The General Data Protection Regulation (GDPR) for EU and non-EU based companies.

Overview

The GDPR is important for all EU and non-EU companies that are offering goods or services to identified or identifiable EU natural persons ("data subjects"), organizations processing personal data of EU data subjects, or organizations that monitor the online behaviour of EU data subjects. Non-EU companies that have no local presence in the EU are also in the scope of the regulation.

Target Audience

The program is beneficial to:

- Managers and employees working at the strategic, tactical, and operational levels of risk management, compliance, information security and IT management.

- Data protection and privacy managers, employees, auditors, and consultants.

- Marketing managers and persons involved in profiling.

- Controllers and processors.

- Vendors, suppliers, and service providers.

Duration

One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client..

Instructor

Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis can also lead the class. His background and some testimonials can be found at: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf

Course Synopsis:

Understanding the General Data Protection Regulation (GDPR)

- An overview of the GDPR.

- What is different now.

- The important decision of the Swiss Federal Council.

Understanding the new regulatory obligations

- Important Articles of the GDPR.

- The increased importance of information security, international standards, and best practices (Art 2, 4, 5, 9, 10, 25, 30, 32, 35, 40, 45, 47).

- "Privacy by design" and "privacy by default" (Art. 25 GDPR), "due regard to the state of the art" ((78), (83), Art. 25, Art. 32 GDPR).

GAP Analysis

- Performing a data privacy assessment for each department - understanding current business processes that create or use customer data.

- Establishing what must be changed: Enterprise-wide privacy governance structure with clearly defined roles and responsibilities, privacy risks and controls, customer profiling, enterprise-wide personal data retention and destruction, handling customers’ personal data requests, privacy data breaches, data breach response, third parties and outsourcing, data across the borders, privacy training tailored to the employee’s roles and responsibilities.

- Policies, Procedures, Communication, Enforcement. Everybody must understand the new obligations - the Board, the CEO, senior management, and all departments.

Case Studies

- Swiss or non-EU organizations that offer goods or services to EU data subjects via their web site or an online shop.

- Swiss or non-EU organizations that process data in EU countries.

- Swiss or non-EU firms that collect data of EU data subjects’ behaviour for marketing purposes.

Closing

- The Swiss Data Protection Act (DPA) and the “EU-US Safe Harbour” regulation adopted by Switzerland.

- The revised DPA - largely analogical rules and provisions with the GDPR.

- The decisions of the Swiss Federal Data Protection and Information Commissioner (FDPIC).

For more information, you may contact us.

Terms and conditions

You may visit: https://www.cyber-risk-gmbh.com/Terms.html