Course Methodology

This course is highly interactive with facilitator-led presentations, group discussion and real current case studies.

Course Objectives

By the end of the course, participants will be able to:

• Define data protection principles and rights of data subjects
• Determine the lawful basis for processing data
• Demonstrate how to deal with subject access requests, data breaches and internal investigations
• Apply appropriate transfer mechanisms for cross border transfer of personal data
• Create and implement a privacy framework for their organization

Target Audience

This course is suitable for anyone who handles sensitive personal or company data.  This includes compliance officers and managers, auditors, IT managers, human resources, database professionals and any information security, incident management, and business continuity professionals whose responsibilities include the secure handling of data.

This course is also suitable for current Data Protection Officers who are seeking to become certified or update their knowledge with the latest laws.

Target Competencies

• Operational compliance
• Decision making
• Communication with stakeholders
• Information Governance
• Policy Creation

Introduction to Data Protection

• General Data Protection Regulation (GDPR) and DIFC Data Protection Laws 2020
• Other relevant Data Protection laws
• Data Protection terminology
• Personal Data and special categories of data
• Data Protection principles
• Role of Controllers and Processors
• Data Processing Agreements

Legal Basis

• Lawful basis for processing Personal Data
• Processing special category Personal Data
• Conditions of consent
• Understand the reliance on legitimate interests

Data Subjects

• Privacy Notices
• Rights of Data Subjects
• Subject Access Requests (SARs)

Data Breaches and Complaints

• Obligations of the Processor
• Notification to the Commissioner
• Notification to Data Subjects
• Breach procedure
• Remedies, liabilities and sanctions
• Complaints and mediation
• Fines

Security

• Security of data
• Pseudonymization
• Encryption

The Data Protection Officer (DPO) Role

• The duties and obligations of the DPO
• High Risk Processing
• Communicating with Data Subjects
• Cooperating with the Commissioner
• Consider the Annual Risk Assessment

Cross border transfers

• Transfers outside of jurisdiction in absence of adequate protection
• Countries that have adequate level of protection
• Schrems II case
• Standard Contractual Clauses
• Binding Corporate Rules
• Derogations

Governance

• Understand concept of accountability to demonstrate compliance
• How to achieve compliance
• Understand concept of Records of Processing Activities (RoPA)
• How to mitigate risk
• Monitoring compliance
• Understand concept of Data Protection Impact Assessments (DPIAs)