This Level 2 course is aimed at departmental line managers, Heads of Function, company directors and those responsible for ensuring organisational compliance with the GDPR.
The data protection regulation commonly referred to as the ‘GDPR’, will come into force throughout the EU and EEA on May 25th, 2018. This regulation is highly significant for any organisation who handles or monitors the personal data of individuals within the EU and EEA.
The regulation aims to:
- Safeguard the personal data privacy rights of individuals.
- Heighten accountability for how personal data is acquired and handled.
The GDPR applies to organisations (and sole traders) who:
- collect, share and use the personal data of EU/EEA residents;
- or, who offer goods and services to, or monitors EU/EEA residents.
The GDPR applies, irrespective of the country where the organisation is established. Thus, the GDPR has expanded the territorial scope of EU data protection law.
The course is divided into 15 component parts and takes approximately two hours to complete. Practical templates are provided with course topics. Participants should allow for additional time to fully complete the practical work associated with the lessons in the course. Topics are self-contained to facilitate micro-learning for the time conscious participant.
1. Introduction to the GDPR
This introductory lesson will help you to familiarise yourself with what the General Data Protection Regulation is and who the Regulation applies to. It also provides you with an opportunity to learn about the Data Protection Principles that organisations must adhere if they are to comply with the GDPR when processing personal data.
2. Key Data Protection Terminology
Defining what we mean by the terms ‘Data Subject, ‘Data Controller’, ‘Data Processor’, ‘Data Processing’ and ‘Supervisory Authority’.
3. Strengthening the Rights of Individuals
This lesson provides you with an overview of the privacy rights of individuals and the compliance implications of the GDPR.
4. The Principle of Accountability
The Accountability Principle is highly significant, as it compels organisations to demonstrate how they are complying with the data protection principles contained in the GDPR. How organisations demonstrate or evidence compliance will reflect the nature of their activities and organisation size. But irrespective of how large an organisation is, accountability for and transparency in the processing of personal data is a must!
5. Complying with the GDPR
Building on what we learned about the rights of individuals in Lesson 3, in this lesson we look at some of the practical ways in which the GDPR may impact on staff (or charity volunteers) in their day-to-day work. It also provides participants with a quick summary of the actions that should be taken in advance of May 2018 to ensure GDPR compliance.
6. Keeping Data Secure – Personal Top Tips
In this lesson we take a quick look at some of the things we can each do, to help keep personal data secure in our organisations.
7. Preparing a Compliance Strategy
A clear but focused compliance strategy articulated in a GDPR Action Plan will help everyone to better understand what steps an enterprise should take to achieve GDPR compliance.
8. The Data Journey
To ensure compliance with the GDPR, an organisation will need to identify any potential weaknesses in its current methods for handling personal and/or sensitive data. To ensure that there are no ‘weak’ points in how personal data is processed, it may be helpful to consider the journey that different types of personal data takes as it goes through the organisation.
9. Data Security
There is a significant number of factors to consider when reviewing data and cyber security within an organisation. In this lesson, we consider a checklist of questions that managers may find helpful to answer when reviewing data security in their organisations.
10. Data Breaches
The GDPR requires an organisation to be able to respond appropriately to a data breach incident.
11. Data Handling Processes
In this lesson, we consider how managers should approach a review of the processes relating to the handling and processing of personal data.
12. Policy Development and Documentation
Compliance with the GDPR will require organisations to review their policies around data protection. It is necessary for organisations to be able to document and evidence their compliance with the Regulation.
13. Staff Training
To ensure ongoing compliance with the GDPR and the organisation’s data protection policies, it will be necessary for all organisations to provide adequate training to staff and volunteers (where appropriate in non-profits). In this lesson, we provide you with resources to support you in this task.
14. GDPR Management Review
GDPR makes data protection a board-level topic that should appear on the agendas of directors and management committees for discussion. The consequences for an organisation of a data breach can be significant and therefore a board of directors (or management committee) must ensure that adequate policies and procedures are in place to safeguard personal and sensitive data and protect the reputation of the organisation.
15. Course Assessment
Upon successful completion of the final course assessment each participant will be able to independently download a Certificate of Course Completion.