Events
Data Protection Officer (DPO) Training Bundle
Official IAPP Training and Certification
Data is a strategic asset. And the risks associated with it continue to skyrocket. Data breach, identity theft, loss of customer trust—these are just some of the threats to organizations of all sizes, in all sectors, on today’s marketplace.
Cybersecurity and privacy dominate most organizations’ priorities, as companies strive to develop robust unified frameworks and use technologies like AI to detect and control breaches. An International Association of Privacy Professional (IAPP) study found that 56% of its respondents are working towards a unified, global data protection/privacy strategy, with built-in capabilities to adapt to individual jurisdictional requirements when required.
IAPP is the world’s largest and most comprehensive global information privacy community. It is also a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data. In fact, we’re the world’s largest and most comprehensive global information privacy community.
The IAPP is the only place that brings together the people, tools, and global information management practices you need to thrive in today’s rapidly evolving information economy.
Must-have privacy certifications - what makes our courses different?
- CIPP/E and CIPM are the leading privacy certifications for thousands of professionals around the world who serve the Privacy & Data Protection, Information Auditing, Information Security, Legal Compliance, and/or Risk Management needs within their organizations
- The Deloitte team has a proven and established reputation globally, in the education of Data Privacy and Protection and delivery of IAPP trainings to individuals and companies
- The courses are delivered in a variety of formats including live, or online, by our professional experienced trainers
- Not just general theory is shared, but also a department-specific focus on privacy compliance
- Real-life examples and workable solutions are given
Target audience
Privacy and non-privacy professionals who deal with personal data in the course of their daily activities.
How it works – course details
The Data Protection Officer Bundle Course runs over four consecutive days. It comprises two independent courses (CIPP/E + CIPM). We believe that if taken together they form the best fit to prepare for the Data Protection Officer (DPO) position or for attaining an adequate level of privacy & data protection knowledge relevant for your attributions within the organization or as a privacy professional. However, one can easily choose to enroll in only one of these courses.
The training is enhanced through many different business scenarios, as well as practical tools, which you can take home for immediate use on the job.
Each day, a number of useful tips will be given to help you with the exam afterwards.
The IAPP CIPP/E & CIPM course, offered by our specialists in partnership with IAPP, is now available to all the authorities and entities interested through the Romanian Electronic Public Acquisitions System (S.E.A.P.)
Certified Information Privacy Professional/Europe (CIPP/E)
The Principles of Data Protection in Europe covers the essential pan-European and national data protection laws, as well as industry-standard best practices for corporate compliance with these laws. Those taking this course will gain an understanding of the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.
The training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Professional/Europe (CIPP/E) certification program.
What will you learn?
- Define the key concepts of European data protection, including controller and processor roles or data protection principles;
- Describe EU data protection legislation and regulatory bodies, including an overview of the advisory and supervisory authorities and their enforcement powers;
- Explain the application of the GDPR and other compliance obligations to European and international entities, including the rules governing the controller/processor contract, lawful grounds for processing personal data, data subjects’ rights, technical and organizational measures for safeguarding data, data breach notifications, accountability to regulators and data subjects or rules for transferring data outside the EU.
Certified Information Privacy Manager (CIPM)
Principles of Privacy Program Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle, and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organization through process and technology—regardless of jurisdiction or industry.
The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Manager (CIPM) certification program.
What will you learn?
- How to create a company vision
- How to structure a privacy team
- How to develop and implement a privacy program framework
- How to best communicate to stakeholders
- How to measure performance
- The privacy program operational lifecycle
Certified Information Privacy Professional/Europe (CIPP/E)
Module 1: Data Protection Laws
Introduces key European data protection laws and regulatory bodies, describing the evolution toward a harmonized legislative framework and discussing privacy versus data protection, as well as differentiating between various types of privacy
Module 2: Personal Data
Defines and differentiates between types of data, including personal, anonymous, pseudo-anonymous and special categories, while also covering the criteria under the GDPR for identifying personal data.
Module 3: Controllers and Processors
Describes the roles and relationships of controllers and processors, as well as the basic configurations of control over personal data.
Module 4: Processing Personal Data
Defines data processing and GDPR processing principles, explains the application of the GDPR and outlines the legitimate bases for processing personal data. It also determines the application of the GDPR based on territorial and material scope and if a data processing activity is legal under the GDPR based on legitimate processing criteria.
Module 5: Data Subjects' Rights
Describes data subject rights regarding the processing of their personal data and recognizes controller and processor obligations regarding data subject rights.
Module 6: Information Provision Obligations
Defines transparency and lists the information that should be provided by the controller to the data subject when personal data is collected both directly and indirectly.
Module 7: International Data Transfers
Describes the options for international data transfers, lists the European Commission’s adequacy decisions, summarizes the current status of U.S. adequacy, and details controller and processor obligations and restrictions regarding international data transfers.
Module 8: Compliance Considerations
• Discusses the legal basis and data protection considerations for employers processing
employees’ personal data
• Determines the applicability of EU data protection law and compliance requirements for
surveillance, particularly communications data, CCTV, location data, and biometric data
• Determines the applicability of EU data protection law and compliance requirements for
direct marketing, particularly online behavioral advertising
• Determines the applicability of EU data protection law and compliance requirements for
internet technology and communications, particularly cloud computing, web cookies, search
engines, social networking services, and artificial intelligence.
Module 9: Security of Processing
Summarizes the considerations and duties of controllers and processors for ensuring the security of personal data, and outlines the requirements related to informing the supervisory authority and data subjects of a data breach.
Module 10: Accountability
Recognizes the accountability implications for controllers and processors, outlines steps
for designing a data protection programme, including a data protection impact assessment and
data protection policy.
Summarizes record-keeping requirements of controllers and processors and describes the
protections, tasks, and responsibilities for data protection officers.
Module 11: Supervision and Enforcement
• Describes the role, powers, and procedures of the supervisory authorities, as well as of
the EDPB and EDPS.
• Summarizes the remedies against, liabilities of, and potential penalties for controllers
and processors, particularly regarding administrative fines.
Certified Information Privacy Manager (CIPM)
Module 1: Introduction to privacy program management
Identifies privacy program management responsibilities and describes the role of accountability in privacy program management.
Module 2: Privacy governance
Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, the role of the DPO, program scope and charter, privacy strategy, support, and ongoing involvement of key functions and privacy frameworks.
Module 3: Applicable laws and regulations
Discusses the regulatory environment, common elements across jurisdictions, and strategies for aligning compliance with organizational strategy.
Module 4: Data assessments
Relates practical processes for creating and using data inventories/maps, gap analysis, privacy assessments, privacy impact assessments/data protection impact assessments, and vendor assessments.
Module 5: Policies
Describes common types of privacy-related policies, outlines components, and offers strategies for implementation.
Module 6: Data subject rights
Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.
Module 7: Training and awareness
Outlines strategies for developing and implementing privacy training and awareness programs.
Module 8: Protecting personal information
Examines a holistic approach to protecting personal information through privacy by design.
Module 9: Data breach incident plans
Provides guidance on planning for and responding to a data security incident or breach..
Module 10: Measuring, monitoring and auditing program performance
Relates common practices for monitoring, measuring, analyzing, and auditing privacy program performance.
Certified Information Privacy Professional/Europe (CIPP/E) *training will be facilitated in Romanian
1,795
/delegate
22 & 23 October 2024
Register hereCertified Information Privacy Manager (CIPM) *training will be facilitated in Romanian
1,795
/delegate
24 & 25 October 2024
Register hereData Protection Officer (DPO) Training Bundle (CIPP/E + CIPM) *training will be facilitated in Romanian
2,795
/delegate
22 - 25 October 2024
Register here- All prices do not include VAT
- Course materials will be in English and the training will be facilitated in Romanian
- All courses are in hybrid format
- Discounts apply for groups of more than 3 participants from the same company
- The dates are subject to change if the minimum number of participants is not met
- For more information and registration please contact Silvia Axinescu or Andreea Zaharia (see contact information below)
All the participants will receive:
- Complimentary 1st year IAPP Professional membership
- Official textbooks
- Sample exam questions
- Fully covered examination vouchers (for the first examination)
Silvia Axinescu
Senior Managing Associate, Reff & Associates
Sergiu Zaharia
Cyber Strategy Advisor, Deloitte Romania
Silvia Axinescu (trainer CIPP/E)
Lawyer and Senior Managing Associate at Reff & Associates, Member of Deloitte Legal in Romania.
Apart from privacy & data protection, Silvia has significant experience in advising companies so as to ensure compliance with the consumer protection framework in Romania, including for online businesses (such as online contracts, relevant documentation for apps, or e-commerce platforms).
Silvia acts as Chair of the Data Protection & ePrivacy Task Force in AmCham Romania, contributing to the advocacy agenda and being a significant voice of the privacy & data protection community, promoting the business interests and needs of the members. Additionally, she also has become an official trainer with the National Institute for the Training of Lawyers in Bucharest, teaching Data Protection Law.
Andreea Diana Zaharia (trainer CIPP/E)
Lawyer and Managing Associate at Reff & Associates, Member of Deloitte Legal Romania
Andreea has vast experience in the field of corporate law, consumer protection, data protection, and intellectual property by assisting a vast range of local and multinational clients in relation to their activity in Romania.
Her experience in the field of data protection includes assisting client before the Romanian Data Protection Authority, preparing gap analysis based on the industry of the client, as well as offering assistance in the implementation process of the relevant data protection procedures, privacy statements, or other such documents.
The assistance offered to clients concerned both the national legislation implementing the Data Protection Directive and the General Data Protection Regulation.
Adrian Bucur (trainer CIPM)
Co-Chair of IAPP Romania
Adrian is a privacy enthusiast, a co-chair of the IAPP Romania Chapter, and a Certified Information Privacy Professional/Europe (CIPP/E), a Certified Information Privacy Manager (CIPM), a Certified Information Privacy Technologist (CIPT), a FIP (Fellow of Information Privacy), and a Systems Security Certified Professional (SSCP).
Sergiu Zaharia
Cyber Strategy Advisor
As security advisor, he supported European clients from multiple sectors to improve their maturity levels in areas like cyber strategy, data protection, cyber resilience, business continuity, crisis management or cyber culture.
Sergiu has a master’s degree and a merit diploma in IT Security from the Military Technical Academy of Bucharest and started his PhD with the aim of improving application security review through machine learning algorithms and natural language processing.
Mădălina Spătaru
Senior Associate at Reff & Associates, Member of Deloitte Legal in Romania
Madalina has offered legal assistance to clients from various industry sectors, such as banking, pharma, automotive, fitness and IT. She also has profound knowledge in the intellectual property, consumer protection and information technology field. Additionally, she offered legal assistance on consumer, intellectual property and IT matters to numerous clients, with a multidisciplinary and integrated approach to complex legal matters.
As part of her continuous interest into blending the legal and IT knowledge, she was one of the members of the Special Prize winning team at the first Global Legal Hackathon held in Romania.
Testimonials
For more information regarding our courses, please feel free to contact:
Silvia Axinescu, Senior Managing Associate
Mobile: +40 730 585 837
E-mail: maxinescu@reff-associates.ro
Andreea Zaharia, Managing Associate
Mobile: +40 733 003 872
E-mail: anzaharia@reff-associates.ro