Introduction
Data protection is taking the world by storm. Anyone who works with personal and company sensitive data needs to understand how to ensure compliance with new data protection laws, both in the UAE, the GCC and globally.
This is a practical course that gives participants knowledge and necessary guidance to build a privacy framework within their organization. International Data Protection laws will be covered including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and the newly launched DIFC Data Protection Law.
Goals
Participants will learn:
- Operational compliance.
- Decision making.
- Communication with stakeholders.
- Information Governance.
- Policy Creation.
TRAINING OBJECTIVES
- Define data protection principles and rights of data subjects.
- Determine the lawful basis for processing data.
- Demonstrate how to deal with subject access requests, data breaches and internal investigations.
- Apply appropriate transfer mechanisms for cross border transfer of personal data.
- Create and implement a privacy framework for their organization.
Training Methodology
This course is highly interactive with facilitator-led presentations, group discussion and real current case studies.
Target Groups
This course is suitable for anyone who handles sensitive personal or company data. This includes compliance officers and managers, auditors, IT managers, human resources, database professionals and any information security, incident management, and business continuity professionals whose responsibilities include the secure handling of data.
Program Content
Introduction to Data Protection
- General Data Protection Regulation (GDPR) and DIFC Data Protection Laws 2020.
- Other relevant Data Protection laws.
- Data Protection terminology.
- Personal Data and special categories of data.
- Data Protection principles.
- Role of Controllers and Processors.
- Data Processing Agreements.
Legal Basis
- Lawful basis for processing Personal Data.
- Processing special category Personal Data.
- Conditions of consent.
- Understand the reliance on legitimate interests.
Data Subjects
- Privacy Notices.
- Rights of Data Subjects.
- Subject Access Requests (SARs).
Data Breaches and Complaints
- Obligations of the Processor.
- Notification to the Commissioner.
- Notification to Data Subjects.
- Breach procedure.
- Remedies, liabilities and sanctions.
- Complaints and mediation.
- Fines.
Security
- Security of data.
- Pseudonymization.
- Encryption.
The Data Protection Officer (DPO) Role
- The duties and obligations of the DPO.
- High Risk Processing.
- Communicating with Data Subjects.
- Cooperating with the Commissioner.
- Consider the Annual Risk Assessment.
Cross border transfers
- Transfers outside of jurisdiction in absence of adequate protection.
- Countries that have adequate level of protection.
- Schrems II case.
- Standard Contractual Clauses.
- Binding Corporate Rules.
- Derogations.
Governance
- Understand concept of accountability to demonstrate compliance.
- How to achieve compliance.
- Understand concept of Records of Processing Activities (RoPA).
- How to mitigate risk.
- Monitoring compliance.
- Understand concept of Data Protection Impact Assessments (DPIAs).
