This course will involve data mapping, key considerations internal or external policies, practical execution of Data Protection Impact Assessment (DPIAs), handling personal data breach and incident response, addressing Data Subject Access Requests (DSARs), assessing vendors, requirements for international data transfers and documentation.
In addition to this, training will involve multiple use cases and scenario-based implementation of privacy requirements in an organization. This course aims to equip you to independently implement privacy requirements in an organization.
1. Duration of course
4 days (2 weekends) of virtual live training (Zoom).
2. Requirements
MS Office Suite, Stable Internet Connection
3. Who should take this course?
- If you’re a manager seeking to broaden your knowledge in Data Privacy & Data Protection.
- All employees who need to have an understanding of Data Protection .
- If you’re new to information compliance and want a quick recap with some exposure to the new regulations.
- Business Continuity Managers
- Security Officers
- Privacy Officers
- Legal / Compliance Officers
4. Learning Objectives
- Understand the fundamental principles of Privacy and requirements of General Data Protection Regulation .
- Understand the concepts, approaches, methods and techniques to effectively participate in the implementation process of a compliance framework with regard to the protection of personal data.
- Understand the obligations, roles and responsibilities of the Data Protection Officer.
5. Learning Outcomes
- The rationale for data privacy.
- Fundamentals of privacy laws under various legislations.
- Brief about data security standards.
- Generalities and comparison between GDPR, CCPA, and Kenya Data Protection Law and UAE’s regulation.
- Attain a thorough understanding of the current Data Protection legislation and the underlying principles.
- Identify the difference between personal and sensitive data and how to process each type of data .
- Gain a good understanding of the concepts and principles and their application in the new General Data Protection Regulation (GDPR).
- Be able to understand some of the main tenets of GDPR such as; privacy impact assessments, privacy by design, data breaches etc.
- Understand the role of the Data Protection Officer (DPO) within the organization.
- Ascertain how Data Privacy works and applies to your organization.
6. Certification
There is an exam at the end of the CT DPO Intermediate Course training. You will be awarded the CT DPO Intermediate certification after clearing the certification exam at the end of the training. The exam can be scheduled at your convenience.
Passing Criteria: 50% of the total marks
You can have a total of 2 attempts to clear the exam
The CT DPO Intermediate certification is comprised of nine domains:
1. Privacy Policies
- What is a Privacy Statement?
- Composition of Privacy Statement as per global regulations.
- Changing/Updating a Privacy Statement.
- Enforcing a Privacy Statement
- How to draft an Internal Data Protection Policy?
- Changing/Updating an Internal Data Protection Policy.
- Implementing the Internal Data Protection Policy.
Practical Exercise
PE 1 Based on a Case Scenario Draft Privacy Statement.
PE 2 Based on a Case Scenario Draft Internal Privacy Policy.
PE 3 Based on a Case Scenario Draft Cookie Policy.
2. Leading Privacy Principles (Incorporating EU-GDPR, CCPA, PDPA)
- Lawfulness, Fairness, and Transparency
- Purpose Limitation
- Data Minimisation
- Accuracy
- Storage Limitation
- Integrity and Confidentiality (Security)
- Accountability
3. Data Subject Rights (DSR)
- Data Subject Rights
- Basic Rules for Data Subject Request.
- Comparative analysis of DSR across the globe.
- Data Subject Identity Verification.
4. Data Protection Impact Assessment (DPIA) & Record of Processing Activities (ROPA)
- The legal requirements for a DPIA.
- Implementation of DPIA into organisation.
- How to conduct a DPIA?
- Identifying the risks and mitigations.
- Ensuring GDPR & CPRA Accountability Principles.
- Legal and compliance issues to consider.
- Introduction to ROPA (EU-GDPR).
- Applicability and Non-Applicability of the obligation to maintain ROPA.
- What are the constituents of ROPA?
- How to formulate ROPA?
- Checklist for formulating the ROPA.
- Formulating ROPA in line with leading privacy regulations.
Practical Exercise
PE 1 Based on a Case Scenario Conduct a DPIA.
PE 2 Based on a Case Scenario Identify and Mitigate Risks.
PE 3 Based on a Case Scenario Check the applicability of ROPA.
PE 4 Create a ROPA Template.
5. Data Retention Policy & Retention Schedule
- Understanding the steps to draft an Data Retention Policy
- Implementing the Policy
- Implementing Data Retention
- How to create Data Retention Schedule?
- How to delete data after retention is no longer necessary?
Practical Exercise
PE 1 Based on a Case Scenario Draft a Data Retention Policy
PE 2 Based on a Case Scenario Draft a Data Retention Schedule
PE 3 Based on a Case Scenario implement Data Retention Schedule and conduct Deletion
6. Data Breach and related procedures
- What is a Data Breach?
- How to identify/recognise a Breach?
- Learn How to handle a Data Breach incidents.
- Learn How to handle an Incident response for an organisation.
- Data Breach Management Flowchart.
- Obligations of Data Controllers and Data Processors.
Practical Exercise
PE 1 How to draft Data Breach Management Manual.
PE 2 How to record incidents in Data Breach Register.
PE 3 How to notify data subjects in case of a Data Breach.
PE 4 How to notify DPA in case of a data breach.
7. Vendor Risk Management
- Vendor Classification
- Vendor Risk Assessment
- Vendor onboarding
- Data processing agreements: controller to controller
- Data processing agreements: controller to processor
- Data processing agreements: joint controllers
- Ongoing Monitoring
- Audit & Review
Practical Exercise
PE 1
Based on a Case Scenario Conduct Vendor Risk Assessment.
8. Examination
- Examination (50% passing criteria)
Delivery Format
- Lecture style
- Teacher led classroom training
- Discussions with consultants
- Roleplay / Presentations
Trainers & Consultants
Tsaaro Academy is an Official Training Partner of the International Association of Privacy Professionals (IAPP). Our trainers have been actively engaged in doing actual PDPA audits of Singaporean companies for Tsaaro Academy, and are certified by IAPP to conduct the CIPP/E course. Together, the team has also trained thousands of participants in the Personal Data Protection Act.
Our trainers have been actively engaged in doing actual GDPR audits of Indian companies for Tsaaro Academy. Together, the team has also trained more than 100 participants in the GDPR, PDPB, CCPA and similar laws.
Cancellation Policy
- Request for withdrawal or postponement must be made in writing to Tsaaro Academy.
- Refunds arising from course withdrawal/deferment will be subjected to the following terms:
- More than 2 weeks before course commencement: Full refund.
- Less than 2 weeks before course commencement: 50% refund.
- On or after course commencement: No refund.
Confirmation & Reservation
When registration is confirmed, participants will receive our email confirmation along with information of the course programme.If no seats are available for the applied date, you will be notified immediately and given an alternative date.
Tsaaro Academy reserves the right to change the course schedules, programmes and content without prior notice. We also reserve the right to cancel course due to unforeseen circumstances.