RGPD, DPO, role, missions and obligations of the Data Protection Officer
Satisfaction rate
4.7
Success rate
4.8
To meet the needs of the private and public sectors with regard to the General Data Protection Regulation (GDPR), the role of the DPO is becoming essential. This course introduces you to the requirements of the GDPR within an organisation.
The target audience for training
- Data Protection Officers, IT Departments, HR Departments, lawyers, anyone involved in the design of projects dealing with personal data.
Training programme
- Duration: 5 days
Module 1: GDPR and privacy principles
- Regulatory framework, fundamental principles.
- RGPD/GDPR.
- EU bodies: International Working Group on Data Protection in Telecoms (IWGDPT).
- Supervisory authorities, Article 29 Group.
- Legislation: legal framework, consent, categories of personal data.
- Register and maintenance: information to be provided (purpose, categories of data, data subjects).
- Register: what form should it take? What software tools are available to help create/manage it?
Exercise
Set up a personal data processing register.
Module 2: DPO
- Appointment, duties, responsibilities. Raising awareness and training. Monitoring.
- Internet governance, cyberrights and international data transfers.
- The DPO's cross-functional role within the company: working with the legal, marketing, IT and purchasing teams.
- Organise and contractualise relations between the various players.
- Relations with other data controllers: the assumption of joint responsibility. The code of conduct.
- Certifications and labels. Creating and managing an action plan. Preparing for an audit.
Exercise
Define the skills of the DPO.
Module 3: Risk management and information security
- Principles of liability.
- Risk management: concepts, risk analysis, methodologies, standards, monitoring.
- IS and security: functions and responsibilities, training and awareness, classification.
- Access, exposure, cryptography and digital signatures.
- Mobile security, Internet of Things: concepts, models and principles, applications, threats.
- New technologies, threats.
Module 4: Incidents and protection
- Incident management: information security incident, event.
- Data protection impact assessment.
- Life cycle of personal data.
- Data loss or theft: what action plan?
Module 5: Communication
- Management of warning systems, crisis management.
- With the supervisory authorities, CNIL.
- Reporting tools, internal monitoring.
Valuation methods
The trainer assesses the participant's progress throughout the course by means of multiple-choice questions, role-playing exercises and practical work.
Participants also complete a placement test before and after the course to validate the skills they have acquired.
Training objectives
- Mastering the content of general data protection regulations
- Identify the key role and tasks of the Data Protection Officer
- Determining the information to be exchanged with the CNIL
- Be able to set up internal reporting and monitoring tools
- Be able to conduct audits of subcontractors
- Drawing up and monitoring an action plan in the event of data loss or theft, or in the event of data being transferred outside the EU
- Determining the actions to be taken and the information to be passed on to the company's employees
Training prerequisites
- Basic knowledge of general data protection regulations. Or knowledge equivalent to that acquired during the course (ref. TPD).Check that you have the necessary prerequisites to take full advantage of this course by doing the following this test.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 4 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).