Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Basic principles of personal data processing
- Sources of national and international law
- Scope of application of personal data protection laws
- Powers of the data protection authority
- Judicial protection of the right to personal data protection
- GDPR - key information and definitions - selected issues
- Sector-specific GDPR regulations
- Definition of personal data
- Processing of personal data
- Legal bases for processing personal data
- Responsibilities of the Data Controller
- Rights of data subjects
- Administrative fines
- Personal Data Protection Act of 10 May 2018 - scope of regulations
- Appointing a Data Protection Officer
- Proceedings for violations of personal data protection laws
- Monitoring compliance with personal data protection regulations
- Civil, criminal, and administrative liability
- Conditions for the admissibility of processing personal data (ordinary and sensitive data)
- Legal requirements for delegating the processing of personal data to other entities
- Data Protection Impact Assessment
- Data protection by design and by default
- Legal bases for transferring personal data to a third country
- Protection of personal data in employment relations
Appointment of a Data Protection Officer
- Mandatory appointment of a Data Protection Officer
- Optional appointment of an Inspector
Who can be a Data Protection Officer?
- Qualifications to act as an Inspector
- Employment form of the Inspector
Status of the Data Protection Officer
- Direct reporting of the Inspector to top management
- Arranging support for the Supervisor
- Participation of the Inspector in all matters related to personal data protection
- Prohibition on giving instructions to the Supervisor regarding the performance of duties
- Avoiding conflicts of interest in the organization - Supervisor's tasks
- Prohibition of dismissal and punishment of the Inspector
- The Inspector's duty to maintain secrecy or confidentiality of performed tasks
Information Security Management
- Discussion of the organization's security management system based on Polish standards, among others
- Identification of privacy risks and their legal implications
- Principles of risk assessment and evaluating the impact of applying specific solutions on safety management effectiveness
- Understanding and applying a risk-based approach - practical completion of the Risk Analysis template
- Personal Data Lifecycle Management
Performing the tasks of the Data Protection Officer (DPO)
- Legal basis for the appointment of the DPO
- Who must appoint a DPO, when, and how the appointment is made
- DPO status and qualifications
- DPO's tasks and rules for planning their performance
- Conducting reports on compliance of data processing with personal data protection provisions in traditional and IT systems
- Documenting the activities carried out by the DPO
- Preparation of inspection reports
- Rules for supervising the documentation of personal data processing
- Scope of the UODO's powers in relation to DPOs
Practical information on the inspection of the Office for Personal Data Protection
- Requirements of the Office for auditees
- How to prepare for the inspection
- Case study
Hands-on activities
- Development of an exemplary Information Security Policy
- Development of management instructions
- Development of a Register of Processing Activities
- Preparation of the so-called Small Personal Data Protection Documentation
- Case study
- The most common errors in the preparation of documentation
Additional materials for course participants:
Useful forms and templates:
- Consent to the use and dissemination of the image
- Event newsletter entry
- Consent to send you an offer
- Sending offer emails
- Sending general emails
- Example of a personal data protection policy
- Template for preparing the information obligation, in accordance with the GDPR, together with instructions
- Risk analysis template
- Register of personal data processing activities - template
- Register of categories of processing activities - template
- GDPR Breach Register - Template
- GDPR Compliance Checklist Template
- Instructions on how to proceed in the event of a breach of personal data protection regulations
- Data Protection Breach Report Template
- Register of security incidents and corrective and preventive actions
- Register of corrigenda
- Register of restorations
- Model corrigendum
- Restoration pattern
- Model Objection
- A model contract excluding further processing of personal data
- Sample consents for competitions, marketing, publications
- Obligation to provide information to ferry crossing
- Obligation to provide information monitoring of the meeting
- Obligation to provide information on recruitment
- Obligation to provide information to the National Revenue Administration
- Information obligation of the LES
- Public Procurement Law (UCoC) information obligation
- Information obligation: Labour Code
- Tax information obligation
- Authorization to process personal data for employees: a template to be filled in with an example
- Notification of a breach to data subjects - template
- Personal Data Processing Agreement for the Controller - template
- Personal Data Processing Agreement for the Processor
- And many more
Requirements
Audience
- Individuals beginning their role as a Data Protection Officer.
- Individuals who are expected to be appointed to this position in the future.
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
