GDPR Risk & DPIA
Part of the Risk Analysis is the Personal Data Protection Impact Assessment. This is the next stage of the project in connection with the completed GAP Analysis and Data Flow Audit. An audit report that you will learn to compile correctly is a key document for audit authorities. You can easily handle others with GDPR patterns yourself.
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget audience
Risk analysis is another obligation according to Articles 24, 25 of the EU GDPR Regulation. If you want to learn how to risk assessment, this is the fastest way to do it.
The methodology is based on risk management according to the MoR standard. As part of the purpose of the workshop, it is nostrified into the Czech legislative environment.
You will learn the practical aspects of risk analysis and management in an organization in the context of personal data protection. This is in the whole life cycle: from identification, through classification, to the application of principles and measures (pseudonymization, modification of directives, restriction of access).
Typical graduates:
- Members of the GDPR project team
- DPO graduates
- Applicants who want to learn the impact analysis in terms of GDPR requirements
Who is this course for?
All who are methodically responsible for GDPR Compliance. If you want to practically manage DPIA (Data Protection Impact Assessment), this is the fastest way to do it.
The DPIA is always responsible for performing the DPIA, but it can also be performed by a third party. Therefore, this workshop is important for all who work in organizations that process personal information in both the private sector and government.
Typical graduates:
- Internal auditor
- HR, Internal Lawyer
- Business, Marketing
- IT & Security Management
- GDPR consultants and advisers
Aims of the course
- Eliminate GDPR non-compliance risks
- Try the example of the Privacy Impact Assessment
- Prepare a risk analysis in the sense of EU GDPR Art. 24, 25
- Properly perform impact analysis, evaluate outputs and implement measures
- Develop recommendations for subsequent organizational and technical measures
Managerial benefits
You will prepare your own sample GPDR risk analysis!
We will try to assess the risks to the rights and freedoms of entities. We will follow a methodology based on GDPR requirements. We will focus on the impacts of the data subject. Together we will develop a matrix of risks (activities x threats x vulnerabilities).
We will focus on the most sensitive data assets. You will learn the methodology of evaluation, categorization and implemented measures for these risks in terms of integrity, confidentiality and availability.
You will also acquire the following know-how:
- Define criteria for risk categorization
- Evaluate which risks can be accepted
- Identify high risks, including resolution procedures
- We will explain when and why consultation with the supervisory authority is required
Organisational benefits
You will learn to minimize the risks associated with personal data protection. Exactly as defined by Data Protection Impact Assessment (DPIA)
We will show you how to methodically correctly and timely evaluate the impacts of personal data processing in the organization. We will discuss examples of how to minimize risks and comply with the law on personal data protection.
1 day intensive workshop is designed to give you maximum information, examples and recommendations. You will learn the methodology that is the most effective for many reasons.
Agenda
09:00 - 10:30
Basics of risk management
- Management of Risk
- ISO 27005, ISO 31000
- Information security risk management process
Risk Analysis
- How to proceed in the analysis (determination) of risks
- Qualitative and quantitative risk estimates
- Identification and valuation of assets
- Threats and vulnerabilities of GDPR
- Incident characteristics
10:30 - 10:45
Coffee Break
10:45 - 12:15
** Reporting **
- How to compile a management report
- List of risks by size and characteristics
- Evaluation and reporting of findings
** How to work with outputs **
Proper procedures and risk acceptance criteria from the manager's point of view
12:15 - 13:15
Lunch
13:15 - 14:45
Methods of risk treatment
- reduction
- patience (acceptance)
- avoidance and transfer of risk
GDPR Risk Management
- Context with the GDPR risk management system
Possibilities and advantages of comparison with other risks in the organization in order to make the necessary decisions.
DPIA Principles
- Principles of personal data protection assessment
Legal requirements for DPIA
- Guidelines for regulators
14:45 - 15:00
Coffee Break
15:00 - 16:45
Getting Started
- How to perform DPIA
- When the risk is acceptable
DPIA Assessment
- How to create DPIA procedures
- Audit of results and next steps
Workshop - practical exercises
- Practical models of risk analysis
- Generic threats and vulnerabilities
- Derivation of risk and its evaluation
Learn risk analysis and DPIA of personal data directly from the GDPR Lead Auditor!
This updated course will teach you to identify, analyze, evaluate and implement risk measures in the area of personal data protection and cyber security.
The risk analyzes and assessments of the impact on the protection of personal data, even with interesting results, are not of major importance if the identified risks are not systematically managed (treated).
You will learn to perform GDPR and DPIA analysis in the overall context of risk management.
You can plan and specify requirements for detailed and problem-oriented risk analysis. An experienced auditor will introduce you to various approaches and methodologies, their pitfalls and recommend suitable solutions.
- Block duration 45 minutes
- Hours 8 hours
- Refreshments Yes
- Exam No
Prerequisites
GDPR Risk Analysis can be categorized as an advanced course that includes 80% practical scenarios and only 20% theory.
Therefore, knowledge of the GDPR at the basic implementation level is required, or at least in the qualification of the Data Protection Officer
Workshop leader
František Nonnemann
Frantisk has been dealing with the issue of law and practice of processing and protection of personal data for more than ten years. After graduating from the Faculty of Law of Charles University in Prague, he worked for many years in leading positions at the Office for Personal Data Protection, including as the head of the legal department.
He also participated in the preparation of the accredited course Commissioner for Personal Data Protection, is the author of the Handbook for Commissioners, is also involved in the development of other GDPR services, sample documents, methodologies, created an online free tool for GDPR Audit and now collaborates in the working group for GDPR certification Compliance.
Active activities in European working groups for personal data protection as well as in international control activities cannot be neglected either. He is a co-author of a commentary on Act No. 101/2000 Coll., On the protection of personal data, as well as a commentary on the GDPR, as well as a number of professional articles.
- 2016 - present| TAYLLORCOX: GDPR Auditor
- 2016 - present| Moneta
- 2006 - 2016 | ÚOOÚ
- 2000 - 2006 | Law faculty, Charles Univerisity
Lucie Balýová
Problematice ochrany osobních osobních údajů se věnuje již více než 10 let, a to zejména s ohledem denní užívání v praktické aplikaci, provádění auditů ochrany osobních údajů, lektorské a poradenské činnosti. V advokátní praxi se zaměřuje nejen na ochranu osobních údajů, ale také na IT právo a kybernetickou bezpečnost, kdy se jednotlivé specializace zásadně doplňují pro řešení konkrétních případů.
Lucie hojně publikuje v odborných periodikách, je členkou odborného spolku gdpr.cz a autorkou několika odborných knih, a často se vyjadřuje k dotazům problematiky osobních údajů, IT práva či kybernetické bezpečnosti a vyučuje i na několika vysokých školách.
Graduate ratings
Excellent review ☆☆☆☆☆ from 1426 reviewers
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
- GDPR nonymizováno
- 04.11.19
- ☆☆☆☆☆
- Letiště Praha
Výborný.
- GDPR Anonymizováno
- 04.11.19
- ☆☆☆☆☆
- 2K Consulting
Velmi dobré.
- GDPR Anonymizováno
- 04.11.19
- ☆☆☆☆☆
- Letiště Praha
Výborný.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Metropolnet
Celková spokojenost.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Ministerstvo financí
Praktický kurz.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Oblastní nemocnice Jíčín
Splnil očekávání. Srozumitelný přednes.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Metropolnet
Vše srozumitelně podáno. Dotazy vysvětleny. Kurz je výborně připraven i veden.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Home Credit
Přínosné co se týče vysvětlení metodiky. Příklady z praxe, názorné zpracování.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Oblastní nemocnice Kolín
Praktické ukázky, podrobné.
- GDPR Anonymizováno
- 24.06.19
- ☆☆☆☆☆
- Česká pošta
Prezentování složitého tématu srozumitelným způsobem a s přihlédnutím k praktickému použití.
View the next 10 reviews of our graduates
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
