Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Basic principles of personal data processing
- Sources of national and international law
- Scope of application of personal data protection laws
- Scope of powers of the data protection authority
- Judicial protection of the right to personal data protection
- GDPR – essential information and definitions – selected issues
- Sector-specific GDPR requirements
- Personal data
- Processing of personal data
- Legal bases for processing personal data
- Responsibilities of the data controller
- Rights of data subjects
- Administrative fines
- Personal Data Protection Act of 10 May 2018 – scope of regulations
- Appointment of a Data Protection Officer
- Proceedings for breaches of personal data protection laws
- Monitoring compliance with personal data protection regulations
- Civil, criminal and administrative liability
- Conditions for lawful processing of personal data (ordinary and sensitive data)
- Legal requirements for entrusting the processing of personal data to third parties
- Data Protection Impact Assessment
- Data protection by design and by default
- Legal bases for transferring personal data to a third country
- Protection of personal data in employment relationships
Appointment of a Data Protection Officer
- Mandatory appointment of a Data Protection Officer
- Voluntary appointment of an Inspector
Who can be a Data Protection Officer?
- Qualifications required to act as an Inspector
- Employment arrangements for the Inspector
Status of the Data Protection Officer
- Direct reporting of the Inspector to senior management
- Arranging support for the Inspector
- Involvement of the Inspector in all matters relating to personal data protection
- Prohibition on issuing instructions to the Inspector regarding how they perform their duties
- Avoiding conflicts of interest within the organisation – duties of the Inspector
- Prohibition on dismissal or disciplinary action against the Inspector
- Obligation of the Inspector to maintain confidentiality regarding tasks performed
Information Security Management
- Discussion of the security management system within the organisation, based on Polish and other relevant standards
- Identification of privacy risks and their legal implications
- Principles of risk assessment and evaluation of the impact of specific solutions on the effectiveness of security management
- Understanding and applying a risk-based approach – practical completion of a Risk Analysis template
- Personal Data Lifecycle Management
Performing the tasks of the Data Protection Officer (DPO)
- Legal basis for appointing a DPO
- Who must appoint a DPO, when, and how the appointment is made
- DPO status and required qualifications
- DPO responsibilities and planning their execution
- Conducting audits on compliance with personal data protection provisions in both traditional and IT systems
- Documenting activities undertaken by the DPO
- Preparing inspection reports
- Guidelines for overseeing documentation of personal data processing
- Scope of UODO's powers in relation to DPOs
Practical information on inspections by the Office for Personal Data Protection
- Requirements imposed by the Office on auditees
- How to prepare for an inspection
- Case study
Hands-on activities
- Developing an exemplary Information Security Policy
- Creating management instructions
- Developing a Register of Processing Activities
- Preparing what is known as "Small Personal Data Protection Documentation"
- Case study
- Common errors in documentation preparation
Additional materials for course participants:
Useful forms and templates:
- Consent for the use and distribution of images
- Event newsletter sign-up form
- Consent to receive offers
- Guidelines for sending offer emails
- Guidelines for sending general emails
- Example personal data protection policy
- Template for preparing information obligations in accordance with the GDPR, including instructions
- Risk analysis template
- Register of personal data processing activities – template
- Register of processing activity categories – template
- GDPR breach register – template
- GDPR compliance checklist template
- Instructions on how to proceed in the event of a breach of personal data protection regulations
- Data protection breach report template
- Register of security incidents and corrective and preventive actions
- Register of corrigenda
- Register of restorations
- Model corrigendum
- Restoration template
- Model objection form
- Model contract excluding further processing of personal data
- Sample consents for competitions, marketing and publications
- Obligation to provide information on ferry crossings
- Obligation to provide information on meeting surveillance
- Obligation to provide information on recruitment processes
- Obligation to provide information to the National Revenue Administration
- Information obligation under the LES
- Public Procurement Law (UCoC) information obligation
- Information obligation: Labour Code
- Tax information obligation
- Authorisation to process personal data for employees – template with example
- Notification of a breach to data subjects – template
- Personal data processing agreement for the controller – template
- Personal data processing agreement for the processor
- And many more
Requirements
Audience
- Individuals beginning their role as a Data Protection Officer
- Individuals who will be appointed to this position in the future
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
