Online course GDPR data protection regulation

GDPR regulation training: do you need a data protection officer? Do you have a data protection officer? What is a DPA? Do you need a certificate course? Looking for data protection training? Sign up by phone - 028505364

Updated and expanded personal data protection training - Receive a BONUS course on "Personal Data Protection in Recruitment, Employment and Termination Procedures"

NIT - New Internet Technologies Ltd. offers e-learning for personal data protection "GDPR regulation for personal data protection", after passing which each participant receives a certificate.

The training addresses the key rulings, terms and concepts of the GDPR and aims to assist organisations in the difficult road ahead to meet its requirements. You will answer the question: do you need a data protection officer? You will find it easier to create your own data protection policies. You will find it easier to determine what data falls into the category of personal data. What is a data processor? What are your obligations in the DPA? What personal data are employers allowed to process? What is personal data under the GDPR? What is sensitive personal data?

The training is delivered entirely remotely, at your convenience. All you need is a computer/laptop or mobile device with internet access. There is no need to travel, attend lectures or conform to timetables and programmes. Once you request and pay, you'll receive a personal account and within one calendar month, you'll be able to complete the e-learning at your convenience - stopping and continuing until completion. After passing, our system will issue you with a certificate that you can print out.

What our training includes?

GDPR data protection regulation

Module 1. Introduction to the General Data Protection Regulation

a) Brief background.
b) When did the GDPD enter into force?
c) Objectives.
d) Territorial scope.
e) To whom does the Regulation apply?
f) To whom does the Regulation NOT apply?

Module 2: Personal data

a) What is personal data?
b) Definition of other more important terms in the Regulation.

Module 3: Basic concepts

a) Consent of the data subject.
b) Consent of children.
c) Data protection by design and by default.
d) Mandatory appointment of a data protection officer in specific cases.
e) Data transfer provision of personal data to third parties

Module 4. Principles relating to the processing of personal data

a) Legality, fairness and transparency.
b) Purpose limitation.
c) Data minimisation.
d) Accuracy.
e) Limitation of storage.
f) Integrity and confidentiality.
g) Accountability.

Module 5. More rights for data subjects

a) Transparency.
b) Right of access.
(c) Right to rectification.
d) Right to erasure (right to be forgotten).
e) Right to restrict processing.
f) Right to data portability.
g) Right to object.
h) Right not to be subject to a decision based solely on automated processing, including profiling.

Module 6. Security of personal data

a) Notification of a personal data breach to the supervisory authority, the DPA.
b) Notification of a personal data breach to the data subject.
c) What do you need to do to comply?

Module 7. Administrative penalties

(a) Maximum administrative fines for personal data breaches
(b) What influences the decision to impose an administrative penalty?

Module 8. GDPR and human resources

a) How to use and store the personal data of your employees.
b) GDPR checklist: requirements for HR departments and recruitment agencies.

Module 9. Practical tips on preparing for GDPR

Module 10. Frequently asked questions and their answers

Final test

Additional materials:

Tests - 2: an entry test to assess how ready your organisation is to meet GDPR and a final test to assess what you have learned from the training.
Game tasks.
Examples.

In the privacy training you will have access to free downloadable resources:

1. Notification to the supervisory authority of a personal data breach.
2. Notification to the data subject of a personal data breach.
3. Sample structure and content of a regulation for the implementation of technical and organisational measures for the protection of personal data.
4. Sample structure and content of a procedure for a personal data protection impact assessment.
5. Model structure and content of a procedure on the conditions and procedures for consent to processing by data subjects.
6. Model structure of an information security incident management procedure in relation to the protection of personal data.
7. Model structure and content of a procedure on the conditions and procedures for exercising the rights of data subjects.
8. A model structure and content for a privacy policy.
9. "Mapping" - analysis of personal data and tracking of processing.

Protection of personal data in recruitment, employment and termination procedures

1. Protection of personal data in the recruitment procedure

1.1. Data that the employer may require in the recruitment process
1) Job application data (CV)
2) Data at job interview
1.2. Data that the employer may not request
1.3. Information the employer must provide to job applicants
1.4. Consent to the processing of personal data and purpose of processing
1.5. Online recruitment (online survey via social networks)
1.6. Processing of data after the recruitment procedure has been completed

2. Protection of personal data in employment

2.1. Privacy Policy
2.2. Data at the conclusion of an employment contract and employment record
2.3. Access to personal data
2.4. Data transfer
2.5. Access to information and protection of personal data
2.6. Sensitive personal data
2.7. Access to the Internet and e-mail at work
2.8. Employer's rights and obligations to monitor company cars
2.9. Methods of surveillance

3. Termination of employment

3.1. Post-employment data processing
3.2. Transfer of personal data between former and current employer
3.3 Personal data in work email and electronic devices
3.4. Processing of personal data of former employees during an employment tribunal

4. Requests for information relating to the processing of personal data

5. Procedures for employee complaints about improper processing of personal data

Final test

Why sign up for our data protection training? Because it's comprehensive, useful and has no hidden strings attached. It is conducted online and a certificate is issued at no extra cost.
Book your GDPR - New General Data Protection Regulation course by clicking here or call 02 8505364.

When does the General Data Protection Regulation (GDPR) come into force? The deadline for organisations to comply with GDPR has passed and the fines for non-compliance are significant.

The GDPR regulation aims to modernise and align EU Member States' policies on how personal data is collected and used.

The document was approved by the European Parliament in April 2016 and will replace the national data protection laws of the 28 European Union (EU) Member States from 25 May 2018.

Since then, all organisations that process individuals' personal data must comply with the new requirements or suffer significant administrative (note financial) penalties.

What necessitated the creation of GDPR regulation?

The current EU policy on personal data is set by the 1995 Data Protection Directive 95/46/EC. It (like every other EU Directive) was not automatically implemented, and each Member State introduced its own interpretation into national law. This has led to a patchwork of similar but not identical data protection requirements across the EU. As a result, organisations trying to do business with different EU countries were faced with inconsistent data protection requirements.

Moreover, in the period since the Directive came into force (mid-1990s), there have been significant changes in the ways in which businesses and individuals acquire and use information and personal data. Many tools and devices that are popular today, such as smartphones, connected devices, etc., did not exist then. Logically, this Directive was already in strong need of updating and modernisation.

Who the GDPR applies to?

The GDPR applies to both controllers (i.e. the organisations responsible for determining the purposes and means of processing personal data) and processors (organisations that may be engaged by controllers to process personal data on their behalf).

They have to comply with a number of specific obligations or will be subject to sanctions if they fail to meet the criteria set out in the Regulation and may face claims from a data subject.

The GDPR applies to controllers and processors of personal data:

who are located within the EU;
who offer goods and services to EU residents (including free services such as Facebook);
who monitor the behaviour of EU residents (advertising agencies).
providing personal data to third parties

What is the impact of GDPR regulation on organizations and digital marketing?

The data subject (each individual user) must explicitly opt-in/give explicit permission, for the processing of personal data - pre-ticked data boxes or the assumption that consent is given by default will not suffice. Profiling can only be done after explicit consent.
Organisations need to be specific about what happens to the data.
The data subject has the right to refuse their consent for the data to be processed and the organisation must stop access to the service if they choose to do so. If the data subject has consented to their personal data being administered and processed for any purpose, they should be able to withdraw their consent at any time.
Consent tracking is mandatory. The data controller (the organisation collecting the data) must know when consent was given.
Data subjects have the right to access the information collected about them and a 'right to an explanation' in which they can ask why an algorithmic decision has been made for them.
Data subjects have the right to access the information collected about them and a 'right to an explanation' in which they can ask why an algorithmic decision has been made for them.
Some organisations must appoint a data protection officer who is responsible for ensuring the organisation complies with the GDPR.
IP address tracking is prohibited.

Which organization in Bulgaria is responsible for compliance with the General Data Protection Regulation (GDPR).

Administrative penalties

To ensure compliance with the requirements set out in the GDPR, administrative fines have been introduced. The maximum administrative fine is up to €20 million or 4% of the total annual worldwide turnover for the previous financial year, whichever is higher.

If you are interested in our services or have any further questions, you can contact us on +359 2 850 53 64, e-mail: office@nitbg.com, or by completing the contact and enrolment form below.