In 2018, the General Data Protection Regulation (GDPR), aiming to improve data protection for individuals across the EU, will become directly applicable. Organisations will need to be compliant with the new rules and should act immediately.

By developing good knowledge of the GDPR and understanding how it will affect you, you will learn about the first steps for making your organisation compliant and can immediately start taking them.

The EU General Data Protection Regulations (GDPR) add extra responsibilities to the Data Protection Act 1998 on the 25th of May, 2018. All businesses that handle personal data must ensure that they are aware of the new rules and must examine the processes they currently have in place to ensure they continue to comply with the law.

This GDPR training course will outline your main responsibilities and help you to start making the necessary changes. The biggest changes under the GDPR are in relation to obtaining consent, the right to be forgotten and the appointment of a Data Protection Officer.

  • Duration: 9 hours. See schedule for times

Who Should Take This Course?

This GDPR training is suitable for all services that use or hold personal data, both inside and outside of the EU, and that need to understand the rules of the upcoming GDPR. The course is primarily aimed at those people who have responsibility for implementing the changes.

Requirements
  • You will not need any any prior knowledge – so get started now!

 

Certification

 

On successful completion of the course you  have a quality assured certificate.
This can be used to provide evidence for compliance and audit.

Curriculum

Section 1. 

Introduction

Explaining GDPR
GDPR Definitions
The 6 Principles of GDPR
Fines for breaching
Principles, Definitions & Sanctions

Section 2.

Data Processing & Privacy

The rights of Data Subjects
The Data Protection Officer
Privacy & Transparency
Privacy Notices
Data Subject Rights & the DPO
Requirements and contents of a Privacy Notice
Consent – How and When we ask for Consent
Basic Rules for Data Subject Access Rights (DSAR)
The first thing to do as a DPO
Define a Personal Data Protection Policy

Section 3.

Data Processing

Data Held
 Data breaches
Processing Data Lawfully
Correcting, Removing & Restricting Data
Subject Data Access Requests
Rectification & Erasure of Data
Restricting Data Use
Objecting to Data Processing

Section 4.

Profiling & Portability

Data Profiling
Data Portability
Portability
Managing & Reporting
Transfer outside of the EU
Data Protection Impact Assessments
Breach Notification
Transfer, Impact Assessment of Data and Notifying Breaches

Section 5.

Data Encryption

Data Encryption
Symmetric Encryption
Asymmetric Encryption
Hash Functions
Digital Signatures
Secure Sockets Layer (SSL) and Transport layer security (TLS)
SSL Stripping
HTTPS (HTTP Secure)
Digital Certificates
Certificate Authorities and HTTPS
End-to-End Encryption (E2EE)
Steganography
Disk Encryption
Password Encryption

Section 4.

Data privacy / Security

Server Security
Database security
Social Engineering and Social Media Offence and Defence
Information Disclosure and Identity Strategies for Social Media
Identify Verification and Registration
Behavioural Security Controls Against Social Threats (Phishing, Spam) Part 1

Section 4.

Other Security Topics

Wireless and Wi-Fi Security
Online Tracking

Passwords and Authentication Methods

Open Discussion & Case Studies