GDPR - Practical Introduction

3.1.1 DPO role

3.1.2 Privacy Management

3.1.3 Privacy Awareness and Training

3.1 Exercises

Break

3.2.1 Lawfulness, fairness, transparancy

3.2.2 Purpose limitation

3.2.3 Data minimisation

3.2.4 Accuracy

3.2.5 Storage limitation

3.2.6 Integrity and confidentiality

3.2 Excercises

Lunch Break

3.3.1 Introduction

3.3.2 All elements and how to manage them

3.3.3 Template with obvious operations

3.3.4 Discussing non relevant operations

3.3.5 Use it for more than GDPR

3.3 Exercises

Break

3.4.1 Notice

3.4.2 Consent: from paper to advanced

3.4.3 Managing data subject rights

3.4.4 Data processing agreements: technical aspects, audit

3.4 Exercises

DAY 2

4.1.1 ISO27002 applied to privacy

4.1.2 ISO27k landscape, other frameworks

4.1.3 Per section discussion: technical impact, metrics, policies, breach awareness

4.1 Exercise

Break

4.2.0 Risk based approach

4.2.1 Data protection by design

4.2.2 Data protection by default

4.2.3 Data protection impact assessment

4.2 Exercises

Lunch Break

4.3.1 In general

4.3.2 Certification

4.3.3 Code of conduct

4.3.4 Tooling privacy management: register, dpia’s, legal, metrics, awareness training, policies

4.3.5 Content: new projects, data subject requests, privacy metrics

4.3 Exercises

Break

4.4.1 Definition and scope

4.4.2 Policy, procedures

4.4.3 Post Mortem

4.4.4 Notification: to SA, to data subjects, below threshold

4.4 Exercises