-
Understanding and Applying the General Data Protection Regulation (GDPR): Introduction -- Trainer Introduction and Course Outline
Practical examples are used to explain the rules and regulations of the GDPR so that, by the end of the course, you will be able to act in compliance with the law, thus preventing possible financial and reputational damage to your company. (Introduction, Course Outline, Handouts, Quiz)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Data Breaches
The GDPR responds to the sometimes lazy handling of data breaches in recent years by mandating a duty to immediately report data breaches. (Mandatory Reporting, Time Limits, Penalties)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Data Processing
A common occurrence in the practice of data collection concerns the elicitation, processing, or even use of data by an external service provider for another client.
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Introduction
GDPR Article 24 provides a clear mandate that the responsible party must take appropriate technical and organizational measures to ensure that data processing takes place within the scope and meaning of the regulation.
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Maintaining a Record of Processing Activities
Almost every company generates a large amount of customer or employee data across a wide variety of areas and categories. In order to ensure compliance, the GDPR mandates that each data controller or processor maintain a record of processing activities. (Record-keeping, Exceptions to the Record-Keeping Requirement)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Summary
Knowledge of your company's data collection processes makes it possible to maintain control and to achieve a lawful implementation of the GDPR. (Benefits of legally compliant implementation, GDPR certification)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Responsibility of Data Controller or Processor -- Technical and Organizational Measures (TOM)
The GDPR requires responsible parties to take measures to ensure that data processing takes place within the meaning of the regulation. These include structural and technical measures such as maintaining data access controls, separating data, etc. (Access Control, Structural Measures, Encryption, Firewall, Recovery Measures)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Rights of Data Subjects -- Rights of Data Subjects
Data subjects have a large number of rights resulting from the protection of personal data. The General Data Protection Regulation makes the body holding the data responsible for protecting the rights of the data subject. (GDPR Art. 12: Transparency, GDPR Art. 13 + 14: Duty to Provide Information, GDPR Art. 15: Right of Access, GDPR Art. 16: Right to Rectification, GDPR Art. 17: Right to Erasure, GDPR Art. 20: Right to Data Portability, GDPR Art. 21: Right to Object, GDPR Art. 30: Documentation Requirement)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Summary
A short summary and concluding remarks.
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Data Protection Officer
Companies of a certain size, or that engage in a certain scope and type of data processing, may be required to appoint a data protection officer. (Tasks, Requirements, Freedom to Comply, Confidentiality)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Introduction
The easiest way to internalize the general objectives of the General Data Protection Regulation is imagining that the basic principles of the regulation weave through it like a continuous red thread. Remember these principles and you will have a good starting point for evaluating whether a specific process merits data protection. (Basic Principles of Data Protection)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Principle 1, Prohibition of Data Processing and Exceptions to Consent
In principle, the GDPR does NOT allow permission to process personal data without the explicit consent of the person concerned. There are, however, some legal exceptions. (Exceptions to Consent)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Principle 2, Purpose of Data Collection
Data may only be used for the purpose for which they were collected. If the purpose is not specified, then the data must be deleted. (Purpose of Data Collection)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Principle 4, Data Security
The General Data Protection Regulation also requires that access to the data remains secure. This must be guaranteed at all times, so that misuse of this data can be prevented. (Data Security, Technical and Organizational Measures (TOM))
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Principle 5, Transparency
It must be clear to the person concerned about how, where, and to what extent their data is being collected and processed. (Transparency, IP Addresses, Right to Be Forgotten, Right to Information, Data Transfer)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Summary
The five basic principles of the GDPR are summarized and presented in overview.
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Foundations of Data Processing -- Data Processing With Consent
The processing of data is generally permitted if a data subject explicitly agrees to a data collection. (GDPR Art. 6 (1a), GDPR Art. 7, Consent, Consent Criteria, Voluntary Consent, Data Sharing Ban, Purpose Of Data Collection, Right Of Revocation, Privacy By Design)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Foundations of Data Processing -- Introduction
There are two important situations that must be considered when determining the legality of data collection: Did the data subject provide consent or not? (GDPR Art. 6 (1), Legality)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Why Data Protection? What Exactly is the GDPR? -- Why Deal with Data Protection Anyway?
The General Data Protection Regulation has one main objective: to guarantee the protection of personal data.
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Foundations of Data Processing -- Data Processing Without Consent
The permission to process data is not always bound to the consent of the person concerned. (GDPR Art. 6 (1b): Existing or Planned Contractual Relationship, GDPR Art. 6 (1c): Legal Obligation, GDPR Art. 6 (1d): Protection of Vital Interests, GDPR Art. 6 (1e): Performance of a Task Carried Out in the Public Interest, GDPR Art. 6 (1f): Safeguarding a Legitimate Interest.)
-
Understanding and Applying the General Data Protection Regulation (GDPR): Why Data Protection? What Exactly is the GDPR? -- How is the Protection of Data Guaranteed?
The GDPR must be applied as soon as data are created that can be traced back to a specific natural person. (Intention and Scope of the GDPR, Penalties for Violation of the GDPR)
-
Understanding and Applying the General Data Protection Regulation (GDPR): The Five Basic Principles of Data Protection -- Principle 3, Data Collection Limits
The General Data Protection Regulation states that only those data shall be collected that are appropriate and immediately necessary for the stated purpose. (Data Collection Limits, Privacy by Design, Privacy by Default)