About this course
The data protection officer (DPO) is a key element of accountability as required by the General Data Protection Regulation (GDPR), which has been applicable since 25 May 2018. The designation of a DPO is mandatory for public authorities and other organisations if their core activities require regular and systematic monitoring of data subjects on a large scale or consist of processing on a large scale of special categories of data.
As DPO, you are expected to:
- Inform and advise controllers/processors and employees
- Monitor compliance with the data protection law and internal rules and regulations regarding data protection
- Provide advice on data protection impact assessment
- Cooperate with supervisory authorities.
This course is designed to help you to refresh and update your data protection knowledge. Concrete examples, role playing, peer-to-peer discussions as well as relevant and realistic case studies will help you to refine your expertise and deepen your understanding of your duties and responsibilities. You will be able to benefit from the knowledge and the practical experience of the trainers to support the performance of your daily tasks, make it easier to deal with challenging and complex issues in a structured manner and take decisions in a pragmatic, but still compliant manner.
Course methodology and highlights:
We believe that practical know-how is the key to effective learning. This course therefore includes:
- Individual preparation for the course: you are invited to bring along any information about the mission, vision, values and data protection (GDPR) framework and governance within your organisation for case study;
- Group and individual assignments;
- Practical exercises on DPO roles and responsibilities;
- Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainers and other participants;
- Room for note taking on what you learn, so that you can apply it to your own situation.
- Relevance: EIPA has direct insight into the workings of the European Union;
- Never alone: you will be part of a growing network of colleagues and professionals throughout Europe;
- Quality assurance: all our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate;
- Combine fun and facts: this course is held in one of Europe’s most charming cities. Discover the many opportunities to relax and experience what this region has to offer.
Who this course is for:
- DPOs and managers exposed to questions related to data protection and the management of the related risks, plans and solutions
- Data protection experts and advisors
- Certified DPOs
- Anyone in the public or private sector who is responsible for their organisation’s compliance with the GDPR.
What you will learn in this course
- How to deal with controllers’ expectations and manage diverging objectives in the business environment (stake holder management)
- How to ensure data protection by design and by default in a fast changing digital and legal environment
- How to assess data protection compliance and how it is interlinked with IT security
- Risk analysis & management
- How to assess issues related to personal data transfers
- What actions to take in case of personal data breaches
- How to implement controls.
By the end of the course, you will be able to:
- Facilitate the development of an effective data protection strategy & plan
- Draft specific policies & procedures
- Manage data breaches
- Ensure data-protection compliant transfers of personal data
- Define the pragmatic approaches to ensure GDPR compliance within your organisation
- Support your organisation in identifying gaps to be addressed in view of GDPR compliance
- Advise your organisation how to manage personal data
- Support a data protection communication & training plan
- Develop your professional international network in the field of data protection.
European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE, Maastricht
Ms Eveline Hermens
Tel.: + 31 43 3296259
The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.
EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.
Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.
For all other participants, the regular fee applies.
Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.
EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.
Prior payment is a condition for participation.
For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.
EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).
|Trainers: Dr Barbara Eggl, Data Protection Expert, former DPO European Central Bank, Frankfurt (DE)
Fernando Poças da Silva, Portuguese Data Protection Authority, Lisbon (PT)
|09.15||Welcome; objectives of the course
Rita Beuter, Senior Expert, European Policies, EIPA, Maastricht (NL)
|09.30||The General Data Protection Regulation (GDPR) and its key principles and related challenges
How to ensure security of personal data processing
An overview of the threats posed to personal data and how to protect against
Tools and methodologies used to conduct risk assessments and risk management
Data Protection Impact Assessment: practical approach
|Assignment: conducting a data protection impact assessment|
|14.15||Data Protection Safeguards
|Assignment: identify data protection safeguards for a particular use case|
|16.45||Data Breach Management: how to respond to a data breach|
|09.00||Data Breach Management: how to respond to a data breach (continued)|
|Assignment: analyse data breach: case studies and examples|
|09.45||Respond to Data Subject’s Rights: practical approaches|
|11.15||Create a Data Protection culture within your organisation|
|Assignment: analyse do’s and don’ts of data protection communication & training plans|
|12.15||Recent Jurisprudence of the ECtHR and the CJEU
Angela Bardenhewer-Rating, Senior Legal Advisor, Data Protection Officer, Anti-Fraud OLAF & Ethics Officer, Fusion for Energy, Barcelona, (ES)
|14.00||End of the Refresher course|