Name: Remove GDPR Risk from Your Business - Simply.
Rating: 4.5 (34 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byJohn Owens, Pam Walton

Last updated 6/2019

English

What you'll learn

How to identify any processes in your business that put it at risk from a breach of GDPR
How to evaluate these risks and devlope a proposal for how they ought to be removed.
How to actually remove all identified risks and update all business processes to reflect this.
How to make your business compliant with the requirements of the General Data Protection Regulation (GDPR).
You will have a clear understanding of GDPR and how it applies to your business.
You will know the major legal roles within the GDPR and know which of these your business plays.
How to create documentation that will satisfy the requirements of your management team and GDPR regulators.
How to create a Privacy Statement for your business that will meet the requirements of GDPR.

Course content

9 sections • 27 lectures • 2h 23m total length

Introduction2:31
During this lecture you will get to know your instructor, who will explain the the format of the course and what you will have achieved when you have completed it.
Introduction to GDPR and Determine if it Applies to your Business or Project4:00
During this lecture you will gain an understanding of:

The essentials of the General Data Protection Regulation (GDPR).
Who GDPR is designed to protect.
How to determine if GDPR applies to your business
Know the Major GDPR Roles of Controller and Processor.3:28
During this lecture you will learn the major legal GDPR Roles of Controller and Processor, identify:
Which of these your business performs.
Which of these Third Parties perform on behalf of your business.
Legal implications for your business for these roles.
Test Your Knowledge on the General Data Protection Regulation

Define the Data Types that can identify a Data Subject.4:11
Learn the GDPR role of Data Subject and the various GDPR Data Categories used to identify a Data Subject.

You will learn the various GDPR Data Categories that can be used to identify a Data Subject. You will also determine what Data Categories are processed within your own business.

What is a Business Process?3:03

You will receive a description of a Business Process along with some examples from our own business. You will then document your own Business Processes and determine which ones process Personal Data.

Document Your Business Processes
Listing the Steps that make up your First Business Process1:59
Having documented your Business Processes in the previous lecture you will now document each of the steps that make up each of the processes starting with the first one.
Document the Steps for Your First Business Processes
Begin Your GDPR Documentation3:39
During this lecture we will demonstrate how to open a worksheet to document a Business Process and list the Process Steps in Column A.
Begin your Official Documentation for your GDPR Compliance.

What Personal Data are you Collecting, Using or Processing in your business7:38
Now that we had documented the steps in our first business process we needed to determine and document what Personal Data items are being collected, used or processed by each of the steps.

We also needed to identify and document any risks to the personal data or to our business.

You will document each of the data types against each of your process steps which collect, use or process the personal data of individuals who are protected by the GDPR.

You will also identify and document any risks to the personal data or to our business.
Document the Data Type your Business Collects, Uses or Processes
Document the Software or Computer System used to process Personal Data4:57
During this lecture we will recap on the GDPR role of Processor and we will document the software or computer system used to collect, use or process the personal data.
We also need to identify and document any risks to the personal data or to our business.

You will document the software or computer system used to collect, use or process the personal data.

You will also identify and document any risks to the personal data or to our business.
Document the Software or Computer System used to Process Personal Data
Document the Type and the Location of Storage Devices used by the Processor5:07
Now that we have documented the software or computer system used to process personal data, we need to document how and where the personal data is stored by the Processor.
We also need to identify and document any risks to the personal data or to our business.
You will be able to document the type of storage devices used by your processor as well as the location of these storage devices.
You will also identify and document any risks to the personal data or to our business.
Document the Type and Location of Storage Devices used by the Processor

Retaining Personal Data and your Business Retention Policy4:36
Introducing retention periods for personal data under GDPR. We will recap the various data categories and provide further extracts from the regulation with regard to retention periods.
Define and Document Retention Periods for Personal Data your Business Processes8:23
This lecture will explore how long you currently retain the personal data you collect, use or process and why the personal data is retained for this period of time. We will also provide some examples of why personal data may need to be legally kept for longer periods.

You will be able to document the retention periods within your own business, explain why your business has these retention periods and be aware of the risks your business may need to mitigate.
Document the current Retention Period for the Personal Data within your Business

Document How Personal Data is Deleted at the end of the Retention Period.4:11

This lecture will explore how you currently delete personal data at the end of the retention period or when requested to do so by an individual. It will also highlight the difference between a client 'unsubscribing' and actually being deleted from your marketing software.

You will document how you currently delete personal data within your own business and be aware of the risks your business may need to mitigate

Document How Personal Data is Deleted at the end of Retention Period.

Document the Access to the Personal Data within your Business. Who, What & Why9:32

This lecture will identify which roles within your business have access to the personal data. What personal data the roles have access to and why.

You will be able to document the access to the personal data within your business and update your GDPR documentation.

What Roles within Your Business have Access to the Personal Data you Process?
Specify the Device the Role uses to Access the Data and how it is protected3:28
Having identified why each role has access to the specific personal data we now need to document information regarding the computer or other devices being used by the Business Roles. We also need to look at how each of these devices are protected to prevent unauthorized access to the personal data.

You will be able to document what computer or other device the Business Roles use to access the specific personal data.
You will document the current protection each of the access computers and systems have in place to prevent unauthorized access to the personal data.
You will also document any risks that you identify to the personal data or to your business.
What Computer or Other Device the Business Role uses to Access the Personal Data

Assess and Document the Required Action to Mitigate all Identified Risks.18:58
This is, perhaps the most critical section of your GDPR Project as it is all about assessing and documenting the required action needed to reduce or mitigate the risks to the personal data that you have identified. It will also document the actions you have actually taken to reduce or mitigate these risks.
You will assess and document the required action to reduce or mitigate the risks you have identified during the documentation of your first process.
You will also document the actual actions you have taken within your business to mitigate these risks.
Document the Required Actions needed to Reduce or Mitigate the Identified Risks
Document the Actual Actions taken to Reduce and Mitigate all Identified Risks9:58
In this final lecture in this section we will document all the actions that have actually been taken in your business to reduce or mitigate all of the risks to personal data that have been identified for this business process.

You will document the actual actions that have been taken in your business to reduce or mitigate all of the risks to personal data that have been identified for this business process.

These actions will be used in the next section to update your business processes and your GDPR documentation.
Document the Actual Actions taken in your Business to Reduce and Mitigated Risks

Update your Audit Trail for your Management Team and GDPR Regulators4:36
As we have identified all the actual actions that need to be taken to reduce or mitigate the risks you have identified in your business, you will need to update your audit trail for the process you have just completed.
Update your Audit Trail for your Management Team and GDPR Regulators.
Update each of the Process Steps to Reflect the Actions that have been taken13:02
We will now document how the actual actions that we took to eliminate risks, changed what needed to be entered in Columns A to M.
You will update any documentation that needed to be change to reflect the actual actions that were taken in your business to eliminate any risks that you identified.
Update each of the Process Steps to Reflect the Actions that have been taken.

Complete the GDPR Documentation and Audit Trail for all of your Business.3:52

Congratulations and Well Done! you have now completed the GDPR documentation, including an audit trail, for a single business process that processes Personal Data in your business. You will now go to the next process you identified in Section 2 lecture 3 that collects, uses or processes Personal Data, select the next worksheet in your GDPR Project Spreadsheet and repeat the steps beginning at Section 2 lecture 4

Activity: Complete the GDPR Documentation and Audit Trail for your Business0:26
Complete the GDPR Documentation and Audit Trail for the Whole of your Business.
Congratulations, you have now completed your GDPR documentation and audit trail for the whole of your business.

Create an Outline for a Privacy Statement for your Business6:38
We will discuss what elements need to be included in a Privacy statement for your business. We will also provide an outline for you to utilize in your own business.
You will create an outline for a Privacy Statement for your business and complete the introduction and the name and contact details for your Data Controller.
Create an Outline for a Privacy Statement
Your Policy regarding Automated Decisions, Mandatory Data and Transfer of Data2:16
We will continue to discuss the content that needs to be included in a Privacy Statement for your business. We will provide information for the following topics:
Do we use data to make automated decisions?
Whether providing data is mandatory
Do we transfer data internationally?
You will add and document these elements for your own Privacy Statement.
Your Business Policy for Automated Decisions, Mandatory Data and Data Transfer.
The Individuals Rights under GDPR4:00
We will continue to discuss the content that needs to be included in a Privacy Statement for your business. We will provide information on the individual's rights under GDPR.
You will add and document this element for your own Privacy Statement.
Incorporating Individual's Rights under GDPR into your Privacy Statement.
The Legal Basis for your Business to Process Personal Data?3:10
We will continue to discuss the content that needs to be included in a Privacy Statement for your business. We will provide information on the legal basis for your business to process personal data.
You will add and document this element for your own Privacy Statement.
Define the Legal Basis for your Business to Process Personal Data?
What Do You Do with your Privacy Statement Now2:02
Now that we have the basic content for our Privacy Statement it is now time to refine it and determine exactly where we are going to display it.
You will refine and re-write your Privacy Statement until it is an honest reflection of the care and responsibility your business takes with an individual's personal data.
You will then publish your Privacy Statement.

Requirements

You should be confident using Microsoft Word software
You should be confident using Microsoft Excel software

Description

The General Data Protection Regulation (GDPR) is ALL about IDENTIFYING, EVALUATING and REMOVING any RISKS in your business associated with the way it gathers and uses the personal information of individuals.

The power of this course lies in the unique structured and staged approach it takes doing just this. This consists of:

Identifying ALL risks that exist in the way that you gather or use personal information.
Evaluating these risks and developing viable actions to remove them.
Removing all of these risks by implementing these actions while, at the same time, creating an audit trail showing what you did and updating relevant business processes to prevent recurrence of these risks.

This course is unique in its blend of the theoretical and the practical.

On the theoretical side, it explains – in plain, non-legalese – all of the major elements and terms of the General Data Protection Regulation (GDPR) that you will need to understand in order to enable you to have confidence that the 5-step approach of the course will lead you safely to GDPR Compliance.

On the practical side, the course starts off by explaining how to establish whether or not GDPR applies to your business. If it does apply, the course then provides you with a highly pragmatic and proven 5-step process to achieve GDPR Compliance. This is laid out step-by-step so that you can follow it without the need to learn any additional special skills or without the need to engage any expensive external consultants.

Broad Audience

This blend of theoretical and practical makes it ideal for a broad audience that includes:

Solopreneurs and small to medium business owners who want to be able to get their own businesses GDPR Compliant without the need for expensive external consultants.

Consultants and contractors who are working on, or about to start, a GDPR project on behalf of their clients.

Consultants and contractors who want to start offering “GDPR Readiness” services to their clients.

Hands-On Activities

The course is packed with practical activities and worked examples to help reinforce your learning at every stage.

It also includes comprehensive templates and example documentation from a real-life GDPR Compliance project to guide and support you.

Not Merely a Training Course

This is not MERELY a Training Course, it is equivalent to a COMPLETE GDPR Project for your business. This means that, if you work through all the lectures and complete all of the assignments then, by the end of this course, not only will you have LEARNED all about how to do a GDPR Compliance project, you will actually have completed one for your own business.

Categories of Personal Data

There are five categories of Personal Data defined within GDPR, which are:

Basic Personal Data
Descriptive Personal Data
Organization-related identifying Personal Data
Absolutely identifying Personal Data
Sensitive Personal Data

The course describes clearly what each of these is.

Risks to Personal Data

GDPR is essentially about identifying and eliminating all potential or actual risks that exist to Personal Data in any business.

The whole approach of this course is to provide you with an easy-to-follow and highly practical process and a set of documentation that will enable you to do precisely this.

Audit Trail

A key component of any successful GDPR Compliance project is a comprehensive Audit Trail that will enable both business management and GDPR regulators to be confident that all risks to Personal Data that existed in the business have been identified, assessed and effectively removed.

The highly effective approach of this course enables you to create a comprehensive audit trail as an integral part of working through the 5-step approach, without any additional, effort.

GDPR Roles

The Course describes all of the key legal Roles within GDPR that all business owners need to be aware and how to identify which of these your business plays.

Automated Processing

GDPR has strict conditions on whether or not a business can use an individuals Personal Data to make automated decisions. The course explains what these are and how they effect the way you use personal data.

Is it Mandatory to Provide Personal Data

The course explains how, under some circumstances, it might mandatory for an individual to provide Personal Data to your business and what you need to do when this is the case.

Transferring Data Internationally

GDPR has very strict conditions regarding transferring Personal Data internationally and the course explains what you need to do to comply with the requirements.

The Rights of the Individual

An individual has eight fundamental rights under GDPR regarding how their personal data can be collected and processed, which are:

The right to be informed.
The right of access.
The right of rectification.
The right to erasure.
The right to restrict processing.
The right to data portability.
The right to object.
Rights regarding automated decision making and profiling.

The course explains each of these rights in detail.

Legal Right to Process Personal Data

Under GDPR, you need to have a lawful basis for processing any Personal Data. There are six available lawful categories and the course explains what each of these is.

Privacy Statement

If you follow all of the steps in the course, your business will be GDPR Compliant. You should now let all your current and prospective clients know this by creating and publishing a privacy statement.

The course walks you step-by-step through how to do this and provides you with a real-life example of what a good Privacy Statement looks like.

Further Information

If you need any further information then please contact us at:

support@kiwi-dreams.co.nz

Who this course is for:

• Small to Medium Business Owners who need a practical, proven, step by step, approach to getting their business GDPR compliant.
• Consultants and Contractors who are involved with GDPR projects for small & medium businesses.
• Ideal for solopreneurs operating in a global market.
• ALL business owners who run a business based within the European Economic Area.
• Small to Medium Business owners who run hotels, motels, B&Bs and other accommodation businesses.
• Crucial for tourism operators who welcome visitors from around the world.

What you'll learn

Explore related topics

Course content

Welcome and Introductions3 lectures • 10min

Document the personal data you process, your processes and your process steps4 lectures • 13min

Document What Personal Data you Process and How and Where this Data is Processed3 lectures • 18min

Defining and Documenting Your Retention Periods for Personal Data3 lectures • 17min

Document Access to the Personal Data within your Business2 lectures • 13min

Assess and Document Required Action to Mitigate all Identified Risks.2 lectures • 29min

Update Your Processes and Create a GDPR Audit Trail4 lectures • 22min

Creating or Updating a Privacy Statement for the Business5 lectures • 18min

Conclusion1 lecture • 3min

Requirements

Description

Who this course is for: