Certificate in Data Protection (level 2)

Size: px

Start display at page:

Download "Certificate in Data Protection (level 2)"

Lynette Nichols
5 years ago
Views:

1 Certificate in Data Protection (level 2) Two-day course 9.30am to 4.30pm, daily Registration: 980 Delivered in Association with the Castlebridge Associates This course is certified by the Institute of Commercial Management (ICM) and is CPD-approved. Training can take place in our offices in 25 Mountjoy Sqaure East, Dublin 1 Check our website for upcoming dates for opening training or as an in-house within your organisation This is more practical if you have a large group for training For more information, or to book: call us on (01) visit or info@pai.ie

2 About the course PAI s Advanced Data Protection Officer programme offers learners a pathway to an accredited Data Protection Officer Certification. Building upon our Level 1 award, the Advanced programme is essentail for all Data Protection professionals, and moves from basic principles and protocols to assessing how Data Protection rules are evolving internationally in line with EU Data Protection Regulation and a new focus on Internal Data Governance, increased penalties, and an emphasis on managing and mitigating risks of poor privacy outcomes for individuals. Designed with our Data Projection partners Castlebridge Associates, our Level 2 programme presents a coherent framework for Data Protection Officers to understand how their roles align with Data Governance, Information Quality, and the existing frameworks and disciplines which can be used to develop robust and evidence based Data Privacy Governance in your organization. The course syllabus assumes a level of prior knowledge of Data Protection laws, and is aimed at supplementing knowledge of legal rules with frameworks and methods for Information management to meet or exceed legal requirements. Learning Outcomes Upon completion of this Advanced Module learners will: Understand Data Protection in a Risk Management model under the GDPR; Understand why the Risk-based approach differs from the historic model of compliance under Directive 95/46/ EC; Apply the Fundamental Principles of GDPR and how they relate to the Privacy by Design philosophy; Understand what is meant by Privacy Engineering ; Be familiar with Data & Information Governance Principles; Understand how a Data Governance framework can enable a DPO to better engage stakeholders; Have learned how to effectively Conduct A Privacy Impact Assessments; and Understand the role of Ethical Information management in PIAs. Certification This course will be assessed by a single assignment after the completion of the taught element.

3 Timetable: Day one Outline of key challenges in data protection under GDPR and future evolution of privacy An overview of how Data Protection rules are evolving internationally. Discussion of how legislation is the floor not the ceiling. Set an outline of current and future trends Understanding the Risk Management approach Understand Data Protection in a Risk Management model under the GDPR Be able to define what a Risk is with reference to relevant standards Be able to relate the concepts of Risk treatment to the high level concepts of the GDPR Be able to describe an approach to identifying, defining, and prioritising risks Be able to explain the differences between Reactive, Detective, and Preventative controls in a Risk Management context Be able to discuss why the Risk-based approach differs from the historic model of compliance under Directive 95/46/EC understanding new definitions and interpreting the Regulation Know the definitions for key concepts within the GDPR, including Personal Data, Consent, Processing etc. Be able to explain the differences between the definitions under GDPR compared to the pre-gdpr legislation Be able to assess the impacts on their processing of the revised definitions Be able to discuss the importance of context of processing with regard to a risk-based approach to compliance and governance Be able to explain the role and importance of the Recitals to the GDPR to interpreting and understanding the legislation in a Risk-Based approach to governance. Be able to explain the role of the EDPSB in the one-stop shop mechanism Break

4 Timetable: Day one (cont) Understanding the new Principles & Duties Be able to define the fundamental principles of the GDPR Be able to discuss the relationship between the fundamental principles in the GDPR and the fundamental rights under ECHR Be able to identify the relationships between the new principles in the GDPR and the Principles for Data Quality as set out under Directive 95/46/EC and the Data Protection Acts 1988 and 2003 Be able to explain the implications of the Accountability Principle for compliance with the Regulation Be able to explain the data security requirements of the GDPR Lunch Understanding New Rights of Data Subjects Be able to understand and explain the changes to rights that exist under the pre-gdpr legislation as a result of GDPR Be able to understand the scope and application of new rights under the GDPR, including the relevant restrictions that might apply to those rights in a Public Sector context. Be able to identify the key operational changes that arise as a result of the rights Coffee Break Introducing Privacy By Design Be able to explain what is meant by Privacy by Design/By Default Be able to discuss why Privacy by Design is a philosophy not an execution methodology Be able to explain how the Fundamental Principles of GDPR relate to the Privacy by Design philosophy Be able to explain what is meant by Privacy Engineering Be able to discuss the importance of process and data-centric thinking in Privacy by Design

5 Timetable: Day two Introduction to Data & Information Governance Principles Be able to explain what is meant by Data and Information Governance Be able to discuss the concepts of Data Stewardship Be able to identify common reasons why Data Governance fails in organisations Be able to explain the difference between accountability and responsibility Be able to discuss the difference between Governance and Management of Information Introducing the role of the Data Protection Officer Be able to explain the nature and purpose of the Data Protection Officer role Be able to identify the circumstances under which a DPO would be required in their organisation Be able to explain how the DPO role should be executed in the context of Data Governance best practices Break The GDPR - The Tasks of the DPO in a Data Governance context Be able to explain Data Governance as an appropriate organisational and technical control to ensure compliance with the Regulation under the Accountability Principle Be able to identify the types of documentation that the DPO is required to oversee Be able to understand and execute the core tasks of a DPO Be able to explain when a DPO must be engaged on activities within an organisation, and how that affects governance. Be able to explain how a Data Governance framework can enable a DPO to better engage stakeholders Be able to explain how the DAMA DMBOK framework can help DPOs defining and executing tasks Lunch

6 Timetable: Day two (cont) Conducting Privacy Impact Assessments 1 Be able to outline a structured approach to defining and executing a Privacy Impact Assessment Be able to discuss the role of Ethical Information management in PIAs Be able to discuss how Privacy by Design applies to Privacy Impact Assessments Be able to identify the key content that should be addressed by your PIA Be able to discuss the benefits of retaining PIA documentation in the organisation Be able to identify three benefits from formally documented and executed PIAs outside of core Data Protection compliance Coffee Break Understanding Change Management for the DPO Be able to demonstrate an understanding of a structured change management life cycle (Kotter) Be able to explain the importance of communication and peer collaboration in change management, and relate that to concepts of Stewardship in Data Governance Be able to define and communicate a Vision for Data Protection in their organisation, and the role of the DPO in delivering that Be able to explain the use of stories and narrative as change tools Be able to identify common errors and pitfalls in Change Management Outline of related legislative changes to watch for; Assignment Overview Receive an overview of other legislative changes in development that relate to the GDPR (e.g. revision of the eprivacy Directive) Assignment Overview

Speakers Daragh O Brien Castlebridge Associates Daragh O Brien has almost seventeen years experience in Data Quality and Data Governance roles across a variety of industries.

He is a strong strategic thinker, with a focus on improving how people in organisations can use data and information more effectively to improve the bottom line, society, and personal satisfaction.

7 Speakers Daragh O Brien Castlebridge Associates Daragh O Brien has almost seventeen years experience in Data Quality and Data Governance roles across a variety of industries. He spent a number of years in roles with operational responsibility for Single View of Customer strategy and regulatory governance in the telecommunications sector. He is a strong strategic thinker, with a focus on improving how people in organisations can use data and information more effectively to improve the bottom line, society, and personal satisfaction. Daragh has contributed to Irish Government policy development on data protection and data governance, and freedom of information. He is also a regular media commentator in Ireland and internationally on data management related issues. Katherine O Keefe Castlebridge Associates Katherine O Keefe is a Data Governance and Data Protection Consultant and Trainer with Castlebridge Associates.