Home

All courses

Complete data protection system A-Z in 16 steps (GDPR, CIPM)

Business

Business Law

GDPR

Complete data protection system A-Z in 16 steps (GDPR, CIPM)

A-Z guide & templates by Dr Paweł Mielniczek

4.5

(770)

2329 enrolled on this course

Last updated 11/2021

None

₹ 1499.0

₹ 2999.0

Buy Now

30-Day Money-Back Guarantee

Lessons

Quizzes

Duration

13 Hours

Skill level

Beginner

Language

English

Certificate

Yes

Full lifetime access

Yes

Description

I will cover the necessary steps where you prepare, identify, assess, implement and apply data protection principles at your firm. You will receive an editable resource to gather in one place as much information as possible.
It does not matter whether you work for a business, charity or a state institution. It does not matter, whether you are self-employed, work for a medium business, or for international capital group - we will cover all the known issues.
Completing all the steps will bring your compliance level higher than 99% of businesses
. I am not giving a legal advice or doing your job, but I am sharing my practical experience to make your compliance as easy as possible.
4 deliverables of this course
GDPR standard,
the highest data protection standard
A-Z: implementation and maintenance phases in
16 steps
Practical examples
of how to implement GDPR requirements
Checklists &
templates
to make your job easy as possible
4 foundations of this course
You
get compliant
, not just listen about compliance
This course is
for every organization
You will not experiment, but
avoid mistakes
Do not get just tools or knowledge, but
follow steps
16 steps to make sure all data protection measures are in place and function well
Identify data processing purposes
Identify data processing details
Identify assets
Identify process & asset owners
Assess controller’s processes
Assess processor’s processes
Assess information security
Assess general obligations
Model controller’s processes
Model processor’s processes
Manage security risks
Comply with general duties
Prepare general policies
Prepare SOPs
Adopt, publish & train
Execute, maintain & review
My course has clear structure, so you will easily see and find the points we are covering.
Each time you need to take steps on your data protection system, you will get a checklist to make sure you cover anything you need
. With that said, let’s get right into the job!
Who this course is for:
Managers who want to create or improve their data protection system
Data Protection Officers who want to work efficiently and develop skills
Heads of departments processing a lot of personal data (HR, marketing, IT)
Anyone who wants to hear from an expert, how a data protection system should work

What you'll learn

Create a GDPR-standard data protection system in any environment

Save time and resources with an efficient method to protect privacy

Identify, assess, implement and maintain compliance with data protection laws

Carry out risk analysis and data protection impact assessment like a professional

Protect personal data against a security breach

Manage data protection breaches

Prepare contract clauses to regulate data flows with your clients, contractors and partners

Apply privacy by design and by default in practice

Write useful policies, procedures and records

Build employee awareness and commitment

Prepare for an inspection

Requirements

You will need a copy of Adobe XD 2019 or above. A free trial can be downloaded from Adobe.
No previous design experience is needed.
No previous Adobe XD skills are needed.

Course Content

27 sections • 95 lectures

Expand All Sections

1-Preview

1.1-Preview

2-Get ready to go

2.1-5 reasons to take care of your data protection system

2.2-Motivator 1: liability

2.3-Motivator 2: reputation

2.4-Motivator 3: time-effectiveness

2.5-Motivator 4: cost-effectiveness

2.6-Motivator 5: respect for data subjects

2.7-Support from management & stakeholders

2.8-10 differences between a privacy-careless firm and your goals

2.9-Difference 1: purposes for data processing

2.10-Difference 2: scope of personal data processed

2.11-Difference 3: verification and updating

2.12-Difference 4: retention

2.13-Difference 5: likelihood of a security breach

2.14-Difference 6: severity of violation

2.15-Difference 7: data subject rights

2.16-Difference 8: formal compliance

2.17-Difference 9: transparency

2.18-Difference 10: evidence

2.19-The organization you will service

2.20-Meaning of organization’s context

2.21-Where to write down the answers?

2.22-Brief description of organization’s activity

2.23-Applicable laws & standards

2.24-How to consider local and detailed laws?

2.25-Estimated total number of data subjects

2.26-Locations where data are processed

2.27-What your project will look like?

2.28-Steps

2.29-Phase 1: identify

2.30-Phase 2: assess

2.31-Phase 3: implement

2.32-Phase 4: apply

2.33-Start acting!

2.34-The privacy team

2.35-Governance model

2.36-How to prepare the project?

2.37-Kick-off meeting

2.38-After the kick-off meeting

2.39-To send to interlocutors (processes)

2.40-To send to interlocutors (assets)

2.41-To send to interlocutors (general obligations)

3-Step 1: Identify data processing purposes

3.1-Mode of operation

3.2-Processes and processing

3.3-Typical processes (controller)

3.4-Typical processes (processor)

3.5-Purposes v. processes

3.6-Whose the purposes are?

3.7-Which questionnaires to use?

3.8-Processing activities (controller’s questionnaire)

3.9-Joint controllers (controller’s questionnaire)

3.10-Processing purposes (controller’s questionnaire)

3.11-Typical purposes (add more details if possible)

3.12-Controller(s) (processor’s questionnaire)

3.13-Processing activities & purposes (processor’s questionnaire)

4-Step 2: Identify data processing details

4.1-Categories of data subjects (controller’s questionnaire)

4.2-Typical categories of data subjects

4.3-Categories of personal data (controller’s questionnaire)

4.4-Typical categories of ‘ordinary’ personal data

4.5-Special categories of personal data

4.6-Categories of recipients (controller’s questionnaire)

4.7-Typical categories of recipients

4.8-Transfers outside the European Economic Area

4.9-Typical cases of transfer outside the EEA

4.10-Envisaged time limits for data erasure (controller’s questionnaire)

4.11-Typical time limits for data erasure

4.12-General description of security measures

4.13-Transfers outside the EEA (processor’s questionnaire)

4.14-Providing guarantees for controller(s)

5-Step 3: Identify assets

5.1-Mode of operation

5.2-How to group identified assets?

5.3-Locations & areas

5.4-Typical assets (locations & areas)

5.5-Typical safeguards (locations & areas)

5.6-Equipment

5.7-Typical assets (equipment)

5.8-Typical safeguards (equipment)

5.9-Networks & servers

5.10-Typical assets (networks & servers)

5.11-Typical safeguards (networks & servers)

5.12-Websites

5.13-Typical assets (websites)

5.14-Typical safeguards (websites)

5.15-Software

5.16-Typical assets (software)

5.17-Typical safeguards (software)

5.18-Digital files (unstructured)

5.19-Typical assets (digital files)

5.20-Typical safeguards (digital files)

5.21-Printed documents

5.22-Typical assets (printed documents)

5.23-Typical safeguards (printed documents)

5.24-Staff

5.25-Typical assets (staff)

5.26-Typical safeguards (staff)

5.27-Other

6-Step 4: Identify process & asset owners

6.1-Process and asset owners

6.2-Process owner - typical responsibilities

6.3-Asset owner - typical responsibilities

7-Intro: assessment phase

7.1-Mode of operation

7.2-Record of processing activities (controller’s questionnaires)

7.3-Record of all categories of processing activities (processor’s questionnaires)

8-Step 5: Assess controller’s processes

8.1-Goal 1, Purpose limitation principle (controller’s questionnaire)

8.2-Goal 1, Lawfulness principle (controller’s questionnaire)

8.3-Goal 1, Legal basis for data sharing (controller’s questionnaire)

8.4-Goal 2, Data minimization principle (controller’s questionnaire)

8.5-Goal 3, Accuracy principle (controller’s questionnaire)

8.6-Goal 4, Storage limitation (controller’s questionnaire)

8.7-Goal 5: protect personal data against security breach

8.8-Goal 6, Obligation to carry out DPIA (controller’s questionnaire)

8.9-Goal 6, Threats to data subjects (controller’s questionnaire)

8.10-Goal 7: prepare to handle data subject requests

8.11-Goal 8, Joint controllers (controller’s questionnaire)

8.12-Goal 8, Typical vulnerabilities (processors)

8.13-Goal 8, Processors provide compliance guarantees (controller’s questionnaire)

8.14-Goal 8, Processors commit to all GDPR obligations (controller’s questionnaire)

8.15-Goal 8, Lawfulness of transfers outside the EEA (controller’s questionnaire)

8.16-Goal 9, Transparency principle (controller’s questionnaire)

8.17-Goal 9, Providing all the required information (controller’s questionnaire)

8.18-Goal 9, Providing information timely (controller’s questionnaire)

8.19-Goal 10: achieve accountability - ability to demonstrate compliance

9-Step 6: Assess processor’s processes

9.1-Goal 1: only process personal data under a contract with the controller

9.2-Goal 2, Providing guarantees for controller(s) (processor’s questionnaire)

9.3-Goal 3: do not engage another processor without controller’s consent & same obli

9.4-Goal 4: ensure confidentiality from all persons authorized to process personal d

9.5-Goal 5: protect personal data against security breach

9.6-Goal 6: assist the controller with data subject requests

9.7-Goal 7: assist the controller with fulfilling other obligations

9.8-Goal 8: demonstrate fulfillment of processor’s obligations to the controller

10-Step 7: Assess information security

10.1-Criteria for info security assessment

10.2-Mode of operation (info security assessment)

10.3-High likelihood cases and integrity & confidentiality assessment

10.4-Locations and areas - Typical security breaches

10.5-Locations and areas - Typical vulnerabilities

10.6-Equipment - Typical security breaches

10.7-Equipment - Typical vulnerabilities

10.8-Networks & servers - Typical security breaches

10.9-Networks & servers - Typical vulnerabilities

10.10-Websites - Typical security breaches

10.11-Websites - Typical vulnerabilities

10.12-Software - Typical security breaches

10.13-Software - Typical vulnerabilities

10.14-Digital files - Typical security breaches

10.15-Digital files - Typical vulnerabilities

10.16-Printed documents - Typical security breaches

10.17-Printed documents - Typical vulnerabilities

10.18-Staff - Typical security breaches

10.19-Staff - Typical vulnerabilities

10.20-Other assets

11-Step 8: Assess general obligations

11.1-Data protection officer - designation (general obligations questionnaire)

11.2-Data protection officer - position (general obligations questionnaire)

11.3-Data protection officer - tasks (general obligations questionnaire)

11.4-Incident management & reporting

11.5-Privacy by design and by default

11.6-Right to access

11.7-Right to rectification

11.8-Right to erasure (to be forgotten)

11.9-Right to restriction of processing

11.10-Notification obligation if data rectified, erased or processing restricted

11.11-Right to data portability

11.12-Right to object

11.13-Automated decisions & profiling

11.14-Policies & procedures

11.15-Employee obligations & awareness

11.16-Executive summary & risk assessment

12-Step 9: Model controller’s processes

12.1-Intro: implementation phase

12.2-Adjust data collecting

12.3-Adjust the scope of data processing

12.4-Prepare informational clauses

12.5-Update contracts

13-Step 10: Model processor’s processes

13.1-Adjust the scope of processing

13.2-Adjust communication with controller & data subjects

13.3-Adjust the contracts

14-Step 11: Manage security risks

14.1-Intro: managing security risks

14.2-General security objectives, standards & context

14.3-Leadership, roles & responsibilities

14.4-Asset register, risk analysis & treatment

14.5-Asset management, media handling, information classification

14.6-Mobile work, home office, private devices & private use

14.7-Authorization management & access control

14.8-Physical & environmental security

14.9-Event logging, vulnerability & usage monitoring

14.10-Cryptography

14.11-Supplier relationships

14.12-Network security & information transfer

14.13-Software - safeguards & vulnerability management

14.14-Recruitment, employment, termination & end-user responsibilities

14.15-Project management, exceptions & non-typical assets

14.16-Incident management

14.17-Business continuity and disaster recovery

14.18-Reviews and performance evaluation

15-Step 12: Comply with general duties

15.1-Data protection officer or equivalent

15.2-Incident management & reporting

15.3-Privacy by design

15.4-Data subject rights

15.5-Obligation to consult the supervisory authority

16-Step 13: Prepare general policies

16.1-Intro: application phase

16.2-Why general policies would be useful?

16.3-What aspects should the policies cover?

16.4-How to prepare general policies?

16.5-Relation with standard operating procedures (SOPs)

17-Step 14: Prepare SOPs

17.1-General SOP

17.2-SOPs for controller’s processes

17.3-SOPs for processor’s processes

17.4-SOPs for assets

18-Step 15: Adopt, publish & train

18.1-Adopt data protection documentation

18.2-Publish data protection documentation

18.3-Train employees & associates

19-Step 16: Execute, maintain & review

19.1-Execute internal obligations

19.2-Maintain compliance and keep your system up to date

19.3-Review and improve your data protection system regularly

20-Wrap-up

20.1-Wrap-up

Course Categories

Popular Courses

Complete data protection system A-Z in 16 steps (GDPR, CIPM)

Description

What you'll learn

Requirements

Course Content

You May Like