Module 1: Introduction to the GDPR

• GDPR in a Nutshell
• Generate Customer Confidence
• Focus of GDPR
• What is Personal Information
• Who has PII
• Lawful Processing of Personal Data

Module 2: Binding Corporate Rules

• Introduction
• Scope
• UK ICO’s View of the Scope
• Processing GDPR Definition
• Who Processes PII
• What is Special Data
• Legal Framework
• Timeline and Derogations
• Some Key Areas for Derogation
• Data Breaches/Personal Data Breach
• Consequences of Failure
• Governance Framework

Module 3: GDPR Terminology and Techniques

• Key Roles
• Data Set
• Subject Access request (SAR)
• Data Protection Impact Assessments (DPIA)
• What Triggers a Data protection Impact Assessments
• A DPIA is Not Required
• Benefit of DPIA
• Processes to be Considered for a DPIA
• Responsibilities
• DPIA Decision Path
• DPIA Content
• How do I conduct a DPIA
• Signing Off the DPIA
• Mitigating Risks Identified by the DPIA
• Privacy by Design and Default
• External Transfers
• Profiling
• Pseudonymisation
• Principles, User Rights, and Obligations
• One Stop Shop

Module 4: Structure of the Regulation

• Parts of the GDPR
• Format of the Article
• Articles

Module 5: Principles and Rights

• Introduction
• Legality Principle
• How the Permissions work Together?
• Lawfulness of Processing Conditions
• Lawfulness for Special Categories of Data
• Criminal Offence Data
• Consent
• Transparency Principle
• Fairness principle
• Rights of Data Subjects
• Purpose Limitation Principle
• Minimization Principle
• Accuracy Principle
• Storage Limitation Principle
• Integrity and Confidentiality Principle
• Accountability Principle

Module 6: Demonstrating Compliance

• Demonstrating Compliance with the GDPR
• Impact of Compliance Failure
• Administrative Fines
• What Influences the Size of an Administrative Fine
• Joint Controllers
• Processor Liability Under GDPR
• Demonstrating Compliance
• Protecting PII is Only Half the Job
• What must be recorded?
• Additional Ways of Demonstrating Compliance
• Demonstrating a Robust Process
• PIMS (Personal Information Management System)
• Cyber Essentials
• ISO 27017 Code if Practice for Information Security Controls
• Risk Management

Module 7: Incident Response and Data Breaches

• What is a Personal Data Breach?
• Notification Obligations
• What Breaches do I Need to Notify the Relevant Supervisory Authority About?
• What Information Must Be Provided to the SA?
• Notifying Data Subjects
• What Should I do to Prepare for Breach Reporting?
• Updating Policies and Procedures
• Breach Reporting and Responses
• Ways to Minimize the Breach Impact

Module 8: Understanding the Principle Roles

• What the GDPR Makes Businesses Responsible For?
• Difference Between a Data Controller and a Data Processor
• How the Roles Split?
• Controllers and Processors
• Main Obligations of Data Controllers
• Demonstrate and EU Representative
• Controller-Processor Contract
• Maintain records and Keeping Records for Small Businesses
• Cooperation with Supervisory Authorities
• Keeping PII Secure
• Data Breach Transparency
• Role of the Data Processor
• Controller-Processor Contract
• Main Obligations of the Processor
• Perform Only the Data Processing Defined by the Data Controller
• Update the Data Controller
• Sub-Process or Appointment
• Keep PII Confidential
• Maintaining Records
• Cooperate with Supervisory Authorities Security
• Appoint a DPO – if Necessary
• Transferring Data Outside the EU

Module 9: Role of the DPO

• Role of a Data Protection Officer
• Involvement of the DPO
• Main Responsibilities of the DPO
• Working Environment for the DPO
• Must we gave a DPO?
• Public Body
• What does Large Scale mean?
• Systematic Monitoring
• Who can perform the Role of DPO?
• Skills Required
• Monitoring Compliance
• Training & Awareness
• Data Protection Impact Assessments (DPIAs)
• Risk-Based Approach
• Business Support for the DPO
• DPO Independence

Module 10: Implementation

• Key Differences between the Data Protection Act and the GDPR
• Highlights from the Data Protection Bill
• Definition of Controller
• Health, Social work, Education, and child Abuse
• Age of Consent
• Exemptions for Freedom of Expression
• Research and Statistics

Module 11: Key Features

• Specific permission
• Privacy by Design
• Data Portability
• Right to be Forgotten
• Definitive Consent
• Information in Clear Readable Language
• Limits on the Use of Profiling
• Everyone Follows the Same law
• Adopting Techniques

Module 12: Subject Access requests and How to Deal with them

• Subject access requests (SAR)
• Dealing with SAR
• Recognize the Request
• Understand the Time Limitations
• Dealing with Fees and Excessive Requests
• Identify, Search and Gather the Requested Data
• Learn about what Information to withhold
• Developing and sending Response