GDPR - General Data Protection Regulation

Introduction to GDPR

• Data breach accidents and scandals
• The history of GDPR
• What is GDPR?
• Privacy
• Data Protection
• Territorial scope of GDPR
• What is not covered by GDPR
• GDPR’s Overview – The 11 Chapters
• The impact of GDPR in businesses
• The impact of GDPR in the various departments of your company (Finance, HR, Marketing & Sales, Compliance, etc.)

International Transfer of Personal Data

• General rule
• Adequacy Decision
• Appropriate Safeguards
• Derogation

Legal Basis and Other GDPR Principles

• Lawfulness, Fairness and Transparency of the Processing of Personal Data
• Legal basis for data processing
• Consent
• Contratual need
• Compliance with legal obligation
• Protection of vital interest
• Legitimate interest
• Public Interest
• Special categories of Personal Data
• Legal basis for the processing of special categories
• Purpose limitation, Minimization, and Accuracy
• Storage time limitation, Integrity and Confidentiality, and Accountability

Data Subjects’ Rights

• Transparency
• Be Informed
• Access to Personal Data
• Correction of the Data
• Right to be Forgotten
• Data Portability
• Object
• Compelling legitimate grounds

Controllers’ and Processors’ Obligations

• Controllers and Joint Controllers
• Processors
• Data Protection by Design
• Data Protection by Default

Security of Personal Data

• Appropriate technical and organisational measures
• Anonymization, Pseudonymisation, Encryption
• Assurance of confidentiality and integrity
• Ability to restore access
• Effectiveness of the measures

Data Privacy Impact Assessment (DPIA)

• What is a DPIA?
• Under what circunstances is it required?
• The role of the DPO
• Mandatory elements of the DPIA
• Prior Consulting

Breach of GDPR

• Personal Data Breach
• Notification - Timing
• Requirements
• Penalties under GDPR

The trainer is a seasoned expert with over two decades of experience in regulatory compliance, risk management, and anti-financial crime (AFC) within the banking and infrastructure sectors. His expertise spans Anti-Money Laundering (AML), Countering the Financing of Terrorism (CFT), Anti-Bribery and Corruption (ABAC) compliance, sanctions compliance, corporate governance, non-financial risk management, and data privacy regulations.

He has held leadership roles in regulatory and compliance functions, served on audit committees, and contributed to major international organizations, including the United Nations, Inter-American Development Bank, and HSBC. As a consultant and advisor, he has supported risk management, internal controls, and compliance program implementation across multiple industries and jurisdictions.

An accomplished academic, he teaches at leading business schools and is an author and editor of compliance and risk management publications. He also engages in pro bono initiatives to promote business ethics and financial crime prevention.

• Learn about the main aspects of the GDPR and its impact to businesses
• Be introduced to GDPR and understand the practical impact to businesses
• Learn about the territorial scope of GDPR
• Understand the requirements for international transfer of Personal Data
• Learn about the Legal Basis required for Personal Data Processing
• Understand Data Subjects’ rights
• Learn about the obligations of Data Controllers and Processors;
• Master the security requirements for Data Processing
• Master the requirements of Data Privacy Impact Assessment (DPIA)
• Understand the role of the Data Privacy Officer (DPO)
• Learn about the notification and consequences of GDPR breaches

• This course has been created by a attorney with strong corporate compliance, data privacy and cyber security background and experience;
• Trainer have got PhD or Masters (LL.M.) in prestigious universities;
• He have practiced law as foreign associates of US law firms or trained internationally a number of foreign organizations in compliance related matters;
• Trainer have also advised and/or trained national and international clients in data privacy compliance.

This GDPR training course is ideal for anyone who handles personal data within a business context. This includes, but isn't limited to:

• Data Protection Officers (DPOs), to deepen their understanding and practical application of GDPR principles.
• Compliance Professionals, for maintaining compliance with data protection regulations.
• Legal Teams, for lawyers advising on data privacy matters.
• IT and Security Staff, for those responsible for implementing technical and organizational security measures.
• Human Resources (HR) Personnel, therefore GDPR has significant implications for HR data processing.
• Marketing and Sales Teams, for understanding the limitations and requirements for data processing in marketing activities.
• Management and Executives.
• Anyone handling personal data.

This course covers the key elements of the General Data Protection Regulation – GDPR. We will start by introducing a General Data Protection Regulation – GDPR’s overview having as background data breach accidents and scandals, the rights GDPR protects, its extraterritorial reach, its impact to businesses and companies’ departments.  Participants will then be presented to GDPR rules regarding the international transfer of personal data. Thereafter, we will cover the legal basis for data processing and go through all Data Subjects’ rights.  We will also cover Controllers and Processors’ obligations and personal data security requirements under the GDPR. Participants will also learn about Data Privacy Impact Assessment (DPIA) as well as the consequences and measures in case of a GDPR breach.

 Case Study: The participants will use a variety of case studies and exercises specially in the third afternoon of the course, based on hypothetical and real cases (the latter, based on publicly available information).