Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamental Principles of Personal Data Processing
- Sources of national and international legal frameworks.
- Scope of application for personal data protection laws.
- Powers and jurisdiction of the data protection authority.
- Judicial recourse for the right to personal data protection.
- GDPR essentials: key definitions and selected topics.
- Sector-specific applications of the GDPR.
- Defining personal data.
- The process of data processing.
- Lawful bases for processing personal data.
- Obligations of the data controller.
- Rights of data subjects.
- Administrative fines and penalties.
- The Personal Data Protection Act of 10 May 2018 – regulatory scope.
- Procedures for appointing a Data Protection Officer.
- Proceedings regarding infringements of personal data protection laws.
- Monitoring compliance with data protection regulations.
- Civil, criminal, and administrative liability.
- Conditions for admissible processing (standard and sensitive data categories).
- Legal requirements for entrusting data processing to third parties.
- Data Protection Impact Assessments (DPIA).
- Data protection by design and by default.
- Lawful bases for transferring personal data to third countries.
- Personal data protection within employment relationships.
Appointment of the Data Protection Officer
- Mandatory appointment criteria for the Data Protection Officer.
- Optional appointment of a Data Protection Inspector.
Eligibility for the Data Protection Officer Role
- Qualifications required to act as a Data Protection Inspector.
- Employment structures for the Data Protection Inspector.
Status and Independence of the Data Protection Officer
- Direct reporting lines from the Inspector to senior management.
- Ensuring adequate support for the Inspector.
- The Inspector’s involvement in all matters concerning personal data protection.
- Prohibition on instructing the Supervisor on how to execute their duties.
- Mitigating conflicts of interest within the organisation – the Supervisor’s role.
- Prohibition against dismissing or penalising the Inspector.
- The Inspector’s obligation to maintain confidentiality of performed tasks.
Information Security Management
- Reviewing the organisational security management system, referencing Polish standards.
- Identifying privacy risks and their legal consequences.
- Principles of risk assessment and evaluating the effectiveness of safety management solutions.
- Understanding and applying a risk-based approach – practical completion of a Risk Analysis template.
- Managing the personal data lifecycle.
Executing Data Protection Officer (DPO) Duties
- Legal grounds for appointing the DPO.
- Criteria for who must appoint a DPO and the procedures involved.
- DPO status and professional qualifications.
- DPO responsibilities and planning frameworks.
- Reporting on compliance with data protection provisions in traditional and IT systems.
- Documenting DPO activities.
- Preparing inspection reports.
- Guidelines for supervising documentation of personal data processing.
- Powers of the UODO (Office for Personal Data Protection) concerning DPOs.
Practical Guidance on Inspections by the Office for Personal Data Protection
- Requirements imposed on audited entities.
- Strategies for preparing for an inspection.
- Case study analysis.
Practical Workshops
- Drafting an exemplary Information Security Policy.
- Developing internal management directives.
- Creating a Register of Processing Activities.
- Preparing the 'Small Personal Data Protection Documentation' package.
- Case study exercises.
- Analysis of common documentation errors.
Supplementary Materials for Participants:
Templates and Forms:
- Consent for image use and dissemination.
- Event newsletter subscription form.
- Consent to receive offers.
- Protocol for sending offer emails.
- Protocol for sending general correspondence.
- Sample personal data protection policy.
- Template for information obligation notices per GDPR, including instructions.
- Risk analysis template.
- Register of personal data processing activities – template.
- Register of processing activity categories – template.
- GDPR Breach Register – template.
- GDPR Compliance Checklist template.
- Guidelines for responding to personal data protection breaches.
- Data Protection Breach Report template.
- Register of security incidents and corrective/preventive actions.
- Register of corrigenda.
- Register of data restorations.
- Model corrigendum.
- Standard restoration pattern.
- Model objection form.
- Model contract excluding further data processing.
- Sample consents for competitions, marketing, and publications.
- Information obligation for ferry crossing scenarios.
- Information obligation for meeting monitoring.
- Information obligation for recruitment processes.
- Information obligation for the National Revenue Administration.
- Information obligation for the LES.
- Public Procurement Law (UCoC) information obligation.
- Information obligation under the Labour Code.
- Tax-related information obligation.
- Template for employee personal data processing authorisation (with example).
- Notification of breach to data subjects – template.
- Personal Data Processing Agreement for the Controller – template.
- Personal Data Processing Agreement for the Processor.
- And many more resources.
Requirements
Target Audience
- Individuals newly appointed as Data Protection Officers.
- Professionals who are slated for appointment to this role in the near future.
21 Hours
Testimonials (1)
The variety of the information shared and the clarity to explain terms in plain English.
