Overview
The GDPR is important for all EU and non-EU companies that are offering goods or services to identified or identifiable EU natural persons ("data subjects"), organizations processing personal data of EU data subjects, or organizations that monitor the online behaviour of EU data subjects. Non-EU companies that have no local presence in the EU are also in the scope of the regulation.
Target Audience
The program is beneficial to:
- Managers and employees working at the strategic, tactical, and operational levels of risk management, compliance, information security and IT management.
- Data protection and privacy managers, employees, auditors, and consultants.
- Marketing managers and persons involved in profiling.
- Controllers and processors.
- Vendors, suppliers, and service providers.
Duration
One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client..
Instructor
Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program.
Course Synopsis:
Understanding the General Data Protection Regulation (GDPR)
- An overview of the GDPR.
- What is different now.
- The important decision of the Swiss Federal Council.
Understanding the new regulatory obligations
- Important Articles of the GDPR.
- The increased importance of information security, international standards, and best practices (Art 2, 4, 5, 9, 10, 25, 30, 32, 35, 40, 45, 47).
- "Privacy by design" and "privacy by default" (Art. 25 GDPR), "due regard to the state of the art" ((78), (83), Art. 25, Art. 32 GDPR).
GAP Analysis
- Performing a data privacy assessment for each department - understanding current business processes that create or use customer data.
- Establishing what must be changed: Enterprise-wide privacy governance structure with clearly defined roles and responsibilities, privacy risks and controls, customer profiling, enterprise-wide personal data retention and destruction, handling customers’ personal data requests, privacy data breaches, data breach response, third parties and outsourcing, data across the borders, privacy training tailored to the employee’s roles and responsibilities.
- Policies, Procedures, Communication, Enforcement. Everybody must understand the new obligations - the Board, the CEO, senior management, and all departments.
Case Studies
- Swiss or non-EU organizations that offer goods or services to EU data subjects via their web site or an online shop.
- Swiss or non-EU organizations that process data in EU countries.
- Swiss or non-EU firms that collect data of EU data subjects’ behaviour for marketing purposes.
Closing
- The Swiss Data Protection Act (DPA) and the “EU-US Safe Harbour” regulation adopted by Switzerland.
- The revised DPA - largely analogical rules and provisions with the GDPR.
- The decisions of the Swiss Federal Data Protection and Information Commissioner (FDPIC).
For more information, you may contact us.
Terms and conditions
You may visit: https://www.cyber-risk-gmbh.com/Terms.html
Cyber security is ofter boring for employees. We can make it exciting.