Personal Data Protection Officer - Basic Level

Audience

• Individuals who are starting to act as a Data Protection Officer
• Individuals who will be appointed to this position in the future

Purpose of the Training

• Acquainting the audience with systematized, comprehensive issues of the functioning of personal data protection on the basis of Polish and European law
• Providing practical knowledge about the new rules for the processing of personal data
• Presentation of the areas of the greatest legal risks in connection with the entry into force of the GDPR
• Practical preparation for independent performance of the duties of a Personal Data Protection Officer

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Day I

I. Basic principles of personal data processing
1. Sources of national and international law
2. The scope of application of personal data protection laws
3. The scope of powers of the data protection authority
4. Judicial protection of the right to the protection of personal data
5. GDPR - basic information and definitions - selected issues
6. Sector-specific GDPR
7. Personal data
8. Processing of personal data
9. Legal bases for processing personal data
10. Administrator's Responsibilities
11. Rights of data subjects
12. Administrative fines
13. Personal Data Protection Act of 10 May 2018 – scope of regulations
14. appointing a Data Protection Officer
15. Proceedings for infringement of personal data protection laws
16. Monitoring compliance with personal data protection regulations
17. Civil, criminal and administrative liability
18. Conditions for the admissibility of the processing of personal data (ordinary and sensitive data)
19. Legal requirements for the institution of entrusting the processing of personal data to other entities
20. Data Protection Impact Assessment
21. Data protection by design, data protection by default
22. Legal bases for the transfer of personal data to a third country
23. Protection of personal data in employment relations

II. Appointment of a Data Protection Officer
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of an Inspector

III. Who can be a Data Protection Officer?
1. Qualifications to act as an Inspector
2. Form of employment of the Inspector

Day II

IV. Status of the Data Protection Officer
1. Direct reporting of the Inspector to the top management
2. Arranging support for the Supervisor
3. Participation of the Inspector in all matters related to the protection of personal data
4. Prohibition of giving instructions to the Supervisor as to how he or she shall carry out his or her duties
5. Avoiding conflicts of interest in the organization - tasks of the Supervisor
6. Prohibition of dismissal and punishment of the Inspector
7. The duty of the Inspector to maintain the secrecy or confidentiality of the tasks performed

V. Information Security Management
1. Discussion of the security management system in the organization based on the m.in Polish standards
2. Identification of privacy risks and their legal implications
3. Principles of risk assessment and assessment of the impact of the application of specific solutions in the field of effectiveness of safety management
4. How to understand and apply a risk-based approach – practical completion of the Risk Analysis template
5. Personal Data Lifecycle Management

VI. Performing the tasks of the Data Protection Officer (DPO)
1. Legal basis for the appointment of the DPO
2. Who and when must appoint a DPO and how they will be appointed
3. DPO status and qualifications
4. DPO's tasks and the rules for planning their performance
5. Conducting reports on the compliance of data processing with the provisions on the protection of personal data in traditional and IT systems
6. Documenting the activities carried out by the DPO
7. Preparation of inspection reports
8. Rules for supervising the documentation of personal data processing
9. Scope of UODO's powers in relation to DPOs

Day III

VII. Practical information on the inspection of the Office for Personal Data Protection
1. Requirements of the Office for auditees
2. How to prepare for the inspection
3. Case study

VIII. Hands-on activities
1. Development of an exemplary Information Security Policy
2. development of management instructions
3. Development of a Register of Processing Activities
4. Preparation of the so-called Small Personal Data Protection Documentation
5. Case study
6. The most common errors in the preparation of documentation

Additional materials for course participants:

Useful forms and templates:
1. Consent to the use and dissemination of the image
2. Event- newsletter entry
3. Consent to send you an offer
4. Sending offer emails
5. Sending general emails
6. Example of a personal data protection policy
7. Template for the preparation of the information obligation, in accordance with the GDPR, together with the instructions
8. Risk analysis template
9. Register of personal data processing activities – template
10. Register of categories of processing activities – template
11. GDPR Breach Register – Template
12. GDPR Compliance Checklist Template
13. Instructions on how to proceed in the event of a breach of personal data protection regulations
14. Data Protection Breach Report Template
15. Register of security incidents and corrective and preventive actions
16. Register of corrigenda
17. Register of restorations
18. Model corrigendum
19. Restoration pattern
20. Model Objection
21. A model contract excluding further processing of personal data
22. Sample consents for competitions, marketing, publications
23. Obligation to provide information to ferry crossing
24. Obligation to provide information monitoring of the meeting
25. Obligation to provide information on recruitment
26. Obligation to provide information to the National Revenue Administration
27. Information obligation of the LES
28. Public Procurement Law (UCoC) information obligation
29. Information obligation: Labour Code
30. Tax information obligation
31. Authorization to process personal data for employees: a template to be filled in with an example
32. Notification of a breach to data subjects – template
33. Personal Data Processing Agreement for the Controller – template
34. Personal Data Processing Agreement for the Processor
35. And many more