The new GDPR (General Data Protection Regulation) was unveiled in May 2016 and implemented on May 25th, 2018 in every state of the European Union.
The real innovation is in the adoption of a key concept: ‘privacy by design’. This means granting data protection at every phase of a process or a system, starting from its design and planning, in order to prevent threats and violations. In that sense, GDPR introduced the role of a Data Protection Officer (DPO), who is in charge of managing personal data of companies and institutions in a safe manner, keeping a Register of Processing and assessing the impact of data protection on rights and personal freedom (DPIA).
The course will give an overview on the implications that the GDPR is imposing to all departments that are involved with the processing of personal data. Technological, normative and legal aspects will be stressed.
- Introduction – historical overview on Personal data protection
- Protection regulations – European and national regulatory framework (General Data protection Regulation, TU Privacy and Guarantor provisions.
- Risk management – Risk Analysis – ISO 31000: Risk management: Principles and Guidelines
- ISO standards – ISO 20000, ISO 22301, ISO 27000: principles concerning the norm.
- Data classification – new categories of data and their processing, penalties, fulfilments, notification duties and data breach, new rights of the person concerned, safety of sensitive and confidential information, safety of digital databases, privacy by design and by default, DPO, Right to be forgotten, principles of transparency and accountability, register of processing, DPIA.
- Information security: logistic and legal implications – company organization, training plan, company regulations, document management, audit activities applied to Personal data protection code, Personal data management system.
Those who are interested on Personal information protection, according to their specific role.