Course Outline
Day I
I. Basic Principles of Personal Data Processing
1. Sources of National and International Law
2. Scope of Application of Personal Data Protection Laws
3. Powers of the Data Protection Authority
4. Judicial Protection of the Right to Personal Data Protection
5. GDPR: Basic Information and Definitions - Selected Issues
6. Sector-Specific GDPR
7. Personal Data
8. Processing of Personal Data
9. Legal Bases for Processing Personal Data
10. Administrator's Responsibilities
11. Rights of Data Subjects
12. Administrative Fines
13. Personal Data Protection Act of 10 May 2018 – Scope of Regulations
14. Appointing a Data Protection Officer
15. Proceedings for Infringement of Personal Data Protection Laws
16. Monitoring Compliance with Personal Data Protection Regulations
17. Civil, Criminal, and Administrative Liability
18. Conditions for the Admissibility of Processing Personal Data (Ordinary and Sensitive Data)
19. Legal Requirements for Entrusting the Processing of Personal Data to Other Entities
20. Data Protection Impact Assessment
21. Data Protection by Design, Data Protection by Default
22. Legal Bases for Transferring Personal Data to a Third Country
23. Protection of Personal Data in Employment Relations
II. Appointment of a Data Protection Officer
1. Mandatory Appointment of a Data Protection Officer
2. Optional Appointment of an Inspector
III. Who Can Be a Data Protection Officer?
1. Qualifications to Act as an Inspector
2. Form of Employment for the Inspector
Day II
IV. Status of the Data Protection Officer
1. Direct Reporting of the Inspector to Top Management
2. Arranging Support for the Supervisor
3. Participation of the Inspector in All Matters Related to Personal Data Protection
4. Prohibition on Giving Instructions to the Supervisor Regarding How They Shall Carry Out Their Duties
5. Avoiding Conflicts of Interest in the Organization - Tasks of the Supervisor
6. Prohibition on Dismissal and Punishment of the Inspector
7. Duty of the Inspector to Maintain Secrecy or Confidentiality of Tasks Performed
V. Information Security Management
1. Discussion of the Security Management System in the Organization Based on Relevant Standards, Including Polish Standards
2. Identification of Privacy Risks and Their Legal Implications
3. Principles of Risk Assessment and Impact Evaluation for Specific Solutions to Enhance Safety Management Effectiveness
4. Understanding and Applying a Risk-Based Approach – Practical Completion of the Risk Analysis Template
5. Personal Data Lifecycle Management
VI. Performing the Tasks of the Data Protection Officer (DPO)
1. Legal Basis for Appointing the DPO
2. Who Must Appoint a DPO, When, and How They Will Be Appointed
3. Status and Qualifications of the DPO
4. Tasks of the DPO and Rules for Planning Their Performance
5. Conducting Reports on Compliance with Data Processing Regulations in Traditional and IT Systems
6. Documenting Activities Carried Out by the DPO
7. Preparation of Inspection Reports
8. Rules for Supervising Documentation of Personal Data Processing
9. Scope of UODO's Powers in Relation to DPOs
Day III
VII. Practical Information on Inspections by the Office for Personal Data Protection
1. Requirements of the Office for Auditees
2. Preparing for an Inspection
3. Case Study
VIII. Hands-On Activities
1. Development of an Exemplary Information Security Policy
2. Development of Management Instructions
3. Development of a Register of Processing Activities
4. Preparation of the So-Called Small Personal Data Protection Documentation
5. Case Study
6. Common Errors in Preparing Documentation
Additional Materials for Course Participants:
Useful Forms and Templates:
1. Consent to Use and Disseminate Images
2. Event Newsletter Entry Form
3. Consent to Receive Offers
4. Template for Sending Offer Emails
5. Template for Sending General Emails
6. Example of a Personal Data Protection Policy
7. Template for Preparing the Information Obligation, in Accordance with GDPR, with Instructions
8. Risk Analysis Template
9. Register of Personal Data Processing Activities – Template
10. Register of Categories of Processing Activities – Template
11. GDPR Breach Register – Template
12. GDPR Compliance Checklist Template
13. Instructions on How to Proceed in the Event of a Breach of Personal Data Protection Regulations
14. Data Protection Breach Report Template
15. Register of Security Incidents and Corrective and Preventive Actions
16. Register of Corrigenda
17. Register of Restorations
18. Model Corrigendum
19. Restoration Pattern
20. Model Objection
21. Model Contract Excluding Further Processing of Personal Data
22. Sample Consents for Competitions, Marketing, and Publications
23. Obligation to Provide Information for Ferry Crossings
24. Obligation to Provide Information on Meeting Monitoring
25. Obligation to Provide Information on Recruitment
26. Obligation to Provide Information to the National Revenue Administration
27. Information Obligation of the LES (Local Employment Service)
28. Public Procurement Law (UCoC) Information Obligation
29. Information Obligation: Labour Code
30. Tax Information Obligation
31. Authorization to Process Personal Data for Employees: Template with Example
32. Notification of a Breach to Data Subjects – Template
33. Personal Data Processing Agreement for the Controller – Template
34. Personal Data Processing Agreement for the Processor
35. And Many More
Requirements
Audience
- Individuals who are beginning to serve as Data Protection Officers for government
- Individuals who will be appointed to this role in the future
Testimonials (1)
I generally enjoyed the knowledge of the trainer.
