Home/Training courses/GDPR Data Privacy Professional (GDPR DPP)

GDPR Data Privacy Professional

Intensive data protection course GDPR DPP (GDPR Data Privacy Professional).

5 days of training from 9:00-16:00

Open and corporate formats

Online, Minsk, Moscow, Kiev

English, Russian

Why should I choose this training?

1. The regular GDPR course, which has endured the test of time and is still relevant to clients' needs.

2. GDPR Data Privacy Professional is a recognizable and recognized brand in the world.

3. More than a 100 graduates of the course have become DPOs and work in Russia, Belarus, Ukraine, Moldova, the UK, Germany, Lithuania, Latvia, Estonia and Cyprus.

4. The author and trainer of the course Siarhei Varankevich is a Certified Information Privacy Professional/Europe (CIPP/E ), Certified Information Privacy Manager (CIPM), and IAPP Fellow of Information Privacy (FIP).

5. Siarhei dealt with the GDPR in Germany and then, after returning to the Eastern Europe, with his team led more than 50 companies to comply with the GDPR. Therefore, our course is based on practice.

6. In addition to cases, Siarhei actively uses diagrams, flowcharts, practical exercises in mini-groups and simple metaphors.

7. You don't need to have a legal or technical background!

Course partner

National Research University Higher School of Economics (NRU HSE) is one of the largest universities in Russia.

Description

Your European partner asked “Are you GDPR compliant?”
You suspect that you may violate the Regulation, and face a 20 million fine, but you are not sure?
You want to make sure to take the right steps in data protection?
Your app faces removal from the Google Play Market or the App Store?
You received a request to delete data?

These and other situations are a sign that it is time to take the GDPR seriously, but here is the problem. You started reading the Regulation, and nothing is clear. So many articles and recitals written in a complex language. So you do not know where to start, and you do not know exactly what to do in your organization. In addition, you do not have 2-3 years to understand all the nuances of the Regulation, explanations of numerous supervisory bodies, and judicial precedents.

Our course will help you:

Get answers to all these and many other questions;
Save years of self-study;
Start navigating the Regulation, and understanding the whole system;
Understand what specific measures need to be done in your organization;
Take the first steps in a new profession - Data Privacy Professional!

Hide

Take the introductory lesson now!

Through the introductory lesson, you will be able to meet the trainer, learn how the training will take place and understand if the GDPR Data Privacy Professional course is right for you.

For which companies?

First of all, the following companies must comply with the GDPR:

Apps and cloud solutions;
Outsourcing companies in IT;
E-shops;
Social networks;
Banks;
Medical and pharmaceutical companies;
Event agencies;
Apps and cloud solutions;
Outsourcing companies in IT.

For whom?

Information security, business continuity and risk-management professionals who need to carry out their tasks in accordance with Articles 32 and 35 of the GDPR, e.g. implementing encryption, pseudonymization, or incident management.
Lawyers and Compliance Officers who need to choose a lawful basis for data processing according to Article 6 of the GDPR, determine terms of storage (Article 5), joint controllers and processors using a Data Processing Agreement (Articles 26 and 28), write a privacy policy (Articles 13 and 14), initiate transfers of personal data (Articles 44 and 46).
Business owners who need to change internal processes according to Article 5 of the GDPR, conduct a risk assessment (Article 35), designate a Data Protection Officer (Articles 37-39), form a project team (working group) to implement the GDPR or check an external consultant.
System architects, designers, developers, or testers who need to fulfill privacy by design requirements according to Article 25 of the GDPR, e.g. minimize stored data, limit data retention, implement privacy by default, etc.
HRs who also need to spread the new data protection policies requirements among employees and to follow GDPR rules themselves. They process personal data during recruitment, training, employee relations, payroll, benefits and other processes.
Marketers and sales managers who deal with e-marketing and follow-up letters, push notifications, chatbots, cold calling, remarketing and retargeting, promotions, lead gen, etc. and need to have a lawful basis for all of these processes according to Article 5 of the GDPR, valid consent (Article 7), non-sensitive data (Article 9), and to provide the data subjects with all required information (Articles 13 and 14).
Contact center staff who may face data subjects requests and need to distinguish types of requests, forward them to a privacy officer or to respond to them in accordance with Articles 15-22 of the GDPR. For instance, they need to provide the data subject with his/her data after proper identification process.
Technical support and IT-infrastructure divisions who deal with Records of Processing Activities in accordance with Article 30 of the GDPR and need to tackle automatic data deletion and reservation (Articles 5, 25 and 32).
Risk management divisions and financial departments who need to know how to budget the GDPR implementation next year (trainings, new employees, consulting services, software, fines) according to Articles 24 and 28 of the GDPR.
Consultants in the field of personal data protection, information security and law who need to apply the provisions of the Regulation and to help their clients with any requests related to the GDPR. And make it without causing harm, of course.

Trainer

Siarhei Varankevich CIPP/E, CIPM, MBA, FIP

Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn

After the course you will be able to answer the following questions

What is privacy?

How to define personal data under the GDPR?

What legal ground is necessary for collection of personal data and how long you can store it?

Who, how and when should be designated as Data Protection Officer?

How is risk assessment (DPIA) carried out?

What shall you write in your Privacy policy?

What should you do in case of data breaches?

Program

Click on"＋" to see details.

PRIVACY

The definition of privacy, information privacy and data protection. Types of information privacy

History of data privacy

Taxonomy of privacy by Daniel Solove

Social role of data privacy

Data protection law evolution overview

LAW

Data protection law acts, standards and regulations which are in force

Data privacy cases, precedents, guidelines

The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data №108

EU Directive 96/46

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

EU members data protection law overview

GDPR

EU current data protection regulatory framework (GDPR+) overview

EU GDPR history

GDPR territorial and material scope

GDPR text structure (recitals, business related articles ect.)

GDPR related acts overview

Cases and precedents

Article 29 Working Group (Art29WP) and European Data Protection Board (EDPB) guidelines and opinions

National supervisory authorities (SAs) guidelines

Mapping of the Belarusian, Ukrainian and Russian data protection laws to the rules applicable in EU

Overview of risks, fines, responsibilities related to personal data processing

CONCEPT OF PERSONAL DATA

The concepts of personal data (PD), identifier, data subject

Biometric data

Formula of Persomal Data "(id-x)+info"

Cases of (non-)personal data

DATA PROCESSING. DATA CONTROLLERS AND PROCESSORS

Data processing and types of processing.

Profiling

Personal data anonymisation and pseudonymisation

Processing of special categories of personal data

Processing of children data

Data controller, joint controllers or separate controllers

Data processor

Responsibilities distribution between data controllers and processors

GDPR PRINCIPLES

Lawfulness and fairness of processing

Transparency of processing

Purpose limitation

Data minimisation

Storage limitation

Data accuracy

Integrity and confidentiality

Accountability

LAWFUL BASIS FOR PROCESSING

Review of six lawful bases for processing

Consent

Conditions for consent

Getting consent in UX

Contract

Legal obligation

Vital interest

Public interest

Legitimate interest

Balancing test of Legitimate Interest Assessment (LIA)

DATA SUBJECT RIGHTS

Modalities for exercise of the rights of the data subject

Right to information about processing

(Ru) Почему шаблон политики приватности вам не подойдет?

Right to access personal data

Right to rectification

Right to restriction of processing

Right to be forgotten (right to erasure)

Right to data portability

Right to object

Right to not be subject of automated decision-making

Data subject rights restriction

Nightmare letter from data subject case

DPIA AND PRIVACY RISK MANAGEMENT

Check-box approach vs risk based approach

Concept of risk

Risk likelihood and severity

GDPR terminology related to risks (high risk, likely etc.)

Data Protection Impact Assessment (DPIA) requirements

When you need DPIA

BIA (Business Impact Assessment) or SIA (Security Impact Assessment) as triggers for DPIA

Describing processing operations, personal data and supporting assets

Legal and risk-treatment controls

Risk sources, feared events, threats and risks

DPIA tools

INFORMATION SECURITY

GDPR requirements

Data breach notification of supervisory authorities and data subjects

Technical and organisational measures of managing information security risks

TRANS-BORDER TRANSFERS OF PERSONAL DATA

GDPR data transfers rules overview

Data transfers documenting

Data Processing Agreement (DPA)

Binding Corporate Rules (BCR)

Standard Contractual Clauses (SCC)

Codes of conduct and certifications

Data transfers derogations for specific situations

PRIVACY BY DESIGN

"Privacy by Design. The 7 foundational principles" by Ann Cavoukian review

Privacy by Default

Embeded Privacy

Full functionality - positive-sum

End-to-End Security - Lifecycle Protection

Data Protection Officer (DPO) and EU representative

Representative in EU

Data Protection Officer

Program

Schedule

Trainer
Siarhei Varankevich
Language
Russian
Place
Online

Format
 Open format
Data
 21 June - 25 June 09:00-16:00 
Price
 550 EUR 500 EUR to 8 June

Trainer
Siarhei Varankevich
Language
Russian
Place
Online

Format
 Open format
Data
 20 September - 24 September 09:00-16:00 
Price
 550 EUR 500 EUR to 6 September

Trainer
Siarhei Varankevich
Language
Russian
Place
Online

Format
 Open format
Data
 22 November - 25 November 09:00-16:00 
Price
 550 EUR 500 EUR to 8 November

Trainer
Siarhei Varankevich
Language
Russian
Place
In recording

Format
 Open format
Data
 All time 
Price
 1100 BYN

Buy

Training format

5 full training days lasting 8 academic hours

8 practical exercises

32 real cases

4 color schemes

700 additional materials

87 test questions

1 GDPR DPP certificate for anyone, who passed the test

Online format

We use Zoom to organize the training. You can see the trainer and his screen, as well as ask him questions in real time using a mic or a webcam.

We will share with you an invitation link through a group chat in Telegram or WhatsApp.

Traditionally, the course is given from 9:00 to 16:00, with coffee breaks and a long lunch break from 12:00 to 13:00.

Technical requirements:

- mic and headphones;

- Internet connection for high-quality video call;

- Zoom app.

For maximum benefit, we recommend that you dedicate these days exclusively for the training.

Hide

Hurry up!

Online, Russian, Siarhei Varankevich, 21 June - 25 June,

Standard fee:

550 EUR *

Early bird:

500 EUR * Sign up

Save money today!

*Minus VAT.

Certificate on completion

Attachment to certificate include the course program. Training is an organizational measure, and is a duty reflected in the General Data Protection Regulation, Articles 24, 25, 28, 32, and 39.

DPO Club membership

In case of successful completion of the course, you can join the DPO Club, a closed information privacy professionals community. General online meetings takes place every month. You can share your own experience and discuss the latest trends with other members at these meetings. There are more than 150 club members now. Our numbers grow stronger by the day!