About this course
Compliance with the General Data Protection Regulation (GDPR) requires a deep understanding of the legislation by the organisations that handle personal data. The Data Protection Impact Assessment (DPIA) is one of the most important activities for an organisation to demonstrate its compliance with the GDPR. Carrying out a DPIA is one of the requirements under the GDPR for certain types of data processing. As part of a DPIA, an organisation must describe its processing activities related to personal data as well as assessing and mitigating risks. A DPIA can be a complex and time-consuming activity that requires expertise in several domains, in particular in terms of technological and information security. Evaluating the potential impact that a project, proposed system or scheme might have on the privacy of a data subject is a key factor in demonstrating compliance.
This course will provide you with the insights and techniques to successfully plan, execute and validate a DPIA report. You will learn about the key aspects of performing a DPIA and ensure that this compliance requirement is implemented in the project cycle within your organisation. During the course, you will gain an understanding of when a DPIA is needed, how to assess the risks and mitigate them, how to validate the DPIA report and when you need to arrange a prior consultation with the Supervisory Authority according to Article 36 of the GDPR.
At the end of the course, you will have an understanding as to why effective DPIAs are key to maintaining compliance with the GDPR. You will help people in your organisation better understand that processing personal data is a responsibility that they must take seriously, as they are protecting a fundamental right of the data subjects that entrust you with their information.
Course methodology and highlights
We believe practical know-how is the key to effective learning. This course therefore includes:
- Detailed explanations of the key concepts and principles of the GDPR, as well as of its actors and their roles
- Group assignments;
- Practical exercises to perform a DPIA;
- Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainer and other participants;
- Several methodologies will be used, in particular the ones to perform a DPIA as used by the CNIL (FR), plus methodologies by other supervisory authorities.
- Relevance: EIPA has direct insight into the workings of the European Union
- Never alone: you will be part of a growing network of colleagues and professionals throughout Europe
- Quality insurance: all of our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate.
- Combine fun and facts: this course is held in one of the most charming cities in Europe. Discover plenty of opportunities to relax and explore what the area has to offer.
What you will learn in this course
- The key elements of a DPIA;
- To decide on the need to conduct a DPIA;
- The importance of a DPIA;
- The methods to perform a DPIA;
- Understanding risk assessment and risk management, which are key to the GDPR;
- Performing a DPIA;
- The dos and don’ts of a DPIA;
- Validating a DPIA report;
- When to perform a prior consultation as per Article 36 of the GDPR.
By the end of the course, you will be able to:
- be able to decide on the need to perform a DPIA;
- be able to conduct a DPIA;
- be able to assess privacy risks;
- be able to suggest mitigation measures for privacy risks;
- be able to draft a DPIA report;
- be able to understand and validate a DPIA report;
- be able to decide on whether to carry out a prior consultation.
European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE, Maastricht
Ms Winny Curfs
Tel: + 31 43 3296320
The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.
EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.
Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.
For all other participants, the regular fee applies.
Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.
EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.
Prior payment is a condition for participation.
For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.
EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).
Trainer: Fernando Poças da Silva, Portuguese Data Protection Authority, Lisbon (PT)
|09.00||Introduction to the course|
|General overview of a DPIA
|10.45||Threats to personal data and risk management
|14.00||Assignment: practical case
|16.00||Conducting a DPIA
|17.30||End of the day|
|19.00||Dinner in a restaurant in town|
|10.45||Assignment: practical case
|16.00||Assignment: practical case
|16.45||Golden rule of a DPIA
|17.30||End of the course|