Course Methodology
This course is based on open discussions, question and
answer sessions, group exercises, activities, videos, case studies and
presentations based on best practices, case studies and core principles.
Course Objectives
By the end of the course, participants will be able to:
- Review and reinforce understanding of Personal
Data Protection Law (PDPL) principles and the rights of data subjects
- Proficiently identify the lawful basis for data
processing
- Gain comprehensive knowledge of the
responsibilities and duties of a Data Protection Officer (DPO)
- Apply acquired knowledge to establish an effective
privacy program, encompassing both centralized and hybrid models
- Develop strategies for implementing the necessary
technical and organizational measures to safeguard personal data within
your organization
Target Audience
The course is suitable for anyone who will be managing the implementation
of the Saudi Arabia Personal Data Protection Law (PDPL). This includes
but not limited to; compliance officers or managers, data protection officers,
auditors, IT managers, project managers, lawyers and business analysts.
While there are no specific prerequisites for enrolment, having a foundational
understanding of data protection concepts can be advantageous.
Target Competencies
- Investigating
- Compliance
- Leadership
- Decision making
- Communication with stakeholders
Personal Data Protection Law (PDPL) Overview
- Data Protection terminology
- Controllers and Joint Controllers, their roles and
responsibilities
- Privacy laws around the world
- Saudi Arabia Personal Data Protection Law (PDPL)
- Privacy Governance
- The duties and obligations of the Data Protection
Officer
The Role of the Data Protection Officer – the first 30 days
- Understand the lawful basis for processing
personal data
- Governance
- Data Mapping – How to begin
- How to record processing activities
- Technical and organisational measures required for
personal data
Compliance
- When and how to conduct Data Protection Impact
Assessments (DPIAs)
- When and how to conduct Legitimate Interest
Assessments (LIAs)
- Website compliance
- Marketing, promotions and events
- Policies, controls and procedures, and
communications
- Intra group transfer agreements and Data
Processing Addendums
The Complete Data Protection Program
- Data Subject Access Requests
- Incident Response Plan
- Data Retention
- Training and Awareness
- Monitoring and the completed data protection
program
