Beyond the legal and compliance skills, DPO and Data Protection professionals require various skills in domains including Digital transformation, Information and Cybersecurity, Risk assessment and Incident and dreach management. Read more..
2. 1.
LEGAL AND
MANAGEMENT
REQUIREMENTS
Business objectives are
combined with applicable regulations
to identify Data Protection
requirements.
• GDPR Principles: Material scope, Personal scope, and Territorial scope
• Processing principles: Lawfulness of processing, Conditions for consent,
Processing of sensitive data and Processing not requiring identification
• Data subject (DS) Rights: General modalities; Information and access to
data; Rectification and erasure; Right to portability; Right to object; Right
to not be subject to automated individual decision making/profiling
• Remedies and sanctions
• Responsibility of Controller
• Responsibility of Processor and Sub-Processor
• Data Processing Agreement
• Data Protection by Design and by Default
• Records of Processing Activities
• DPO Designation, Position and Tasks
• Cross border data flows today and the road ahead
• International Data Transfers solutions: adequacy, Derogations and
Safeguards
• Role of Certification and Codes of Conduct
• Analysis of Cloud computing (Case discussion)
COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW-
ASBL
3. 2.
RISK AND IMPACT
ASSESSMENT
Risk Assessment and Data
Protection Impact Assessment
exercises shape the
transformation activity
• Data Protection Impact Assessments Context, Relevance
• Risk Management principles, Risk Scenario and their categories
• Risk Response Priority Workflow
• Information Risk Management Steps
• Samples of detailed Risk Scenario Analysis
• DPIA Process in light if the guidelines from the G29 Working Party
• Detailed Walkthrough of the DPIA Process (Risks, Controls, Risks, and
Decisions)
• The Concept of Legitimate Interest
• Shadow IT impact on GDPR Compliance
• Analysis of Internet of Things applications (Case discussion)
• Analysis of Facebook tracking through social plug-ins (Case discussion)
COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW-
ASBL
4. • Defining security controls
• Information Security Management System (ISMS)
• ISO 27001 controls & the impact on Privacy & Data Protection
• Role of the CISO & information security domains
• Privacy Governance & Business Requirements definition
• Differences CISO - DPO
• Security Fundamentals
• Sources of external threat
• Enterprise Security Architecture
• Cybersecurity processes
• Bottom-up approach using comprehensive security controls checklists
• Typical Shortcomings in Existing Management Processes
• Network Security methods and Cloud computing threats
• Identity and access management
• Security information and event management
• Implementing and Demonstrating the effectiveness of security controls
• Security vs Privacy
• Privacy threats and Privacy controls
• Building privacy into systems to counter Vulnerabilities and attacks
• Data protection by design
• Privacy Design Strategies
• Privacy Enhancing technologies
• Analysis of GDPR Accountability versus consent (Case discussion)
• Analysis of Privacy by default in a Geolocation (Case discussion)
• Threat modelling technique for privacy
3.
COMPLIANCE
TRANSFORMATION
Transformation includes program
and project management, process
improvement and the
implementation of adequate
enablers to target protection
levels.
COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW-
ASBL
5. • Personal data categories
• Data Life Cycle Management
• Data Classification Process
• Manage privacy within a classification process
• Apply security rules to software
• Data Flow
• Governance enablers in a privacy transformation
• Seven steps for a Privacy program implementation
• Key success factors for a successful implementation
• Link to external resources and usual privacy frameworks
• Overview of Privacy standards
• The transformation process and Organizational Barriers
• Practical step by step implementation at a complex organisation
• Creating a privacy notice/policy, a consent policy/withdrawal, a Data
breach notification form, and a complaint form
4.
INFORMATION
SECURITY AND
PRIVACY
Build the secure platform within
several architectural layers.
COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW-
ASBL
6. • Response / Breach Management & Communication
• Security of Processing & Data Breach Notification People, Process,
Technology
• Statistics overview and Questionnaires to relate risks of security and
data breaches
• Security operations centre
• Data Breach requirements in GDPR
• Reasons of personal data breach
• Maintain a Personal Data incident/Response Plan
• Incident Handling standards
• Incident identification & classification and key performance indicators
• Incident Management guidance
5.
RESPONSE &
BREACH
MANAGEMENT
Response management and
breach handling activities
require due care and adequate
preparation.
COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW-
ASBL
7. PROFILE
1. Data Protection Officers (DPO)
2. Legal experts and Lawyers
3. Information Security and Information
Technology experts
4. Enterprise and external auditors
5. Compliance Officers
6. General Managers and Financial Officers
7. Data Scientists and Data Management
Professionals
8. Projects Managers
9. Enterprise Architects
10.Public Service personnel
11.Marketing Managers
12.Business Managers
THE
PROGRAMME IN
EUROPEAN
DATA
PROTECTION IS
DEDICATED TO:
8. IndividualThe quality of the
lecturers
THE KNOWLEDGE
A significant
career boost
Organisation
Accelerated
GDPR
compliance
GDPR body
of
knowledge
GDPR
implement
ation cycle
9. Established in 1903, Solvay Brussels School of Economics &
Management is a Faculty of the Université libre de Bruxelles. It
currently holds a leading position in Europe for research and
education in the fields of Economics and Management. The
school‘s core mission is to train business leaders and
entrepreneurs with the ability to adapt to the ever-changing
nature of Society and to shape tomorrow’s world.
Professor Georges Ataya founded executive education
Programmes and Masters in digital management, including data
protection, Information Technology, Information Security and
cybersecurity in 2001.
ABOUT US