GDPR Implementation Course
This online GDPR course is for any individual assigned to implementation of the GDPR into an organisation. Our step by step approach guides you towards compliance and away from fines and reputational damage.
For €100 discount enter at Checkout
This online GDPR course is for Any individual assigned to implementation of the GDPR into an organisation. Our step by step approach guides you towards compliance and away from fines and reputational damage.
Introduction to the GDPR Implementation Course
Here we discuss the background to the GDPR which was came into law on May 25th 2018, an overview of what it means to you and your business and the financial and reputational cost of non-compliance.
GDPR Readiness Audit
Instructor lead demonstration on how to conduct a GDPR Readiness Audit to check your existing measures and controls against the GDPR requirements. This GDPR Readiness Audit tool can be used to help your business meet and maintain compliance.
*GDPR Readiness Audit provided in your GDPR Toolkit of Policies and Procedures.
Personal Data & Special Categories of Personal Data
In this module we discuss what personal data and special categories of personal data are and outline what kinds of personal data you may be processing. By the end of this module, you will have begun the initial stage of identifying the personal data you process and be able to identify if any of that personal data is special category data (for example, health data). We will also discuss what extra safeguards can be put in place to protect that data.
The GDPR Principles
The GDPR Principles sets out the conditions under which personal data must be processed. We discuss in detail how you apply each principle to the personal data that you process.
Data Controller, Data Processor & Data Subject
Determining whether you are a data controller or processor for different aspects of your business is key to understanding your responsibilities under the GDPR. In this module, we go through what a data controller and data processor is along with many common examples that you will encounter within your own business.
Data Protection Officer (DPO ) and Compliance Officer
Many businesses will need to appoint a DPO. If a DPO is not required, a Compliance Officer should be appointed. In this module, we will go through instances that your business would need to appoint a DPO along with the roles and responsibilities of a DPO and Compliance Officer. This will include tips on how to increase GDPR awareness throughout the whole organisation and the training required to do this effectively.
Lawful basis for processing personal data
In this module we discuss the legal basis for processing that must exist for you to process personal data under the GDPR. By the end of this module you will be able to begin identifying the legal basis for processing personal data that you process. Also examined will be how to conduct a Legitimate Interests Assessment (LIA).
This module forms a large part of modules later on, including conducting data audits and producing a privacy notice.
*Legitimate Interest Assessment template included.
Rights of the Data Subject
The GDPR strengthens the currents rights of the Data Subject (i.e. your employees, your customers and any individual who is the subject of personal data) and also creates new rights. We will discuss how these rights affect operations and the steps you must take to ensure that each can be adhered to.
Privacy by Design and Default
This module describes what privacy by design and default means in the GDPR, how you can achieve it through your own business functions and the benefits of using technology, new procedures and paperless systems to create greater levels of privacy for your customers and employees.
It is a requirement of the GDPR that you document the personal data collected through all processes and outline how you process that information. In this module we discuss in detail each section that must be answered and also use examples that are relevant to your organisation. This module includes a practical demonstration of how to complete a data audit.
*Data Audit template included in GDPR Toolkit of Policies and Procedures.
Privacy Notice (Privacy Statement)
Follow our instructions and design your own GDPR compliant Privacy Notice to meet your business obligations under GDPR to provide a privacy notice in easily understand language.
Here we discuss what is a Privacy Notice is and what must be displayed in one to abide by the GDPR.
Our instructor leads the demonstration in designing a GDPR compliant Privacy Notice and also outlines how it can be customised to suit your business.
*Privacy notice template included in GDPR Toolkit of Policies and Procedures
Subject Access Requests
Subject access requests are an increasingly common occurrence today for businesses and this trend will continue under the GDPR.
In this module we discuss what a Subject Access Request (SAR) means under GDPR, what the rights of an individual are in relation to an SAR, when can you refuse to grant a SAR, how to handle a SAR within 30 days and how to manage SAR complaints.
*Subject Access Request Procedure template and SAR letter templates included in the GDPR Toolkit of Policies and Procedures.
A data breach can have a devastating impact on a business. Here we discuss common causes of data breaches, the potential financial cost and reputation damage of a data breach, how to put a data breach procedure in place, how to document a data breach, how to reduces the likely hood of a data breach occurring and when it is mandatory to notify the supervisory authority in the event of one.
*Data Breach Procedure template and Data Breach Incident Form template included in the GDPR Toolkit of Policies and Procedures.
Data Protection Impact Assessment (DPIA)
In this module, you will learn what a DPIA is how to use the DPIA assessment tool to identify risks to the privacy of individuals when processing personal data to ensure that if it is possible, you can put the necessary measures and controls in place to mitigate those risks to allow processing to take place.
*DPIA template provided with your GDPR Toolkit of Policies and Procedures
Data Processor Agreement
Under the GDPR you are required by law to have a contract or other legal act in place with an Data Processor that processes personal data on your behalf.
By the end of this module, you will be able to begin designing a customised data processor agreement for all data processors that process personal data on behalf of your organisation.
*Data Processor Agreement Template provided in your GDPR Toolkit.
Processing Activities Register
In this module you will learn how to keep a record of processing activities by documenting the purposes of processing, the categories of personal data involved, disclosures of personal data, transfers and the time limit for erasing personal data. This module includes a practical demonstration of how to complete a Processing Activities Register.
*Processing Activities Register and Data Retention and Erasure Policy template provided in your GDPR Toolkit of Policies and Procedures.
Policies and Procedures
It is a mandatory requirement under the GDPR that the controller implements appropriate data protection policies and procedures to demonstrate the technical and organisation measures taken to comply with the GDPR.
In this instructor lead module you will learn how to design and implement the following policies and procedures:
- Information Security Policy
- Data Retention and Erasure Policy
- Clear Desk Policy
- BYOD and Remote Access Policy
GDPR Staff training and awareness
Article 39. of the GDPR states that a Data Protection Officer’s responsibilities include awareness-raising and training of staff involved in processing operations. It is key that your staff are aware of and can adhere to the GDPR and the policies and procedures your business sets out in relation to it. In this module, we discuss how to implement an effective GDPR training and development policy and recommend activities to create GDPR staff awareness in your business that creates a lasting affect towards compliance.
* Training and Development Policy provided in your GDPR toolkit
Additional requirements exist under the GDPR in regards to using CCTV. The use of CCTV must be justified and proportionate for the purpose of gathering images of individuals. In this module, we discuss common legal bases that exist in using CCTV and determining whether it’s use meets the test of proportionality and balance.
Marketing under the GDPR
Significant changes have occurred under the GDPR in relation to marketing. In this module, we discuss how to examine your current marketing list to determine whether marketing would be compliant under the GDPR. We also discuss the different legal bases that exist for marketing under the GDPR and the requirements for each.
GDPR Implementation Plan
Instructor lead demonstration leads you through how to complete your GDPR Implementation plan and set deadlines for each requirement
You will be given access to the Format:Data learning platform to enrol on the GDPR Implementation Course. This gives you access to over 4 hours of video content of a step by step practical guide to GDPR compliance. Also included is our policy and procedure templates which we will customise throughout the online GDPR course to suit your business requirements.
It is a requirement of the GDPR that organisations adhere to it’s requirements. Non-compliance with the GDPR can lead to large fines and risks reputitional damage for your organisation. There is a growing expectation from consumers and employees that personal data should be handled correctly and in a transparent manner.
Data (Information ) Audit
Data Protection Impact Assessment
Legitimate Interest Assessment
Subject Access request Procedure
Data Breach Policy and Procedures
Data Breach Register
Data Retention and Erasure Policy
Staff Training and Development Policy
Information Security Policy
BYOD and Remote Access Policy
Clear Desk Policy
Record of Processing Activity
Data Processor Agreement Template