Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamentals of Personal Data Processing
- Sources of national and international law
- Scope of application for personal data protection laws
- Powers and authorities of the data protection supervisory body
- Judicial protection of the right to personal data protection
- GDPR - essential information, definitions, and selected issues
- Sector-specific GDPR requirements
- Definition and classification of personal data
- Processing of personal data
- Legal bases for processing personal data
- Obligations of the Data Controller
- Rights of data subjects
- Administrative fines
- Personal Data Protection Act of May 10, 2018 – scope of regulations
- Appointing a Data Protection Officer
- Proceedings for violations of personal data protection laws
- Monitoring compliance with personal data protection regulations
- Civil, criminal, and administrative liability
- Conditions for lawful processing of personal data (including ordinary and sensitive data)
- Legal requirements for engaging external entities to process personal data
- Data Protection Impact Assessment (DPIA)
- Data protection by design and by default
- Legal bases for transferring personal data to third countries
- Protection of personal data in employment contexts
Appointment of a Data Protection Officer
- Mandatory appointment of a Data Protection Officer
- Optional appointment of a Data Protection Inspector
Eligibility for Data Protection Officer Role
- Qualifications required for Data Protection Inspectors
- Employment structure for Data Protection Inspectors
Status and Independence of the Data Protection Officer
- Direct reporting lines to top management
- Ensuring adequate support for the Data Protection Supervisor
- Involvement in all matters related to personal data protection
- Prohibition on instructing the Supervisor regarding duty execution
- Avoiding conflicts of interest – responsibilities of the Supervisor
- Prohibition on dismissal or penalizing the Data Protection Inspector
- Duty of confidentiality regarding performed tasks
Information Security Management
- Discussion of organizational security management systems based on Polish standards
- Identification of privacy risks and their legal implications
- Principles of risk assessment and evaluating the impact of specific security solutions
- Understanding and applying a risk-based approach – practical exercise using the Risk Analysis template
- Personal Data Lifecycle Management
Executing Data Protection Officer (DPO) Duties
- Legal basis for DPO appointment
- Criteria for who must appoint a DPO, when, and the appointment process
- DPO status and professional qualifications
- DPO tasks and rules for planning their execution
- Conducting compliance reports on data processing in traditional and IT systems
- Documenting DPO activities
- Preparation of inspection reports
- Rules for supervising personal data processing documentation
- Powers of the Office for Personal Data Protection (UODO) regarding DPOs
Practical Guide to Office for Personal Data Protection Inspections
- Requirements for audited entities
- Preparation strategies for inspections
- Case study analysis
Practical Exercises
- Developing an exemplary Information Security Policy
- Drafting management instructions
- Creating a Register of Processing Activities
- Preparing the 'Small Personal Data Protection Documentation'
- Case study
- Common errors in documentation preparation
Additional Resources for Course Participants:
Useful Forms and Templates:
- Consent for image use and dissemination
- Event newsletter registration
- Consent to receive offers
- Email templates for sending offers
- General email communication templates
- Example personal data protection policy
- GDPR-compliant information obligation template with instructions
- Risk analysis template
- Register of processing activities – template
- Register of processing categories – template
- GDPR Breach Register – template
- GDPR Compliance Checklist template
- Instructions for handling personal data protection breaches
- Data Protection Breach Report template
- Register of security incidents and corrective/preventive actions
- Register of corrigenda
- Register of restorations
- Model corrigendum
- Restoration pattern template
- Model objection form
- Sample contract for excluding further personal data processing
- Sample consents for competitions, marketing, and publications
- Information obligation for ferry crossings
- Information obligation for meeting monitoring
- Information obligation for recruitment processes
- Information obligation for the National Revenue Administration
- Information obligation for LES entities
- Public Procurement Law (UCoC) information obligation
- Labour Code information obligation
- Tax information obligation
- Employee personal data processing authorization template (with example)
- Notification of breach to data subjects – template
- Personal Data Processing Agreement for the Controller – template
- Personal Data Processing Agreement for the Processor
- And many more resources
Requirements
Target Audience
- Individuals beginning their role as a Data Protection Officer
- Individuals slated for appointment to this position in the future
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
