Personal Data Protection Officer - Advanced Level Training Course

Day I

I. Choosing a personal data protection management model?
1. A prerequisite for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes.

II. Duties and responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of an Inspector
3. What does the DPO need to know?
4. Where to gain knowledge?
5. Qualifications to act as an Inspector
6. Form of employment of the Supervisor
7. Improvement of the DPO
8. DPO tasks

III. Dataflows
1. What does the DPO need to know about flows?
2. What should a DPO be able to do?
3. Tasks of the DPO in this regard.

IV. How to prepare and conduct an audit?
1. Audit preparatory activities
2. Audit plan – how to prepare?
3. Appointment and assignment of tasks to the audit team
4. Creation of working documents
5. Checklista auditowa
6. Case study: the course of the auditing process.

V. How to assess the degree of compliance?
1. What to consider?:
2. Security of processing
3. Grounds for processing
4. Principle of consent
5. The principle of data minimization
6. The principle of transparency
7. Entrustment of processing
8. Transfer of data to third countries and international transfers.

VI. Report from the audit
1. How to prepare an audit report?
2. Audit Report Items
3. What should you pay special attention to?
4. Case study
5. Cooperation with employees – building employee awareness
6. How do I verify my CPU warranty?

VII. Maintaining compliance
1. Employee awareness – a key issue
2. Data Protection Policy
3. Small, necessary documentation
4. Continuous monitoring

Day II

VIII. Introduction to Risk Management
1. Organization of the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a DPIA

IX. Examining the context of the processing of personal data
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes

X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When is it obligatory to perform a DPIA and when is it not?
3. Necessary elements of the process
4. Inventory of processing processes
5. Identification of processing resources, in particular those with particularly high risk

XI. Risk analysis exercises
1. Estimating the probability of a hazard occurring
2. Identification of vulnerabilities, existing security measures
3. Identification of effectiveness
4. Estimating the consequences
5. Risk identification
6. Determination of the level of risk
7. Determination of the threshold of risk acceptability

XII. Asset Identification and Security Exercises
1. Determine the process risk value for the resource
2. Estimating the probability of the hazard occurring
3. Vulnerability identification
4. Identification of existing safeguards
5. Estimating the consequences
6. Risk identification
7. Determine the risk acceptability threshold