Data Protection Officer (DPO) Training Bundle

Certified Information Privacy Professional/Europe (CIPP/E)

The Principles of Data Protection in Europe covers the essential pan-European and national data protection laws, as well as industry-standard best practices for corporate compliance with these laws. Those taking this course will gain an understanding of the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.

The training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Professional/Europe (CIPP/E) certification program.

What will you learn?

• Define the key concepts of European data protection, including controller and processor roles or data protection principles;
• Describe EU data protection legislation and regulatory bodies, including an overview of the advisory and supervisory authorities and their enforcement powers;
• Explain the application of the GDPR and other compliance obligations to European and international entities, including the rules governing the controller/processor contract, lawful grounds for processing personal data, data subjects’ rights, technical and organizational measures for safeguarding data, data breach notifications, accountability to regulators and data subjects or rules for transferring data outside the EU.

Certified Information Privacy Professional/Europe (CIPP/E) Law and regulation based on the GDPR: The “What” of data protection in Europe

Certified Information Privacy Manager (CIPM)

Principles of Privacy Program Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle, and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organization through process and technology—regardless of jurisdiction or industry.

The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Manager (CIPM) certification program.

What will you learn?

• How to create a company vision
• How to structure a privacy team
• How to develop and implement a privacy program framework
• How to best communicate to stakeholders
• How to measure performance
• The privacy program operational lifecycle

Certified Information Privacy Manager (CIPM) Implementing privacy in an organization: The “How” of privacy from a management perspective

Certified Information Privacy Professional/Europe (CIPP/E)

Module 1: Data Protection Laws

Introduces key European data protection laws and regulatory bodies, describing the evolution toward a harmonized legislative framework and discussing privacy versus data protection, as well as differentiating between various types of privacy

Module 2: Personal Data

Defines and differentiates between types of data, including personal, anonymous, pseudo-anonymous and special categories, while also covering the criteria under the GDPR for identifying personal data.

Module 3: Controllers and Processors

Describes the roles and relationships of controllers and processors, as well as the basic configurations of control over personal data.

Module 4: Processing Personal Data

Defines data processing and GDPR processing principles, explains the application of the GDPR and outlines the legitimate bases for processing personal data. It also determines the application of the GDPR based on territorial and material scope and if a data processing activity is legal under the GDPR based on legitimate processing criteria.

Module 5: Data Subjects' Rights

Describes data subject rights regarding the processing of their personal data and recognizes controller and processor obligations regarding data subject rights.

Module 6: Information Provision Obligations

Defines transparency and lists the information that should be provided by the controller to the data subject when personal data is collected both directly and indirectly.

Module 7: International Data Transfers

Describes the options for international data transfers, lists the European Commission’s adequacy decisions, summarizes the current status of U.S. adequacy, and details controller and processor obligations and restrictions regarding international data transfers.

Module 8: Compliance Considerations

• Discusses the legal basis and data protection considerations for employers processing employees’ personal data
• Determines the applicability of EU data protection law and compliance requirements for surveillance, particularly communications data, CCTV, location data, and biometric data
• Determines the applicability of EU data protection law and compliance requirements for direct marketing, particularly online behavioral advertising
• Determines the applicability of EU data protection law and compliance requirements for internet technology and communications, particularly cloud computing, web cookies, search engines, social networking services, and artificial intelligence.

Module 9: Security of Processing

Summarizes the considerations and duties of controllers and processors for ensuring the security of personal data, and outlines the requirements related to informing the supervisory authority and data subjects of a data breach.

Module 10: Accountability

Recognizes the accountability implications for controllers and processors, outlines steps for designing a data protection programme, including a data protection impact assessment and data protection policy.
Summarizes record-keeping requirements of controllers and processors and describes the protections, tasks, and responsibilities for data protection officers.

Module 11: Supervision and Enforcement

• Describes the role, powers, and procedures of the supervisory authorities, as well as of the EDPB and EDPS.
• Summarizes the remedies against, liabilities of, and potential penalties for controllers and processors, particularly regarding administrative fines.

Certified Information Privacy Manager (CIPM)

Module 1: Introduction to privacy program management

Identifies privacy program management responsibilities and describes the role of accountability in privacy program management.

Module 2: Privacy governance

Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, the role of the DPO, program scope and charter, privacy strategy, support, and ongoing involvement of key functions and privacy frameworks.

Module 3: Applicable laws and regulations

Discusses the regulatory environment, common elements across jurisdictions, and strategies for aligning compliance with organizational strategy.

Module 4: Data assessments

Relates practical processes for creating and using data inventories/maps, gap analysis, privacy assessments, privacy impact assessments/data protection impact assessments, and vendor assessments.

Module 5: Policies

Describes common types of privacy-related policies, outlines components, and offers strategies for implementation.

Module 6: Data subject rights

Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.

Module 7: Training and awareness

Outlines strategies for developing and implementing privacy training and awareness programs.

Module 8: Protecting personal information

Examines a holistic approach to protecting personal information through privacy by design.

Module 9: Data breach incident plans

Provides guidance on planning for and responding to a data security incident or breach..

Module 10: Measuring, monitoring and auditing program performance

Relates common practices for monitoring, measuring, analyzing, and auditing privacy program performance.