GDPR - How to apply the General Data Protection Regulation

GDPR Demystified: Comprehensive Training on Understanding and Implementing EU Data Privacy Laws

Created bySONIC Performance Support - E-Learning Experts

Last updated 1/2024

English

What you'll learn

You will understand how to effectively implement the GDPR in your company or organization and prevent potential violations and penalties.
You will be able to identify which requirements of the GDPR apply to your specific processing of data.
You will be able to protect your company against punishments caused by GDPR violations.
Become an ambassador for compliance of GDPR regulations in your organisation.

Course content

8 sections • 25 lectures • 1h 8m total length

Trainer Introduction and Course Outline1:35
Practical examples are used to explain the rules and regulations of the GDPR so that, by the end of the course, you will be able to act in compliance with the law, thereby preventing possible financial and reputational damage to your company. After watching this video, please remember to download the Table of Contents!

Why Deal with Data Protection Anyway?3:01
The General Data Protection Regulation has one main objective: to guarantee the protection of personal data.
Ensuring data protection3:42
The GDPR must be applied as soon as data are created that can be traced back to a specific natural person.
The additional material provided for this lecture includes the complete text of the General Data Protection Regulation (GDPR). You do not have to read through the entire thing! The course will refer to individual chapters and articles using specific and concrete examples. Having access to the full GDPR text gives you the opportunity to consult a specific section of the original text, should you so choose.

Introduction to the principles of data protection0:37
The easiest way to internalize the idea of the General Data Protection Regulation is to keep in mind the principles that run like a common thread through this regulation. If you memorize these principles, then you have a good starting point for evaluating whether a specific process merits data protection.
Principle 1: Lawfulness2:12
The data subject must be given clarity about how and to what extent their data is being processed.
Principle 2: Purpose Limitation2:49
Data may only be used for the purpose for which they were collected. If the purpose no longer applies, then the data must be deleted.
Principle 3: Data Minimization3:43
The General Data Protection Regulation states that only data that is appropriate and directly necessary for the specific purpose may be collected.
Principle 4: Data Accuracy2:29
The required "data accuracy" can be divided into three categories: accurate, up-to-date and complete.
Principle 5: Storage Limitation1:51
The principle of storage limitation states that personal data may only be stored for as long as is necessary for the purpose of its processing.
Principle 6: Integrity and Confidentiality1:15
The GDPR uses the term "technical and organizational measures", abbreviated to "TOM", to describe security measures such as the encryption of data or the use of passwords, access controls and room access controls.
Principle 7: Accountability1:23
Accountability, enshrined in Article 5, paragraph 2 of the GDPR, requires data controllers not only to comply with data protection principles, but also to provide evidence of compliance with the GDPR provisions.
Summary of the principles2:54
An overview of the seven principles. The additional material for this lecture includes an overview file (PDF).

Data processing with and without consent7:01
If the data subject explicitly consents to the collection of data, then its processing is generally permissible. Please remember to download the template consent agreement below.
Rights of Data Subjects3:02
Data subjects have a large number of rights arising from the protection of personal data. The GDPR makes the entity processing the data the controller in order to safeguard the rights of the data subject.
The additional material for this lecture includes a sample response when a person requests information about stored data.

Introduction – Responsibilities1:17
Article 24 of the GDPR provides a clear mandate to take appropriate technical and organizational measures to ensure that data processing takes place i
Maintaining a Processing Directory2:46
Almost every company generates a large amount of customer or employee data across a wide variety of areas and categories. In order to ensure compliance, the GDPR mandates that each data controller or processor maintain a record of processing activities.
Technical and Organizational Measures (TOM)1:17
The GDPR requires responsible parties to take measures to ensure that data processing takes place in accordance with the regulation. These include, for example, structural-technical measures such as access control, separation or access control of data, etc.
The additional material provided for this lecture includes an example for technical and organizational measures (PDF).
Order Processing1:39
A common occurrence in the practice of data collection concerns the elicitation, processing or even use of data by an external service provider for another client.
The additional material for this lecture includes a sample for an order processing contract. These templates must of course be adapted to the specific requirements of your company.
Data Breaches2:19
The GDPR responds to the sometimes disastrously lax handling of data breaches in recent years with an obligation to report data breaches immediately.
Certifications2:06
In this video, you will learn about some possible certifications that companies can obtain to prove their compliance with data protection regulations. However, certain restrictions apply to these certifications.

Introduction2:03
According to Article 44, any data transfer that does not meet the requirements of the GDPR is prohibited. However, the aim of Article 44 is not to prohibit data transfers in principle, but to ensure greater data security.
Data processing in countries with an adequacy decision1:37
Once an adequacy decision is made, companies can transfer personal data to that country or organization without the need for further security measures.
Data processing in third countries without an adequacy decision9:23
Article 46 of the GDPR requires "appropriate safeguards" for data transfers to third countries to ensure the rights of data subjects are protected.

Requirements

Basic handling of PC, Mouse and Keyboard are useful.
Basic Internet skills are useful.
An interest to avoid charges caused by violation of data protection laws. Attention! Ignorance or carelessness are no excuse and do not protect against fines.
Knowledge of the actual state of data protection in your company is helpful but not necessary. It enables you to make more profound judgments and decisions when comparing with the new regulations and its consequences.

Description

Training Description

Welcome to this comprehensive training on the General Data Protection Regulation (GDPR), a key piece of legislation that has a significant impact on businesses within and outside the European Union. The GDPR has been in force since May 2018. The aim of the training is not only to provide you with the theoretical knowledge, but also to equip you with practical examples and resources so that you can apply the provisions of the GDPR in your day-to-day work in a legally compliant manner. The regulation consists of 11 chapters and 99 articles. However, we only focus on the parts that have the most practical relevance for most of us. You will also receive handouts and have the opportunity to test and consolidate your knowledge with quizzes.

____________________________________________________

THIS COURSE GOT A COMPLETE UPDATE IN JANUARY 2024.
____________________________________________________

Target Group

This training is designed to raise the awareness of anyone who processes personal data. It is not intended to train data protection officers and does not replace legal advice.

Method

The trainer will provide comprehensive insights into the GDPR in an easily comprehensible and engaging manner. Take advantage of the supplementary materials incorporated into the training. Conclude the session with a quiz to test and reinforce your newfound understanding of the GDPR.

Course Objectives

After completing this training, you will understand how to effectively implement the GDPR in your company or organization and prevent potential violations and penalties.

Chapter Overview

Introduction
What’s Data Protection All About?
The Seven Basic Principles of Data Protection
The Foundations of Data Processing and Rights of
Data Subjects
Responsibility of Data Controller or Processor
The Data Protection Officer
Transfers of personal data to third countries
Summary

Who this course is for:

All employees in organisations who work with, control, or process personal data from EU-Citizens.
Data Protection Officers - for evaluating mandatory training for employees working with personal data from EU-Citizens.
Everyone who runs a website, newsletter or blog where EU-citizens can subscribe to.

GDPR - How to apply the General Data Protection Regulation

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 2min

What’s Data Protection All About?2 lectures • 7min

The Seven Basic Principles of Data Protection9 lectures • 19min

The Foundations of Data Processing and Rights of Data Subjects2 lectures • 10min

Responsibility of Data Controller or Processor6 lectures • 11min

The Data Protection Officer1 lecture • 4min

Transfers of personal data to third countries3 lectures • 13min

Summary1 lecture • 2min

Requirements

Description

Who this course is for: