GDPR Data Privacy Professional

GDPR DPP is the only GDPR course in the CIS region delivered by certified information privacy professional and manager (CIPP/E, CIPM).
from 7 October to 10 October2019
09:00-16:00
500
EUR
450
EUR
Early bird price (until 23 September)
Online

Description

  • Your European partner asked "Are you GDPR compliant?"
  • You know the answer and are afraid of a €20 million fine?
  • You want to make sure that take the right steps in data protection?
  • Your app faces removal from the Google Play Market or the App Store?
  • You received request to delete data?

Looks like it's time to become GDPR Compliant!

You started to read it, but nothing is clear. So many articles, recitals, difficult language. So you don't understand where to start in your organization and there is no time to figure this out.

Our course will help you:

  • Get answers to all these and many other questions.
  • Save years of self-study.
  • Begin to understand the GDPR and see the whole system of it.
  • Understand what specific measures need to be done in your organization.
  • Take the first steps in a new profession - Data Privacy Professional!
More
Hide

For which companies?

Outside the EU (in Belarus, Ukraine, Russia, etc.) the following organizations, working with personal data of people based in EU, shall comply with the new GDPR:

  • Apps and cloud solutions;
  • Outsourcing companies in IT;
  • E-shops;
  • Social networks;
  • Banks;
  • Medical and pharmaceutical companies;
  • Event agencies.

Who needs this course

  1. Information security, risk-management specialists, who need to be GDPR-compliant in regard with art. 32, 35 GDPR.
  2. Lawyers, Compliance Officers who need to choose a lawful basis for data processing in regard with art. 6 GDPR, determine terms of storage (art. 5), bind controllers and processors using a DPA (art. 26, 28), write a Privacy Policy (art. 13, 14), launch transfers of personal data (art. 44, 46).
  3. Business owners, who need to change internal processes in regard with article 5 GDPR, conduct a risk assessment (art. 35), designate Data Protection Officer (art. 37-39), form a project team (working group) to implement the GDPR or check an external consultant.
  4. System architects, designers, developers, testers, who need to fulfill Privacy by Design requirements in regard with art. 25 GDPR or to minimize stored data, limit data retention.
  5. HRs, who also need to spread the new data protection policies requirements.
  1. Marketers and sales managers, who deal with e-marketing and follow-up letters, push notifications, chatbots, cold calling, remarketing and retargeting, promotions, lead gen etc and need to have a lawful basis for all of this in regard with art. 5 GDPR, valid consent (art. 7), non-sensitive data (art. 9) and to provide the data subjects with all of the required information (art. 13, 14).
  2. Contact center staff, who face data subjects requests and need to know how to respond in regard with with art. 15-22 GDPR.
  3. Technical support and IT-infrastructure divisions, who deal with Records of Processing Activities in regard with art. 30 GDPR and need to tackle auto data deletion and reservation (art. 5, 25, 32).
  4. Risk management divisions and financial departments, who need to know how to budget the GDPR implementation next year (trainings, new employees, consulting services, software, fines) in regard with art. 24, 28 GDPR.
  5. Data protection, infosec and law consultants, who need to understand how the GDPR works to provide quality services for their clients.
More
Hide

Why should I choose this training?

1. The only regular GDPR course in the CIS region, which has endured the test of time and still relevant to clients needs.

2. GDPR Data Privacy Professional is a recognizable and recognized brand in the CIS.

3. More than a 100 graduates of the course have become DPOs and work in Russia, Belarus, Ukraine, Moldova, the UK, Germany, Lithuania, Latvia, Estonia and Cyprus.

4. The author and trainer of the course Siarhei Varankevich is the only CIPP/E (Certified Information Privacy Professional / Europe) and CIPM (Certified Information Privacy Manager) in the CIS (as of 2019).

5. Siarhei Varankevich dealt with the GDPR in Germany and then, after returning to the Eastern Europe, with his team led more than 50 companies to comply with the GDPR. Therefore, our course is based on practice.

6. In addition to cases, Siarhei actively uses diagrams, flowcharts, practical exercises in mini-groups and simple metaphors.

7. You don't need to have a legal or technical background!

Trainer

Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Siarhei has been working with GDPR from 2015 (draft version) in Munich and defended his MBA thesis about Regulation in Bremen in 2016

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

Trainer

If they are available, we can invite one of these experts to cover a highly specialized topic.

Trainer in data protection technology and information security management
Chief Information & Data Protection Officer, member of the Directors Council at Intetics Inc

Member of International Association of Privacy Professionals (IAPP)

GDPR Consultant, Data Protection Officer
Expert in Data Privacy, Certified Information Privacy Professional (CIPP/E & CIPP/US - Europe & United States), member of International Association of Privacy Professionals (IAPP)

Olga provides consulting services, as well as external DPO support. Combination of practical experience in embedding data protection principles and concepts into day-to-day business operations, acquired in the United States, and subsequent work with European and former-USSR companies allows her to find solutions for a wide spectrum of clients.

Georg Philip Krog Cand. Jurd., LLM
Georg Philip Krog
Co-Founder Signatu, Chief of Legal Counsel, Cand. Jurd. and LLM. Past: Researcher at the Faculty of Law in Oslo and Max Planck Institut in Hamburg, and Fulbright Scholar at Harvard Law School and Stanford Law School

Program

Click on"" to see details.

PRIVACY
The definition of privacy, information privacy and data protection. Types of information privacy
History of data privacy
Taxonomy of privacy by Daniel Solove
Social role of data privacy
Data protection law evolution overview
LAW
Data protection law acts, standards and regulations which are in force
Data privacy cases, precedents, guidelines
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data №108
EU Directive 96/46
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
EU members data protection law overview
GDPR
EU current data protection regulatory framework (GDPR+) overview
EU GDPR history
GDPR territorial and material scope
GDPR text structure (recitals, business related articles ect.)
GDPR related acts overview
Cases and precedents
Article 29 Working Group (Art29WP) and European Data Protection Board (EDPB) guidelines and opinions
National supervisory authorities (SAs) guidelines
Mapping of the Belarusian, Ukrainian and Russian data protection laws to the rules applicable in EU
Overview of risks, fines, responsibilities related to personal data processing
CONCEPT OF PERSONAL DATA
The concepts of personal data (PD), identifier, data subject
Biometric data
Formula of Persomal Data "(id-x)+info"
Cases of (non-)personal data
DATA PROCESSING. DATA CONTROLLERS AND PROCESSORS
Data processing and types of processing.
Profiling
Personal data anonymisation and pseudonymisation
Processing of special categories of personal data
Processing of children data
Data controller, joint controllers or separate controllers
Data processor
Responsibilities distribution between data controllers and processors
GDPR PRINCIPLES
Lawfulness and fairness of processing
Transparency of processing
Purpose limitation
Data minimisation
Storage limitation
Data accuracy
Integrity and confidentiality
Accountability
LAWFUL BASIS FOR PROCESSING
Review of six lawful bases for processing
Consent
Conditions for consent
Getting consent in UX
Contract
Legal obligation
Vital interest
Public interest
Legitimate interest
Balancing test of Legitimate Interest Assessment (LIA)
DATA SUBJECT RIGHTS
Modalities for exercise of the rights of the data subject
Right to access personal data
Right to rectification
Right to restriction of processing
Right to be forgotten (right to erasure)
Right to data portability
Right to object
Right to not be subject of automated decision-making
Data subject rights restriction
Nightmare letter from data subject case
DPIA AND PRIVACY RISK MANAGEMENT
Check-box approach vs risk based approach
Concept of risk
Risk likelihood and severity
GDPR terminology related to risks (high risk, likely etc.)
Data Protection Impact Assessment (DPIA) requirements
When you need DPIA
BIA (Business Impact Assessment) or SIA (Security Impact Assessment) as triggers for DPIA
Describing processing operations, personal data and supporting assets
Legal and risk-treatment controls
Risk sources, feared events, threats and risks
DPIA tools
INFORMATION SECURITY
GDPR requirements
Data breach notification of supervisory authorities and data subjects
Technical and organisational measures of managing information security risks
TRANS-BORDER TRANSFERS OF PERSONAL DATA
GDPR data transfers rules overview
Data transfers documenting
Data Processing Agreement (DPA)
Binding Corporate Rules (BCR)
Standard Contractual Clauses (SCC)
Codes of conduct and certifications
Data transfers derogations for specific situations
PRIVACY BY DESIGN
"Privacy by Design. The 7 foundational principles" by Ann Cavoukian review
Privacy by Default
Embeded Privacy
Full functionality - positive-sum
End-to-End Security - Lifecycle Protection
Data Protection Officer (DPO) and EU representative
Representative in EU
Data Protection Officer

Training format

4 full training days lasting 8 academic hours
8 practical exercises
32 real cases
4 color schemes
700 additional materials
87 test questions
1 GDPR DPP certificate for anyone, who passed the test

After the course you will be able to answer the following questions

privacy student
What is privacy?
How to define personal data under the GDPR?
privacy student
privacy student
What legal ground is necessary for collection of personal data and how long you can store it?
Who, how and when should be designated as Data Protection Officer?
privacy student
privacy student
How is risk assessment (DPIA) carried out?
What shall you write in your Privacy policy?
privacy student
privacy student
What should you do in case of data breaches?

Online format

We use Zoom to organize training. You can see the trainer and his screen, as well as ask him questions in real time using a mic or a webcam.

We will share with you an invitation link through a group chat in Telegram or WhatsApp.

Traditionally, the course is given from 9:00 to 16:00, with coffee breaks and a long lunch break from 12:00 to 13:00.

Technical requirements:

- mic and headphones;

- Internet connection for high-quality video call;

- Zoom app.

For maximum benefit, we recommend that you dedicate these days exclusively for the training.

More
Hide

Pricing

Standard fee:
500 EUR *
Early bird:
450 EUR *
Save 100 BYN today!
*Minus VAT.

Certificate on completion

Certificate in English recognizable in CIS. Attachment to certificate include the course program. Training is an organizational measure, and is a duty reflected in the General Data Protection Regulation, Articles 24, 25, 28, 32, and 39.

Sample Certificate GDPR Data Privacy Professional - GDPR DPP

Gift

You will get a 50€ guaranteed voucher!

for Strategic Privacy by Design workshop!

We would like to offer you this great opportunity to realize the full benefits from our partnership and increase knowledge in privacy. You can use this guaranteed voucher for Strategic Privacy by Design workshop by R. Jason Cronk.

One more gift!

DPO Club - сообщество профессионалов в области защиты персональных данных

DPO Club membership

In case of successful completion of the course, you can join the DPO Club, a closed information privacy professionals community. General online meetings takes place every month. You can share your own experience and discuss the latest trends with other members at these meetings. There are more than 150 club members now. Our numbers grow stronger by the day!

Feedback

Details

Venue
This is online course, so you can participate from all over the world!
Any questions?

Apply

Sign up