GDPR Practitioner course
Who for: Anyone who needs a real, in-depth understanding of both the content and the application of the GDPR.
Do I need to attend the Foundation course first? No. This course covers the material that’s in the Foundation course, but with significantly greater depth and breadth, so there’s no need to attend both.
Duration: 4 days
How many people? This is a publicly scheduled course, which may have up to 10attendees. Book as many places as you require.
What’s the cost? £1500 + VAT per person
What do I get? Each attendee receives both an electronic and a printed and bound set of slides; a printed and bound copy of the text of the GDPR, along with a PDF version containing appropriate hyperlinks between the Articles and the Recitals; a Practitioner certificate (upon successful completion of the examination) and a set of printed flash cards detailing key topics such as the principles of the GDPR, legal bases for processing data and a reminder of the rights of the data subject.
Where are the courses? We run these courses in London and Birmingham, in comfortable, modern venues. We supply breakfast, lunch and unlimited tea and coffee. Take a look at the images at the foot of this page for an idea of the quality of the venue.
Is there an exam? Yes. At the conclusion of the last day, we will also provide and administer a GDPR Practitioner exam and we will issue a certificate for those who achieve the pass mark of 65%. Attendees not wishing to sit the exam will receive a certificate of attendance only.
Details This four-day course takes delegates through the content and application of the GDPR in detail, and includes topics such as:
- The core of the GDPR
- Key terms within the GDPR
- The core principles of the GDPR
- Lawful basis
- Consent (and child’s consent) under GDPR
- Demonstrating compliance with GDPR principles
- Processing special category data
- The controller and the processor
- Determining if you’re a controller or a processor
- The responsibilities of controllers and processors
- Maintaining records of processing activities
- The GDPR and risk
- What is risk
- How to assess risk
- Risk management and ISO 27005 / ISO 31000
- Creating risk assessments
- Risk acceptance criteria
- Options for treating risk
- Breach reporting requirements for controllers
- Breach reporting requirements for processors
- What needs to be in a breach report
- Mitigating breaches
- Managing data security
- Security within the GDPR – Principle 6 and elsewhere
- Organisational, technical and physical security
- Security standards
- ISO27001 and ISMS’s
- Data protection by design and by default
- Data Subjects
- The rights of data subjects
- Creating Privacy Statements and gaining consent
- Managing and responding to Subject Access Requests
- Children and the GDPR
- Child-specific areas of the GDPR and the Data Protection Bill
- Consent and child data subjects
- Communication with children under GDPR
- Child competence and holders of parental responsibility
- Direct marketing under GDPR
- What can and can’t you do
- Telling data subjects that you have their data
- What to do if you obtain someone’s details from another organisation
- Data protection Officers
- The role of the DPO
- Who should be a DPO?
- The responsibilities of a DPO
- Creating Data Protection Impact assessments
- When do you need to conduct a DPIA?
- What should be included in Data Protection Impact Assessments
- Recording your data
- Creating an information asset register
- Mapping data flows
- Software options to record information about your data
- Transferring data abroad
- Transferring data under an Adequacy Decision
- Appropriate safeguards and Binding Corporate Rules
- The USA – Safe Harbor and Privacy Shield
- Remedies, liabilities and penalties
- Supervisory Authorities and your obligations to them
- Administrative fines and liability to compensation
Throughout the course, there will be exercises and discussion to ensure a real hands-on understanding of how to apply the GDPR in your organisation.