpose of impact assessment on data protection and when it needs to be performed
- Who is the DPO and when one must be appointed
- The concepts of privacy by design and by default, technologies and methods that can help:
- Anonymisation vs pseudonymisation;
- Data transparency;
- Data minimisation vs minimal access to data;
- Planning around privacy principles;
- A strong BYOD policy.
- The need for record in order to prove that one is “accountable”:
- Register of processing operations;
- Data protection policies and procedures
- Codes of conduct and certification schemes
- DPO’s responsibilities
- Actions required in the event of data breach
- The impact of the regulation on international data transfers
partecipants
The course is meant for all company assets that, in one way or another, handle personal data:
- Managers and Senior Managers
- Team leaders
- Project and program managers
- Supervisors
- Advisors
- Employees at large, in the context of an internal awareness campaign
prerequisites
None.