Certified EU General Data Protection Regulation (EU GDPR) Foundation

• Educational Background: There are no specific educational requirements for this course. 

• Language Proficiency: Learners should have a good command of English, as all course materials, assessments, and discussions are conducted in English.  

• Interest in EU GDPR: This course is ideal for individuals with a keen interest in building foundational knowledge of the EU GDPR 

• Understanding GDPR Principles: Learners will gain a clear understanding of the fundamental principles of GDPR, including data protection, consent, and transparency. 

• Identifying Data Subject Rights: Learners will learn about the rights of individuals under GDPR, such as the right to access, rectification, and erasure of data. 

• Ensuring Data Protection Compliance: Learners will be equipped to implement GDPR requirements in their organisation, ensuring compliance with data processing and security standards. 

• Responding to Data Breaches: Learners will understand the process for identifying, reporting, and managing data breaches, including notifying authorities and affected individuals. 

This course is designed for professionals involved in data protection, privacy, and compliance roles, helping them ensure GDPR compliance and manage data protection responsibilities effectively.

• Data Protection Officers
• IT Security Professionals
• Legal Advisors
• Compliance Managers
• HR Managers
• Marketing Managers
• Risk Management Professionals

Module 1: Introduction to the GDPR 

• GDPR in a Nutshell
• Generate Customer Confidence
• Focus of GDPR
• What is Personal Information?
• Who has PII?
• Lawful Processing of Personal Data
   

Module 2: Binding Corporate Rules 

• Introduction
• Scope
• UK ICO’s View of the Scope
• Processing GDPR Definition
• Who Processes PII?
• What is Special Data?
• Legal Framework
• Timeline and Derogations
• Some Key Areas for Derogation
• Data Breaches/Personal Data Breach
• Consequences of Failure
• Governance Framework
   

Module 3: GDPR Terminology and Techniques 

• Key Roles
• Data Set
• Subject Access Request (SAR)
• Data Protection Impact Assessments (DPIA)
• What Triggers a Data Protection Impact Assessment?
• DPIA is Not Required
• Processes to be Considered for a DPIA
• Responsibilities
• DPIA Decision Path
• DPIA Content
• How Do I Conduct a DPIA?
• Signing Off the DPIA
• Mitigating Risks Identified by the DPIA
• Privacy by Design and Default
• External Transfers
• Profiling
• Pseudonymisation
• Principles, User Rights, and Obligations
• One Stop Shop
   

Module 4: Structure of the Regulation 

• Parts of the GDPR
• Format of the Articles
• Articles
   

Module 5: Principles and Rights 

• Introduction
• Legality Principle
• How the Permissions Work Together ?
• Lawfulness of Processing Conditions
• Lawfulness for Special Categories of Data
• Criminal Offence Data
• Consent
• Transparency Principle
• Fairness Principle
• Rights of Data Subjects
• Purpose Limitation Principle
• Minimisation Principle
• Accuracy Principle
• Storage Limitation Principle
• Integrity and Confidentiality Principle
• Accountability Principle
   

Module 6: Demonstrating Compliance 

• Demonstrating Compliance with the GDPR
• Impact of Compliance Failure
• Administrative Fines
• What Influences the Size of an Administrative Fine?
• Joint Controllers
• Processor Liability Under GDPR
• Demonstrating Compliance
• Protecting PII is Only Half the Job
• What must be Recorded?
• Additional Ways of Demonstrating Compliance
• Demonstrating a Robust Process
• PIMS (Personal Information Management System)
• Cyber Essentials
• ISO 27017 Code of Practice for Information Security Controls
• Risk Management
   

Module 7: Incident Response and Data Breaches 

• What is a Personal Data Breach?
• Notification Obligations
• What Breaches Do I Need to Notify the Relevant Supervisory Authority About?
• What Information Must Be Provided to the SA?
• How do I Report a Breach to the SA?
• Notifying Data Subjects
• What Should I do to Prepare for Breach Reporting?
• Updating Policies and Procedures
• Breach Reporting and Responses
• Ways to Minimise the Breach Impact
•  

Module 8: Understanding the Principle Roles

• What the GDPR Makes Businesses Responsible For?
• Difference Between a Data Controller and a Data Processor
• How the Roles Split?
• Controllers and Processors
• Main Obligations of Data Controllers
• Demonstrate Compliance
• Joint Controllers and EU Representative
• Controller-Processor Contract
• Maintain Records and Keeping Records for Small Businesses
• Cooperation with Supervisory Authorities
• Keeping PII Secure
• Data Breach Transparency
• Role of the Data Processor
• Controller-Processor Contract
• Main Obligations of the Processor
• Perform Only the Data Processing Defined by the Data Controller
• Update the Data Controller
• Sub-Process or Appointment
• Keep PII Confidential
• Maintaining Records
• Cooperate with Supervisory Authorities
• Security
• Appoint a DPO – If Necessary
• Transferring Data Outside the EU
   

Module 9: Role of the DPO

• Role of a Data Protection Officer
• Involvement of the DPO
• Main Responsibilities of the DPO
• Working Environment for the DPO
• Must We Have A DPO?
• Public Body
• What does Large Scale mean?
• Systematic Monitoring
• Who Can Perform the Role of DPO?
• Skills Required
• Monitoring Compliance
• Training and Awareness
• Data Protection Impact Assessments (DPIAs)
• Risk-Based Approach
• Business Support for the DPO
• DPO Independence
• DPO – Conflict of Interest
   

Module 10: UK Implementation

• Key Differences Between the Data Protection Act and the GDPR
• Highlights from the Data Protection Bill
• Definition of Controller
• Health, Social Work, Education, and Child Abuse
• Age of Consent
• Exemptions for Freedom of Expression
• Research and Statistics
• Archiving in the Public Interest
   

Module 11: Key Features

• Specific Permission
• Privacy by Design
• Data Portability
• Right to be Forgotten
• Definitive Consent
• Information in Clear Readable Language
• Limits on the Use of Profiling
• Everyone Follows the Same Law
• Adopting Techniques
   

Module 12: Subject Access Requests and How to Deal with them?

• Subject Access Requests (SAR)
• Dealing with SAR
• Recognise the Request
• Understand the Time Limitations
• Dealing with Fees and Excessive Requests
• Identify, Search, and Gather the Requested Data
• Learn about What Information to Withhold
• Developing and Sending a Response