By Roland Costea, Cybersecurity & Privacy Leader
Build EU GDPR Data Protection & Privacy compliance from scratch (CIPT)
Course description
**** Updated**** 12+ hours of GDPR content and 61 templates !!!!
No prior GDPR knowledge is needed.
We have added new content related to GDPR for HR, GDPR for Cloud Service Providers, DPO role and how to initiate it, PSD 2 and GDPR relationship + more EXAMPLES
CIPT, CIPM and CIPP/E certification preparation in a complete learning plan
This is the 1st course in a 5 course series that will drive you to Data Privacy expert and will allow you to go for all IAPP certifications
Learn what GDPR regulation is and what is needed in order to achieve GDPR compliance.
The course starts with GDPR foundations, explains data privacy concepts and what GDPR compliance means and also offers documents, policies and procedures that can be reused and adapted for your own organization in order to start GDPR programme.
Part of the documents include GDPR assessment tool, GDPR Data Privacy Impact, GDPR Implementation Guide, GDPR Data Breach Procedure etc
Learn how to hire a DPO (Data Privacy Officer) and what are the needed skills for the job. Also learn how to initiate the role.
You will be able to analyze a company GDPR compliance programme and to think properly by step by step examples. You will be able to use our templates and provide step by step recommendations.
We have included new topics related to GDPR for HR, GDPR for Cloud Service Providers and the DPO role in an organization + how to initiate it.
The course is a complete A to Z GDPR training, so we will cover everything that you need to know.
In the end of the learning PATH, you will learn how to pass all IAPP certifications, CIPT, CIPM and CIPP/E, not only CIPT, by practicing on real questions!
Every report will end up with recommendations that usually involve technology that can solve GDPR challenges. In this way I will demonstrate some security concepts by using different cloud technologies and we will use Azure cloud as a matter of experiment for this course.
The course is delivered in a mix of over the shoulder lessons and powerpoint presentations. So, either I show you clicks on the screen and how exactly you do different actions, or I present you the full concept using slides. On top of that, you will get downloadable resources that will help you in your journey.
I strongly recommend that you go through every lecture one time and then go back to the beginning and start to take action – in this way everything will get much more sense.
As a student of this course, you will also get regular updates and access to new additional lectures as they are added.
Related Skills
Course overview - 130
Why start learning privacy with me
What is included in this course
Course Resources
Learning Plan
Evolving compliance requirements
Major risks to a company's IT framework
Application related RISKS
Network related RISKS
Storage related RISKS
Stakeholders expectations for privacy
Privacy vs Security
IT Governance vs Data Governance
The role of the IT professional & other stakeholders in preserving privacy
Privacy Foundational elements - Organizational Privacy Notice
Privacy Foundational elements - Organizational Privacy Policy
Privacy Foundational elements - Organizational Security Policies
Incident Response - Security and Privacy Perspectives
System Development Lifecycle and Enterprise Architecture
GDPR Privacy Impact Assessments (PIA)
Common Privacy Principles
The Collection Process - GDPR Notice
The Collection Process - Choice, Control & Consent
Other topics related to Collection
Use
Security Practices and Limitations on Use
Disclosure
Retention - Records, Limitations, Access
Retention - Security Considerations
Destruction
Identity and Access Management (IAM)
Limitations of Access Management & Least Privilege principle
UBAC & RBAC
Context of Authority
Cross Site Authentication & Authorization Models
Credit card information & Processing
PCI-DSS & PA-DSS
Remote Access & BYOD - Privacy & Security Considerations
Remote Access & BYOD - Access to Computers & Architecture controls
Data Encryption - Design Considerations
Application, Record and Field Encryption
File & Disk Encryption
Encryption Regulation & Crypto Standards
Other Privacy enhancing Technologies
Software Notifications and Agreements
GDPR short intro
Format & Definitions
Principles
Lawfulness
Gap Assessment Tool
Management Commitment
Preparation Project Plan
GDPR_Roles
How to capture Personal Data in a Form
GDPR Privacy Data Protection Policy
Data Subject Request Procedure
Data Protection Impact Assessment (DPIA)
How to treat international transfers
Data Breach and Incident Response Procedure
ISO and GDPR
Privacy by design
Organizational Privacy Strategy for Social Media
Consumer Expectations
Children's Online Privacy
Social media - personal information collected
Social media - personal information shared and ownership
E-commerce personalization
Online Advertising
Key considerations when posting ADs on your website
Understanding cookies, beacons and other tracking technologies
Web Browser Privacy and Security Features
Wireless Technology - RFID
Wireless Technology - NFC, Bluetooth & WiFi
Location Based Services (LBS) - generalities
Location Based Services (LBS) - GPS
Location Based Services (LBS) - GIS
Surveillance of Individuals
Data surveillance & Biometric recognition
Data Protection & Direct Marketing
The concept of Direct marketing
The right to opt-out
Marketing Requirements under e-Privacy Directive
Postal Marketing
Telephone Marketing
Electronic Marketing
Location Based Marketing
Online Behavioral Advertising (OBA) and GDPR
Where do privacy &HR meet
More difficult to rely on Consent
Data Protection Principles from HR perspective
Consent, no longer an option for HR
Legitimate interests
Pseudonymisation
Cross Border HR Data Transfers under GDPR
Changes to employee data management under GDPR
DPOs and DPIAs from HR perspective
Data breaches and what to take away from that
Action Steps from HR perspective
HR related policies and procedures
Contracts of employment - what to look for
Data Protection Policy
GDPR terms and how they relate to recruiting
Map your recruiting data
Create a privacy policy for recruiting
Source candidates online with care
Ensure you job application process complies with GDPR
Ensure your software vendors are compliant
Looking at GDPR the right way
Controllers and Processors
CSP as a processor and GDPR
Technical and organisational measures
Subcontracting
Detailed impact on cloud contracts
Clauses between a processor and a sub-processor
Codes of conduct, certifications and compliance
Important steps to compliance
Choosing a hosting provider
What businesses need to do
Advices for CSPs and Software providers
GDPR and IoT approach
There is far more in this space
GDPR requirements in an IoT context
Robots, AI, IoT and BigData
Introduction - what you will going to see in this section
Identity Protection demo (AAD IP)
Privileged Identity Management demo (PIM)
Mobile Productivity policies demo (Intune)
Classification, Labelling and Protection of Information demo (AIP)
Cloud App visibility
Security in Cloud environemnts
ATP Incident Response