The GDPR has been in force since May 2018 as an EU-wide set of regulations and must be applied. Companies without principal office in EU-countries, but who collect and compute personal data from EU-citizens, are required to follow the GDPR rules. Is your organization ready to embrace a more rigorous privacy regime as espoused by GDPR?
Since the penalties for data protection violations have been drastically increased, violations are punishable up to $20 Million or 4% of worldwide sale, a foundational understanding of the GDPR is necessary in order to prevent serious financial damage, not to mention a potential loss of your company’s reputation.
GDPR is complex and everyone’s requirements will be different but it’s imperative that everyone is aware of their responsibilities.
If you work with personal data from EU citizens, or have a branch office in the EU, this course is right for you. You need to be familiar with the intention and scope of the GDPR, the basic principles of data protection (Prohibition of Data Processing and Exceptions to Consent, Purpose of Data Collection, Data Collection Limits, Data Security, Transparency), the foundation of data processing (Privacy by Design, Privacy by Default) the rights of the subject (Right of Access, Right to Erasure, and more), the responsibilities of a Data Controller and Processors and what the tasks and responsibilities of a Data Protection Officer is.
After completing this course, you will be able to identify which requirements of the GDPR apply to your specific handling of data and need to be observed, you will be able to take vital information back into the workplace. You will learn:
Why Data Protection - What Exactly is the GDPR?
The Five Basic Principles of Data Protection
The Foundations of Data Processing
Rights of Data Subjects
Responsibility of Data Controller or Processor
The Data Protection Officer
Practical examples are used to explain the rules and regulations of the GDPR so that, by the end of the course, you will be able to act in compliance with the law, thus preventing possible financial and reputational damage to your company.
The additional material provided for this lecture includes an Course Overview: Table of Contents (PDF)Trainer Introduction and Course Outline Preview 01:59 + – Why Data Protection? What Exactly is the GDPR? 2 lectures 06:44
The General Data Protection Regulation has one main objective: to guarantee the protection of personal data.Why Deal with Data Protection Anyway? Preview 02:07
The GDPR must be applied as soon as data are created that can be traced back to a specific natural person.
The additional material provided for this lecture includes the complete text of the General Data Protection Regulation (GDPR). You do not have to read through the entire thing! The course will refer to individual chapters and articles using specific and concrete examples. Having access to the full GDPR text gives you the opportunity to consult a specific section of the original text, should you so choose.How is the Protection of Data Guaranteed? Preview 04:37 + – The Five Basic Principles of Data Protection 7 lectures 13:54
The easiest way to internalize the general objectives of the General Data Protection Regulation is if you imagine that the basic principles of the regulation weave through it like a continuous red thread. Remember these principles and you will have a good starting point for evaluating whether a specific process merits data protection.Introduction Preview 00:45
In principle, the GDPR does NOT allow permission to process personal data without the explicit consent of the person concerned. There are, however, some legal exceptions.Principle 1: Prohibition of Data Processing and Exceptions to Consent Preview 01:24
Data may only be used for the purpose for which they were collected. If the purpose is not specified, then the data must be deleted.Principle 2: Purpose of Data Collection 03:32
The General Data Protection Regulation states that only those data shall be collected that are appropriate and immediately necessary for the stated purpose.Principle 3: Data Collection Limits 02:32
The General Data Protection Regulation also requires that access to the data remains secure. This must be guaranteed at all times, so that misuse of this data can be prevented.Principle 4: Data Security 01:28
It must be clear to the person concerned about how, where, and to what extent their data is being collected and processed.Principle 5: Transparency 02:14
The five basic principles of the GDPR are summarized and presented in overview.
The additional material for this lecture includes an overview file (PDF).Summary 01:59 + – The Foundations of Data Processing 3 lectures 07:40
There are two important situations that must be considered when determining the legality of data collection: Did the data subject provide consent or not?Introduction Preview 00:43
The processing of data is generally permitted if a data subject explicitly agrees to a data collection.
The additional material for this lecture includes a template for a Consent Agreement (PDF).Data Processing with Consent 03:23
The permission to process data is not always bound to the consent of the person concerned.Data Processing without Consent 03:34 + – Rights of Data Subjects 1 lecture 05:16
Data subjects have a large number of rights resulting from the protection of personal data. The General Data Protection Regulation makes the body holding the data responsible for protecting the rights of the data subject.
The additional material provided for this lecture includes a template for providing information to a data subject.Rights of Data Subjects 05:16 + – Responsibility of Data Controller or Processor 6 lectures 10:44
GDPR Article 24 provides a clear mandate that the responsible party must take appropriate technical and organizational measures to ensure that data processing takes place within the scope and meaning of the regulation.Introduction Preview 01:34
Almost every company generates a large amount of customer or employee data across a wide variety of areas and categories. In order to ensure compliance, the GDPR mandates that each data controller or processor maintain a record of processing activities.
The additional material provided for this chapter includes a record-keeping example (Excel file).Maintaining a Record of Processing Activities 03:15
The GDPR requires responsible parties to take measures to ensure that data processing takes place within the meaning of the regulation. These include structural and technical measures such as maintaining data access controls, separating data, etc.
The additional material provided for this lecture includes an example for technical and organizational measures (PDF).Technical and Organizational Measures (TOM) 01:27
A common occurrence in the practice of data collection concerns the elicitation, processing or even use of data by an external service provider for another client.
The additional material for this lecture includes a Data Processing example (PDF). Of course, this example must be revised to suit the specific needs of your business.Data Processing 01:58
The GDPR responds to the sometimes lazy handling of data breaches in recent years by mandating a duty to immediately report data breaches.Data Breaches 01:25
Knowledge of your company's data collection processes makes it possible to maintain control and to achieve a lawful implementation of the GDPR.Summary 01:05 + – The Data Protection Officer 1 lecture 02:42
Companies of a certain size, or that engage in a certain scope and type of data processing, may be required to appoint a data protection officer.The Data Protection Officer 02:42 + – Summary 1 lecture 02:02
A short summary and concluding remarks.Summary Preview 02:02
It’s easy to validate your knowledge with our end of chapter quizzes. You can also skip a module and use the quiz to verify that you already know the content. A result of 80% or better, is good enough!Quiz GDPR 12 questions
Register to leave a review