Описание
Business Training Audience
Business Owners
Board of Directors
Compliance Manager
Senior Executives
Head of Security
Head of IT
Head of Internal Control
Head of Internal Audit
Head of Risk Management
HR Director
Department Specialists
Business training on GDPR compliance and personal data protection will help solve practical problems:
To develop a deep understanding of the requirements of the EU General Data Protection Regulation (GDPR) and develop skills in applying them in real-life company operations—from process design to incident response.
To teach participants how to apply the GDPR in their daily work, build legal data processing processes, and minimize the risks of sanctions and reputational damage.
Understand the structure and principles of the GDPR.
Learn how to document and control data processing.
Master Data Mapping, DSAR, and DPA tools.
Learn how to respond to incidents and prepare notifications.
Prepare for the training. Internal GDPR audits and external reviews
Main topics of the business training:
GDPR Fundamentals and Principles
Objective: To develop a common understanding of the essence and key principles of personal data regulation in the EU.
Topics:
History and objectives of the GDPR
Regulation structure, key terms and roles (Controller, Processor, DPO, Data Subject)
Data processing principles: lawfulness, purpose limitation, minimization, accuracy, storage, confidentiality, and accountability
Legal grounds for personal data processing
Data Subject Rights
Interactive: Quiz on key GDPR principles
Data Mapping
Goal: To learn to identify, describe, and document data processing processes.
Topics:
How to determine which personal data is being processed
Data types: identifying, sensitive, biometric, behavioral
Data Flow Mapping — visualizing data flows
Categories of subjects, recipients, and third countries
Record of Processing Activities (ROPA)
Workshop: Creating a data flow map for a business process (e.g., HR or CRM)
Legal bases and consents
Goal: To master approaches to selecting legal bases for processing and correctly managing consents.
Topics:
Legal Basis for Processing (Contract, Legal Obligation, Legitimate Interest, Consent, etc.)
Algorithm for Selecting a Legal Basis
Practicalities of Working with Data Subject Consent
Managing Consent Refusal and Revocation
Specifics of B2B, B2C, and HR Processing
Workshop: Developing a Consent Template and Data Collection Notification
Data Subject Rights and Request Handling (DSAR)
Goal: Learn how to correctly and promptly process data subject requests.
Topics:
Rights of Access, Correction, Deletion («Right to Be Forgotten»), Restriction, Portability, and Objection
Request Processing Timeframes and Procedures
Verifying the Identity of a Data Subject
Documentation and Logging of Actions
Automation of DSAR Processing
Workshop: Handling Cases of Data Subject Requests
Information Security and Technical Security Measures
Goal: Understand how to ensure data security and prevent incidents.
Topics:
Privacy by Design and Privacy by Default Principles
Technical and Organizational Measures (TOMs): Encryption, Access Control, Logging
Pseudonymization and Anonymization
Data Breach Management — Incident Response
Notifying the Regulator and Data Subjects
Workshop: Simulating a Data Breach Incident and Response Plan
Third-Party Relationships and Cross-Border Data Transfer
Goal: Learn to manage risks when exchanging data with partners and contractors.
Topics:
Data Controllers and Processors: Responsibilities and Agreements
Data Processing Agreement (DPA): Mandatory Provisions
Data Transfers Outside the EU: Mechanisms (Standard Contractual Clauses, Adequacy Decision, BCR)
Risk Assessment in Outsourcing and Cloud Services
Vendor and Partner Monitoring
Workshop: Analyzing a DPA Template and Identifying GDPR Non-Compliance
The Role of the DPO and Organizing a Personal Data Management System
Goal: To understand how to build a systematic approach to data protection management in a company.
Topics:
Appointment and Responsibilities of the Data Protection Officer
Data Protection Policies and Procedures
Employee Awareness and Training
Monitoring, Auditing, and Self-Assessment of Compliance
Interaction with Regulators (DPAs)
Workshop: Developing a Personal Data Protection Policy Template
Control, Audit, and Liability
Goal: To assess a company’s readiness for audits and minimize the risk of fines.
Topics:
GDPR Compliance Monitoring and Audit Mechanisms
Types of Violations and Penalty Amounts
Fine Cases (Meta, British Airways, H&M, Clearview AI, etc.)
Documenting Evidence of Compliance (Accountability)
Preparing for a Regulatory Audit
Workshop: Analysis of Real Cases of Fines and Company Errors
Duration: 2 days
