EU GDPR and EU ePrivacy Regulation Compliance Foundation Training Course
In this training course, we will help you to understand "WHAT" are the EU GDPR, ePrivacy regulation, and relevant data protection compliance requirements.
Following the implementation of the “Personal Data Protection Act” in worldwide, the EU-US Privacy Shield Framework between the United States and the European Union, the EU General Data Protection Regulations (EU GDPR) were enforced by the European Union by May 25, 2018, it requires the organizations to protect the personal data.
Therefore, the organization must establish a systematic management mechanism (for example, the BS 10012:2017, PIMS, personal data management system) to comply with the regulation, and the data protection principles required by GDPR article 5, for example, the appointment of dedicated personnel responsible for personal data inventory, education and training, communication, notification, data protection and control measures (for example, integration with ISO 27001 information security management and ISO 22301 business continuity management).
To participate in this training course, the following prior knowledge was expected:
- Knowledge of Management System Compliance (ISO 19600)
- Process approach (Plan-Do-Check-Act)
- Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies, and procedures.
- Top management leadership, other roles and responsibilities to support management system
- Consideration of planning a management system - identify the organizational and technical measures to manage the identified risk
- Supporting required by the management system
- Management system operation consideration - monitoring, reporting and communicating
- Performance evaluation of a management system - objectives evaluation, Internal Audits, and Management Review
- Continually improve the effectiveness of a management system
- Knowledge of data protection principles and concepts includes but not limited to:
- lawfulness, fairness, and transparency;
- purpose limitation
- data minimization
- storage limitation
- integrity and confidentiality
- Knowledge of data protection regulations:
- REGULATION (EU) 2016/679 -EU GDPR (General Data Protection Regulation)
- DIRECTIVE (EU) 2016/680 - Criminal offenses or the execution of criminal penalties
- Regulation on "Privacy" and "Electronic Communications
Note. You are advised that course examination questions can relate to the expected prior knowledge. For delegates who do not have these, we recommend attending our training course.
Who should attend?
This is intended for those who will be involved in GDPR compliance in the organization.
Suggested job functions and their teams include:
- DPO (data protection officer) and data protection representatives
- Information security managers
- IT and corporate security managers
- Corporate governance managers
- Risk and legal compliance managers
- Information security consultants
- Understand the EU GDPR framework and relevant regulations
- Understand the EU GDPR compliance requirements for a product developer, data controller, and processor
- Understand the Personal Data Protection Principles
- Improve the overall understanding of EU GDPR and data protection compliance requirements
- Identify the opportunity for improvements of personal data protection in the organization
- Overview to EU GDPR
- Key definitions, i.e. data controller and processor
- Scope and application
- EU GDPR data protection principles
- Lawfulness, fairness, and transparency;
- Purpose limit
- Data minimization
- Storage limitation
- Integrity and confidentiality
- EU GDPR organizational compliance requirements
- Data Protection Roles and Responsibilities, i.e. Data Protection Officer and representatives
- Personal data protection policy
- Data Protection Impact Assessment (DPIA)
- Personal data inventory
- Data protection by design and by default
- Security of data processing, i.e. cryptographic
- Other data protection regulations:
- ePrivacy Regulation (ePR) - Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications).
- Taiwan Personal Data Protection Act.
- Taiwan Communication and Security Act.
- China CyberSecurity Act.
- Summary / Q&A / Course examination
- Course material
- Course examination
- Course certificate
- Delegates should note that there are evening works during the course
- The minimal numbers of delegates for this course are 4 and the maximum is 20. If the students less than 4, the course will be postponed.
- This course is facilitated by TKSG.Global online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
- This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes infotech Inc.
9:00 ~ 17:00