The GDPR entered in effect on 25 May 2018, putting emphasis on the Data Protection Officer (DPO) as a key person to ensure personal data are kept and managed safely.
During that 1-day training session, DPO as well as other staff coordinating data protection will gain knowledge as to the key concepts underlying the GDPR as well as to their roles in an organisation.
While this training session does not support a DPO certification, it aims at providing a comprehensive and solid ground for DPO and alikes in their day-to-day activities.
At the end of the training, participants will be able to:
have a proper understanding of the Luxembourg and EU regulatory framework as to data privacy;
understand their role and function as a key person in charge of data privacy;
explain the key concepts of the GDPR and how they apply to their respective organisation, whether locally or a group level;
define their action and monitoring plans for compliance with the regulation;
interact with the data protection authorities
1) Introduction: overview of the Regulation
(Purpose, Territorial scope, Material scope, General principles, Controller/Processor, Data privacy by design and by default, Register of processing)
2) Role and position of a DPO
(Mission and role of the DPO, Typical tasks of a DPO, Management of conflict of interest, Criteria leading to the appointment of a DPO)
3) Lawfulness of processing
(Different lawful bases as per the regulation, Attention areas applicable to each base, Case study)
4) Consent as a lawful base
(Valid consent, Balancing test vs the data subject rights, Case study)
5) Management of personal data of special category
(Children, Criminal convictions, Special category of data, Case study)
6) Data subject rights
(Different rights, Limitations and conditions to the exercise of rights, Role of the DPO, Case study)
7) Requirements for data controllers and data processors
(Information security, DPIA, Incident and breach management, Training, Case study)
8) Transfer of personal data in/ou the EEA
(Conditions for transfer incl BCR, Case study)
(Organisation, Approach, Certification)
10) When it goes wrong
(Fines, Practical examples)
11) Q&A and closing
Data Protection Officers and GDPR leaders
Our Lead Expert
From daily operations to regulatory compliance, Frédéric helps local and global asset managers, fund service providers and banks to successfully run their businesses for nearly 20 years. Areas of focus: UCITS, AIFMD and GDPR regulations, private equity & real estate, organisation setup and review, project management.
Number of participants: limited to 20 participants, to ensure a high interactivity during the training.
Duration: 7 hours