GDPR and How to Conduct a Data Protection Audit

08/05/2019 - 09/05/2019
Location: Maastricht (NL)
Project number: 1911501

GDPR and How to Conduct a Data Protection Audit

Rated 4.00 out of 5 based on 1 customer rating
(1 customer review)

From:  900,00

This course will provide you with the insights and techniques to successfully plan and execute an audit of your organisation’s compliance with the EU General Data Protection Regulation (the GDPR).

This course will provide you with the insights and techniques to successfully plan and execute an audit of your organisation’s compliance with the EU General Data Protection Regulation (the GDPR).  You will learn about the key aspects of the GDPR and how to ensure they are being implemented within your organisation.  During the course you will gain an understanding on how to identify the scope of an audit and how to conduct a successful audit within that scope. At the end of the course, you will leave with an understanding as to why effective audits are key to maintaining compliance with the GDPR and how such audits can be planned and conducted.

What you will learn in this course:
  • The key elements of the GDPR
  • The importance of an effective audit
  • The techniques to define the scope of the audit
  • Understanding Risk assessment and risk management, which are Key to GDPR
  • Data Protection Impact Assessments (DPIA) and their importance to GDPR
  • Developing an audit plan
  • Conducting an audit
  • Presenting the findings of an audit
  • Integration of the audit with your organisation’s management system
  • Dealing with issues and continuous improvement
By the end of the course, you will:
  • Be able to assess your organisation’s compliance with the GDPR
  • Be able to facilitate the development of an effective audit plan
  • Be able to conduct a fair, impartial, and unbiased audit
  • Have exchanged experiences with colleagues from other organisations and countries
Who is this course for:
  • Anyone, in both public and private sector, with a responsibility for the compliance of their organisation with the GDPR
  • Anyone who’s involved with the assurance and continuous improvement of the GDPR in their organisation
  • (Future) internal auditors
Course methodology and highlights

We believe learning happens best with practical knowledge. So this course includes:

  • Individual preparation for the course: you are invited to bring along any information about the mission, vision, values, and data protection (GDPR) framework within your organisation for casework
  • Detailed explanations of the key concepts, principles, its actors and roles in the field of GDPR
  • Group and individual assignments
  • Interactive approach. The module’s structure will give you the possibilities to ask questions, share experience, knowledge, needs and challenges with the trainer and other participants
  • Room for note making of the learning with respect to your own situation

WEDNESDAY 8 MAY 2019

 

Trainer: Brian Honan, BH Consulting, Dublin (IE)

 

Auditing GDPR

 

 

09.00

Introduction to the course

 

 

 

Introduction of GDPR basics
A general introduction to the EU General Data Protection Regulation and its key principles

 

 

 

Threats to Data
An overview of the threats posed to data and how they can be protected against

 

 

10.30

Coffee break

 

 

 

Risk Management
Overview. The various methodologies used to conduct risk assessments and risk management. Risk management is key to GDPR

 

 

 

Assignment: conducting a risk assessment

 

 

12.30

Lunch

 

 

14.00

Data Protection Safeguards
An overview of the key protections that should typically be in place to protect data entrusted to your organisation. This will look at the areas of:

  • Policies and procedures
  • Technical safeguards for electronics and physical data
  • The safeguards relating to people that should be in place

 

 

 

Assignment:  identifying data protection safeguards for a particular use case

 

 

15.30

Coffee break

 

 

16:00

Data Breach Management
An overview of what should be in place to enable an organisation respond to a data breach within the requirements of the GDPR

 

 

 

Assignment: Analyze a recent publicly known data breach

 

 

17.30

End of the day

 

 

19.00

Dinner in a restaurant in town

 

 

 

 

THURSDAY 9 MAY 2019

 

 

09.00

Key Audit Principles
An overview of what an audit is and how audits are performed. This will include:

  • Roles and responsibilities
  • An overview of the different types of audit
  • Definition of audit findings

 

 

10:30

Coffee break

 

 

 

Planning an Audit
The key to a successful audit is to have a solid plan. This should entail:

  • Defining the Scope of the Audit
  • Determining who should be present at the audit
  • Agreeing timelines

 

 

 

Assignment: Plan an audit of your organisation

 

 

 

Conducting an Audit
Auditing the Effectiveness of controls

Audit Interview techniques, which ones to use and when

 

 

 

Assignment: conduct a mock audit interview

 

 

12:30

Lunch

 

 

14:00

Conducting an Audit
Auditing the controls for GDPR in the areas of:

  • People
  • Process
  • Technology
  • Physical

 

 

15:30

Coffee break

 

 

16:00

Assignment: conduct a mock audit

 

 

 

Audit Findings
Documenting and Presenting Findings of Audit
How to rate a finding
Items to include in the report to support your findings

 

 

17.30

End of the GDPR Audit Course

Course venue
European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE, Maastricht
the Netherlands

Programme Organiser
Ms Eveline Hermens
Tel.: + 31 43 3296259
e.hermens@eipa.eu

Fee
The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts
EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Meals
Lunches and the reception will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations
EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Confirmation
Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Payment
Prior payment is a condition for participation.

Cancellation policy
For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.). 

1 review for GDPR and How to Conduct a Data Protection Audit

  1. Rated 4 out of 5

    Marios Theophanous

    This was a very constructive and useful course.
    It helps Auditors to acquire a general knowledge of the GDPR and how they can exercise internal audit on one business.
    It helps the DPOs to consider GDPR from a different perspective and, on one hand, how to exercise internal control within the scope of their duties to monitor compliance with the GDPR, on the other hand, how to approach the issues of auditing and staff involved in their business.
    Concerning the organization of the seminar, it was excellent.

Add a review

Your email address will not be published. Required fields are marked *