The General Data Protection Regulation (GDPR) is certainly the most significant Personal Data legislation since 20 years. Organisations will have to start their compliance journey now, because the regulation came into force since May 2018. To what extent are you prepared to pay a fine that might reach 4% of your organisation turnover?
Attend our training and get practical advice on how to set up a compliant programme within your organisation.
At the end of the session, participants will be able to:
- Explain the main principles of the regulations and their impacts;
- Determine the steps to implement in order to ensure compliance;
- Establish a GDPR compliance program;
- Review and analyse the current Personal Data Protection program taking into account the new requirements.
1) Regulatory framework for Personal Data processing
- Understand the regulatory context related to the processing of Personal Data and, in particular, the new principles (i.e. data minimisation, personal data protection by design, etc.);
- Know the processing conditions and data subject rights and, in particular, the new rights (i.e. portability, the right to be forgotten, etc.);
- Determine personal data types, their locations as well as their retention period;
- Respect archiving rules and the destruction of Personal Data.
2) Communication of Personal Data
- Communicate Personal Data to third parties;
- Transfer Personal Data out of the EEA;
- Identify the actors (internal or external) that are involved in Personal Data processing;
- Understand the responsibility of the service provider.
3) How to demonstrate Accountability?
- Evaluate maturity;
- Implement adequate rules;
- Ensure sustainable compliance.
4) Implementation of the needed measures to ensure security and confidentiality of Personal Data
- Understand the legal obligation to protect Personal Data;
- Understand the specificities of the management of Personal Data by third parties and the risks related to cloud computing;
- Understand the importance of impact studies and vulnerability studies.
- Data Protection Officers,
- Chief Information System Officers,
- Compliance Officers
Our Lead Experts
From daily operations to regulatory compliance, Frédéric helps local and global asset managers, fund service providers and banks to successfully run their businesses for nearly 20 years. Areas of focus: UCITS, AIFMD and GDPR regulations, private equity & real estate, organisation setup and review, project management.
Manager at PwC Luxembourg, Gabriela helps clients assess and improve their data protection approaches, particularly with respect to the new data protection regulation. She has has more than 10 years experience in information security of systems, with a particular interest in innovation related to the links between policies, controls and processes. Gabriela is passionate about bringing security and privacy closer to people and organisations. She regularly delivers talks at international conferences on IT security and privacy.
This training is also available in French.
Number of participants: limited to 20 participants, to ensure a high interactivity during the training.
Duration: 0.5 day