Ultimate Privacy by Design Data Protection Course(GDPR,LGPD)

Lessons from Chief Security Officer (CISO) of SAP

also an ex IBM-er, MICROSOFT-er, Accenture, Cognizant, Genpact and Cisco

5+ hours video content

60+ lessons

2023 update

MY FIRST PROMISE TO YOU is the following: You will be prepared to pass 3 IAPP certifications in less than 30 days if you follow the below learning plan:

Course 1: Build EU GDPR data protection compliance from scratch (CIPT)

Course 2: How to succeed in a Data Privacy Officer Role (GDPR DPO, CIPM)

Course 3: GDPR Privacy Data Protection Case Studies Explained (CIPP/E, CIPM, CIPT)

Course 4: Ultimate Privacy by Design Guide - step by step strategies with examples (CIPM, CIPT) - we are here!!!

Course 5: Build Security Incident Response for GDPR Data Protection (incl. parts from CIPT and CIPM also)

Course 6: (part of CIPP/US): California Consumer Privacy Act (CCPA) - Complete course

Course 7: Build a cybersecurity career and earn more than 150k per year

My name is Roland Costea and after spending my last 8 years working for Microsoft, IBM, Genpact and Cognizant as a Privacy & Security Director being able to create hundreds of integrated security & privacy programmes for top organizations in the world, I have decided to put all my experience together in a comprehensive privacy LEARNING PLAN, to show how to actually make Data Privacy operational and most importantly how to think out of the box.

I have been involved in engineering privacy for a lot of industries including Automotive (Mercedes-Benz, Geely, Volvo) and also provided DPO as a service for several other top companies in Europe and US. I have worked and developed the privacy strategy for Microsoft & IBM for the whole Central & Eastern Europe and also drived Cognizant Security & Privacy business in DACH.

Certifications I hold: CIPT, CIPM, CISSP, CDPSE, CRISC, CISM, CCSK, CCSP, LPT, CEH, ECSA, TOGAF

Protecting private information has vital and obvious implications for everyday life, and the only way companies can successfully do this is to create a culture of privacy.

The only solution -- the only way to change people’s behavior -- is to embed privacy in the very fabric of the organization. That’s why Privacy by Design, a decades-old application design and development strategy, is now being discussed as a foundational strategy for entire organizations.

The original goal of Privacy by Design was developing best practices that ensured application developers were building privacy into their products from the ground up. Even if concern for customer or employee privacy wasn’t the highest priority, there was always profit -- it is very expensive to re-engineer privacy into a product following a failure.

Today, these best practices are more important than ever. Increasing amounts of data have created an ever-expanding attack surface, and complex new regulations demand a foundational approach to privacy. In fact, Article 25 of the GDPR is titled “Data Protection & Privacy by Design and by Default.”

Organizations face an ever-growing number of attack vectors related to privacy, including the internet of things (IoT), government and business data over-collection and unread mobile app permissions such as allowing scanner apps to keep and sell the data they scan.

This course is not about the GDPR, CCPA or LGPD in essence, though it can certainly be used as a process for data protection & privacy by design and default (Article 25 of the GDPR regulation). Most probably you are already enrolled in my bestseller “Build EU GDPR from scratch course” which goes for GDPR from all perspectives. This course is not meant to comply with any specific regulation, though use of the correct privacy-by-design process herein will help organizations comply with many regulations. This course is about how to build better processes, products and services that consider individuals’ privacy interest as a design requirement. It is about how to build things that people can trust.

There are four sections I have created. Section 2 provides introductory remarks, including an introduction to Ann Cavoukian’s 7 Foundational Principles of Privacy by Design, a short history of regulatory adoption and past challenges that privacy-by-design practitioners have faced. Given its 10-year history in the privacy professionals’ community, many readers may already be familiar with Cavoukian’s principles. This section also contains something most privacy professionals, outside academia, may not be aware of. Here I discuss what I feel is the impetus for why companies must build privacy into their processes, products and services and not rely on individuals’ self-help to protect their own privacy.

For those not familiar with the Solove Taxonomy of Privacy or the Hoepman Strategies, most probably the majority of you, Section 3 is a must. The two frameworks form the basis for identifying and mitigating privacy risks in the privacy model developed in that section. Section 4 describes how to analyze the privacy model built in Section 3.

In the analysis section, a risk model is built using the Factor Analysis of Information Risk with a focus on individual risks over organizational risks and tweaks in the terms and definitions for privacy beyond information security. Designers may never need to determine privacy risk explicitly but understanding the factors that influence privacy risk provides a deeper understanding of why the process is built the way it is. The last section, Section 5, details the design procedure, while using the other sections as reference