Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamental Principles of Personal Data Processing
- Sources of national and international legislation.
- Scope of application for personal data protection laws.
- Jurisdiction and powers of the data protection authority.
- Judicial remedies for the right to personal data protection.
- GDPR - essential information and definitions - selected topics.
- Sector-specific applications of the GDPR.
- Definition of personal data.
- Processing of personal data.
- Lawful bases for processing personal data.
- Responsibilities of the Data Controller.
- Rights of data subjects.
- Administrative fines.
- Personal Data Protection Act of 10 May 2018 – scope of regulations.
- Appointment procedures for a Data Protection Officer.
- Proceedings regarding violations of personal data protection laws.
- Monitoring compliance with personal data protection regulations.
- Civil, criminal, and administrative liability.
- Conditions for admissible processing of personal data (standard and sensitive data).
- Legal requirements for entrusting personal data processing to other entities.
- Data Protection Impact Assessment (DPIA).
- Data protection by design and by default.
- Lawful bases for transferring personal data to third countries.
- Personal data protection in employment contexts.
Appointment of a Data Protection Officer
- Mandatory requirements for appointing a Data Protection Officer.
- Optional appointment of an internal inspector.
Eligibility for Data Protection Officer Roles
- Qualifications required to act as an Inspector.
- Employment status of the Inspector.
Status and Independence of the Data Protection Officer
- Direct reporting line from the Inspector to senior management.
- Ensuring adequate support for the Supervisor.
- Involvement of the Inspector in all matters concerning personal data protection.
- Prohibition on issuing instructions regarding how the Supervisor should perform their duties.
- Avoiding conflicts of interest within the organization - responsibilities of the Supervisor.
- Prohibition on dismissing or penalizing the Inspector.
- The Inspector's duty to maintain secrecy and confidentiality regarding performed tasks.
Information Security Management
- Reviewing the organizational security management system based on Polish standards, among others.
- Identifying privacy risks and their legal implications.
- Principles of risk assessment and evaluating the impact of specific solutions on safety management effectiveness.
- Understanding and applying a risk-based approach – practical completion of a Risk Analysis template.
- Managing the Personal Data Lifecycle.
Executing Data Protection Officer (DPO) Duties
- Legal basis for appointing the DPO.
- Criteria for who must appoint a DPO, when to do so, and the appointment process.
- DPO status and required qualifications.
- DPO tasks and rules for planning their execution.
- Reporting on compliance of data processing activities with personal data protection provisions in traditional and IT systems.
- Documenting DPO activities.
- Preparing inspection reports.
- Rules for supervising documentation of personal data processing.
- Scope of UODO's powers regarding DPOs.
Practical Guidance on Inspections by the Office for Personal Data Protection
- Requirements for auditees during inspections.
- How to prepare for an inspection.
- Case study analysis.
Hands-on Activities
- Developing an exemplary Information Security Policy.
- Drafting management instructions.
- Creating a Record of Processing Activities.
- Preparing comprehensive yet concise personal data protection documentation.
- Case study exercises.
- Identifying common errors in documentation preparation.
Additional Materials for Course Participants:
Useful Forms and Templates:
- Consent for use and dissemination of image.
- Event newsletter registration form.
- Consent to receive offers.
- Procedures for sending offer emails.
- Procedures for sending general emails.
- Example of a personal data protection policy.
- Template for preparing information obligations under GDPR, along with instructions.
- Risk analysis template.
- Record of processing activities template.
- Register of categories of processing activities template.
- GDPR Breach Register template.
- GDPR Compliance Checklist template.
- Instructions for handling personal data protection breaches.
- Data Protection Breach Report template.
- Register of security incidents and corrective/preventive actions.
- Register of corrigenda.
- Register of restorations.
- Model corrigendum.
- Restoration pattern example.
- Model objection form.
- Model contract for excluding further processing of personal data.
- Sample consents for competitions, marketing, and publications.
- Information obligation for ferry crossings.
- Information obligation for meeting monitoring.
- Information obligation for recruitment processes.
- Information obligation for the National Revenue Administration.
- Information obligation for LES (Law Enforcement Services).
- Information obligation under Public Procurement Law (UCoC).
- Information obligation under the Labour Code.
- Tax-related information obligation.
- Authorization template for processing personal data for employees (with example).
- Notification of breach to data subjects template.
- Personal Data Processing Agreement for the Controller – template.
- Personal Data Processing Agreement for the Processor.
- And many more resources.
Requirements
Target Audience
- Individuals initiating their role as a Data Protection Officer.
- Professionals scheduled to assume this position in the future.
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
