Module 2: Binding Corporate Rules

• Introduction and Scope

• UK ICO’s Perspective on Scope

• Defining Processing Under GDPR

• Entities Involved in Data Processing

• Understanding Special Data Categories

• Legal Framework and Compliance Timeline

• Exceptions and Key Areas for Derogation

• Personal Data Breach Management

• Consequences of Non-Compliance

• Establishing a Governance Framework

 

Module 3: GDPR Terminology and Techniques

• Key Roles in GDPR Compliance

• Understanding Data Sets

• Handling Subject Access Requests (SARs)

• Conducting Data Protection Impact Assessments (DPIAs)

• Triggers and Exemptions for DPIAs

• DPIA Process and Decision Path

• Mitigating Risks Identified in DPIAs

• Implementing Privacy by Design and Default

• Managing External Data Transfers

• Applying Pseudonymization and Profiling

​

Module 4: Structure of GDPR

• Breakdown of GDPR Components

• Article Format and Interpretation

 

Module 5: Principles and Data Subject Rights

• Overview of Core Principles

• Lawfulness, Fairness, and Transparency in Data Processing

• Legal Basis for Processing and Special Data Categories

• Conditions for Processing Criminal Offense Data

• Importance of Consent and Transparency

• Rights of Data Subjects and Purpose Limitation

• Principles of Data Minimization, Accuracy, and Storage Limitation

• Integrity, Confidentiality, and Accountability Requirements

 

Module 6: Ensuring Compliance with GDPR

• Strategies for Demonstrating Compliance

• Consequences of Non-Compliance and Administrative Fines

• Factors Influencing Fine Amounts

• Responsibilities of Joint Controllers and Processors

• Required Compliance Documentation

• Establishing a Robust Data Protection Framework

• Introduction to PIMS, Cyber Essentials, and ISO 27017

 

Module 7: Incident Response and Data Breaches

• Defining a Personal Data Breach

• Regulatory Notification Obligations

• Criteria for Reporting a Breach to Authorities

• Communicating Breaches to Affected Individuals

• Best Practices for Breach Response and Mitigation

 

Module 8: Key Roles in GDPR Compliance

• Responsibilities of Businesses Under GDPR

• Distinctions Between Data Controllers and Processors

• Compliance Obligations of Data Controllers and Processors

• Record-Keeping and Cooperation with Authorities

• Maintaining Data Security and Breach Transparency

​​

Module 9: Role of the Data Protection Officer (DPO)

• Duties and Responsibilities of a DPO

• Legal Requirements for Appointing a DPO

• Compliance Monitoring and Employee Training

• Risk-Based Approach in Data Protection

• Independence and Conflict of Interest Considerations

 

Module 10: UK GDPR Implementation

• Differences Between GDPR and the UK Data Protection Act

• Key Provisions of the UK Data Protection Bill

• Age of Consent, Freedom of Expression, and Research Considerations

 

Module 11: Key Features of GDPR

• Privacy by Design and Data Portability

• Right to Be Forgotten and Clear Consent Guidelines

• Regulations on Profiling and Universal Compliance

 

Module 12: Handling Subject Access Requests (SARs)

• Identifying and Responding to SARs

• Time Limits, Fees, and Excessive Requests

• Determining What Information Can Be Disclosed

• Best Practices for SAR Responses

 

Module 13: Data Subject Rights

• Understanding the Scope of Data Subject Rights

• Compliance With Requests for Information, Rectification, and Erasure

• Legal Grounds for Rejecting Erasure Requests

• Guidelines for Restricting Processing and Data Portability

 

Module 14: Lawful Processing of Personal Data

• Legal Justifications for Data Processing

• Special Conditions for Sensitive Data Processing

• Importance of Consent and Legitimate Interests

 

Module 15: International Data Transfers

• Cross-Border Data Transfer Mechanisms

• Legal Derogations and Adequacy Agreements

• Binding Corporate Rules (BCR) and Privacy Shield Framework

 

Module 16: Data Security and Breach Response

• Key Areas for Data Protection

• Defensive Design and Incident Response Strategies

• Reporting Breaches and Incident Management Procedures

 

Module 17: Conducting Data Protection Impact Assessments (DPIA)

• When and Why DPIAs Are Required

• Responsibilities and Decision-Making in DPIA Execution

• Mitigating Risks Identified in DPIAs

 

Module 18: Data Categorization Techniques

• Need-Want-Drop Framework for Data Classification

 

Module 19: Third-Party Data Management and Cloud Compliance

• Challenges and Myths of Cloud Computing

• Key Considerations for Cloud Data Security

• Establishing Controller-Processor Agreements

 

Module 20: Practical Implications of GDPR

• Brexit’s Influence on GDPR Compliance

• Adequacy Agreements and Representation Requirements

 

Module 21: Legal Obligations Under GDPR

• Fundamental Processing Principles

• Transparency, Consent, and Security Requirements

• Data Breach Management and Impact Assessments

 

Module 22: Privacy Principles in GDPR

• Ensuring Lawfulness, Fairness, and Transparency

• Limiting Data Collection and Retention

• Upholding Data Integrity and Confidentiality

 

Module 23: Common Data Security Pitfalls and Lessons Learned

• Frequent Data Security Failures and Their Consequences

• Financial, Legal, and Reputational Impacts of Breaches

• Best Practices for Managing Communication During a Breach