In this extensive course we will cover, in detail, the rights and obligations of the controller arising from the GDPR.
The course material is backed up with real-world, practical examples and scenarios from the lecturers’ past projects, but also with the practice of EU and national courts and decisions of the supervisory authorities.
Participants will also gain insight into the history of the rights to privacy and protection of personal data as fundamental human rights, as well as acquire basic knowledge about information security, risk assessment, and technical and organizational data protection measures.
The material includes a number of specific data processing scenarios, i.e. GPS and video surveillance, labor relations, biometrics and marketing, and a few other.
The course is intended for everyone who wishes to learn and develop professionally in the field of privacy and personal data protection – mainly for data protection officers, as well as everyone else who needs to understand the legal and technical requirements relating to the processing and protection of personal data.
This course is also intended to prepare participants for professional certification exams in the field of personal data protection.
Upon successful completion of this course, participants will be issued a Certificate of Attendance, which serves as proof of training and the acquisition of the competencies needed to perform the duties of a data protection officer as defined by the GDPR.
- Privacy and personal data protection as fundamental human rights
- Legal sources and case law of the European Court of Human Rights (ECtHR) and the Court of Justice of the European Union (CJEU)
- General Data Protection Regulation (GDPR) – significance, scope, and exemptions
- Principles of personal data processing
- Legal bases for the processing
- Legitimate interests in the processing of personal data (LIA)
- Data subjects’ rights
- Data protection officer (DPO) – position, competencies, and responsibilities
- Records of processing activities – obligations, form, and content
- Personal data breach management
- Data protection impact assessment (DPIA) and prior consultation
- Relationships in the processing of personal data – joint controllers, processors, data recipients, third parties
- Contractual relations with the data processors
- Transferring data to third countries – standard contractual clauses (SCC), binding corporate rules (BCR) and special situations
- Transferring personal data to the USA
- Supervisory authorities (AZOP, EDPB, EDPS) – competence, tasks, and powers
- Imposition of administrative fines
- Information security basics
- Personal data protection risk assessment
- Technical and organizational measures for protection of personal data
- Special processing operations – GPS and video surveillance, labor relations, biometrics, and marketing
- Privacy in electronic communications – Directive 2002/58 (ePrivacy) and the Electronic Communications Act
- Cookies and other tracking technologies