EU GDPR Foundation and Practitioner
The Certified EU GDPR Foundation and Practitioner programme provides a comprehensive introduction to the requirements of the EU GDPR, and a practical guide to planning, implementing and maintaining an EU GDPR compliance programme. Delegates will qualify for the mandatory role of data protection officer under the EU GDPR.
This programme is primarily aimed at professionals working in the field of data protection and data privacy. It is also suitable for individuals with little experience but who wish to enter the field of data protection with a professional qualification. Delegates who pass the included exams are awarded the ISO 17024-accredited EU GDPR Foundation (EU GDPR F) and EU GDPR Practitioner (EU GDPR P) qualifications by The International Board for IT Governance Qualifications (IBITGQ).
The EU GDPR will provide a single, harmonised data privacy law across the EU, and Guernsey will update its own law to reflect these new rules. All organisations need to respond to fast changing risk in this area – with cyber-attacks and poor information governance featuring heavily in recent times. The EU GDPR tightens up on rules around data security and information handling and will require a comprehensive risk-based approach by all those handling personal data.
Organisations have until May 2018 to prepare for the changes. Failing to do so risks significant reputational and financial penalties including fines of up to 4% of annual turnover or €20 million.
If you are interested in a shorter course on data protection, please see the 1-day Data Protection Seminar.
This Foundation element of the course provides a complete introduction to the EU GDPR, and an overview of the key implementation and compliance activities.
- Essential EU GDPR background and terminology
- Key differences between the Data Protection Act and the EU GDPR
- Data subjects and their rights
- Dealing with subject access requests
- Marketing requirements
- The implementation path to EU GDPR compliance
- Privacy by design
- Data privacy impact assessments (DPIA)
- Data audits
- Training and competence requirements
- Incident response and breach reporting
- Updating policies and procedures
- International data transfers
- Replacing Safe Harbour – the new requirements
The advanced Practitioner element of the course is focused on enabling delegates to fulfil the role of data protection officer under the EU GDPR and covers the regulation in depth, including implementation requirements, the necessary policies and processes, as well as important elements of effective data security management.
- Setting up a privacy compliance framework
- The role of the data protection officer
- Common data security failures, consequences and lessons to be learnt
- GDPR privacy principles
- Data privacy impact assessments
- Developing a risk management framework
- Data mapping
- The rights of data subjects
- Consent rules
- Subject access requests
- The roles of and relationships between controllers and processors
- Dealing with third parties and data in the Cloud
- Demonstrating compliance with the GDPR
- Data breach reporting requirements
- Range of enforcement, regulatory and compensatory aspects of the GDPR
"A well-presented course with first class delivery that will successfully prepare you for the introduction of the GDPR in May 2018. I recommend any business that deals with personal data to attend."
Garry Fusellier, Head of Information Assurance (States of Guernsey)
IT Governance is a professional services company, founded in 2002, with a wealth of consultancy skills that originally focused on information security/cybersecurity standards, notably ISO27001. Their consultants have extensive practical experience of designing and implementing management systems and help to develop the skills needed to deliver best practice and compliance in an organisation.
The company has an impressive track record having helped well over 130 clients over the years to successfully gain the coveted ISO27001 certificate, proving their compliance with one of the most demanding management system standards. They have since developed their offerings into various other management disciplines and now provide a comprehensive single source of information, advice, books, tools, consultancy and training for IT governance, risk management, compliance and IT security objectives.