Do you comprehend GDPR? Or that a company that fails GDPR can get a € 20 million fine? Take this free online course.
Publisher: Rahul Kumar Sharma.
This free online General Data Protection Regulation (GDPR) course will guide you through everything you need to know about European data security regulations. Data protection regulations can be difficult to accurately understand and use, however, any company that fails to satisfy GDPR compliance can be fined up to €20 million. This free online course will teach you everything you must know about GDPR to protect yourself from financial loss.
General Data Protection Regulation – Learning Outcomes
Having finished this module you will be able to:
– Explain the definition of the General Data Protection Regulation (GDPR).
– Describe what communities can do to prepare for the GDPR.
– Explain the function of the Data Protection Officer (DPO) in the GDPR.
– Describe confidential data security guidance for microenterprises.
– List and explain five actions organizations can implement to secure cloud-based environments.
– Explain how the GDPR affects the personal individual and their data protection rights.
- The following records are available for download from the Resource Documents section at the start of the course.
- GDPR – Full Text of Regulations: This record gives the full text of the GDPR.
- GDPR – Infographic: This is a summary of the 12 steps of preparing for the GDPR.
- GDPR – Glossary of Legal Terms: This is a list of the legal terms used in the GDPR (This glossary is also presented on the next page).
- The European Union Data Protection Authorities include links to the data protection authorities of their member countries.
- GDPR Checklist Templates for SMEs: A group of templates that SMEs can use when preparing for GDPR.
GDPR – Get aware, and get prepared!
- The General Data Protection Regulation (GDPR) greatly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations of organizations.
- The GDPR will give greater control to someone over their data by setting out additional and more clearly defined rights for individuals whose personal data is gathered and processed by organizations and businesses.
The GDPR and Data Protection
The General Data Protection Regulation (GDPR) will replace current data security laws in the European Union.
The new law will give someone greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is gathered and processed by organizations. The GDPR also imposes corresponding and greatly increased obligations on organizations that collect this data.
Personal data is any data that can identify a person. This includes:
– a name,
– an ID numeral,
– location data (for example, site data collected by a mobile phone) or a postal address,
– online browsing record,
– images or anything connecting to the physical, physiological, genetic, mental, economic, cultural, or social identity of a person.
The GDPR is based on the core regulations of data protection that exist under the current law. These principles require organizations and businesses to:
- Collect no more data than is essential from an individual for the purpose for which it will be used;
- Obtain personal data fairly from someone by giving them notice of the collection and its specific purpose;
- Retain the data for no longer than is required for that specified purpose;
- Keep data safe and protected;
- Provide someone with a copy of his or her data if they request it.
What Can Organisations Do Now to Prepare for the GDPR?
The following are areas that all institutions should cover to prepare effectively for the GDPR. These areas will be covered in more detail in the following pages.
- Becoming Aware
- Becoming Accountable
- Communicating with Staff and Service Users
- Personal Privacy Rights
- How will Access Requests change?
- What do we mean when we talk around a ‘Legal Basis
- Using Consumer Consent as grounds to process data
- Processing Children’s Data
- Registering Data Breaches
- Data Protection Impact Assessments (DPIA) and Data Protection by Design and Default
- Data Protection Officers
- International Organisations and the GDPR
The Data Protection Officer (DPO) Role in the GDPR
The Data Protection Officer (DPO) role is an important GDPR invention and a cornerstone of the GDPR’s accountability-based keeping framework. In extra to supporting an institution’s compliance with the GDPR, DPOs will have an essential role in acting as intermediaries between relevant stakeholders (e.g. supervisory management, data subjects, and business units within an organization). The DPO will have experienced standing, independence, expert knowledge of data security and, to quote the GDPR, be ‘involved properly and promptly’ in all issues relating to the protection of personal data.
As early as possible and well in advance of May 2018, the DPC recommends all organizations that will be required to have a DPO appoint one. With the authority to carry out their essential function, the Data Protection Officer will be of pivotal importance to an organization’s preparations for the GDPR and fulfilling the accountability obligations.
A DPO may be a member of staff at the proper level with the appropriate training, an external DPO, or one shared by a group of organizations, which are all options provided for in the GDPR.
It is important to note that DPOs are not personally accountable when an organization does not comply with the GDPR. The GDPR makes it clear that it is the controller or the processor who is required to confirm and be able to demonstrate that the processing is following the GDPR. Data protection compliance is ultimately the responsibility of the regulator or the processor.
Who needs a DPO?
- All public authorities and bodies, including country departments.
- Where the core activities of the organization (controller or processor) consist of data processing procedures, which require regular and systematic monitoring of individuals on a large scale.
- Where the core activities of the organization consist of special categories of data (ie health data) or private data relating to criminal convictions or offenses.
Bringing into account the scale, complexity, and sensitivity of their data processing operations, institutions should proactively decide on the qualifications and level of exercise required for their Data Protection Officer.
In undertaking such an assessment, organizations should be aware that various training options may be pursued. Some training courses are one-day sessions, while some are online only. Others direct to academically accredited certificates such as diplomas from nationwide law societies.
Other professional training programs are recognized internationally and offer professional qualifications that require an ongoing commitment to training to maintain the professional qualification.
The following non-exhaustive list of factors should be taken into consideration when selecting the proper DPO training program:
- The content and means of the workout and assessment;
- Whether training leading to certification is required;
- The situation of the accrediting body;
- Whether the training and certification are recognized internationally.
In any case, a Data Protection Officer should contain a suitable level of expertise in data protection law and practices to enable them to carry out their critical role.
Four Key Ways to Secure ICT Systems
Four key ways to assist microenterprises in confirming their Information and Communications Technology (ICT) strategies under the GDPR:
- Understand your data
- Determine the Right Level of ICT Security
- Data Collection and Retention Guidelines
- Operating Data Processors
How will the details be provided?
When you exert your rights under the General Data Protection Regulation, the information provided to you must be:
– Provided in a concise, transparent, understandable, and easily accessible form, utilizing clear and plain language, particularly for any information collected from a child.
– The information must be provided in writing, or by other means, including, where applicable, by electronic means.
– Where the data issue requests by electronic form mean, where possible, the details must be provided by electronic standards, unless otherwise requested by you.
– When asked by you, the details may be provided orally, provided that your uniqueness is proven by other means.
– Except in the circumstances where your rights are restricted, a data controller cannot refuse to act on your request to exercise your rights unless the controller shows that it is not in a position to identify you.
– Where a data controller has reasonable doubts about your identity, the data controller may request the provision of additional information necessary to confirm your individuality. This is only appropriate in respect of the rights of entry, rectification, erasure, restricted processing, data portability, to oppose, and concerning automated conclusion making and profiling.
What are the time boundaries for dealing with requests to exercise my rights?
When a request to exert your rights is made, a data switch must:
– Provide information on the step taken without undue delay;
– In any event, within 1 month of token of the request;
– The 1 month may be raised by 2 further months, where necessary, taking into account the complexity and number of requests, where necessary.
- You will be notified by the data controller within one month of receiving the request for an extension and the reasons for the delay.
– If the switch does not take action on foot of your request, the data controller must inform you without delay and, at the latest, within 1 month of receipt of your request, of:
- The reasoning for not taking action;
- The possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
General Data Protection Regulation – Course Assessment
Before you start…
Your Assessment(you need to score 80% or more to pass)
This Course Assessment will now allow you to scan your learning so you can determine your knowledge and knowledge of the following areas: – General Data Protection Regulation Remember, if you do not achieve the required standard after the first try, you can re-take the assessment until a successful outcome is achieved.
You will be assessed on the next Learning Outcomes:
- Explain the intention of the General Data Protection Regulation (GDPR).
- Describe what communities can do to prepare for the GDPR. – Explain the role of the Data Protection Officer (DPO) in the GDPR.
- Describe personal data security tips for microenterprises.
- List and explain five steps institutions can implement to secure cloud-based environments.
- Explain how the GDPR affects the personal individual and their data protection rights.
To know more about the course or to join the course