GDPR Training

Online Instructor-led (4 days)

Online Self-paced (32 hours)

Official EU General Data Protection Regulation (EU GDPR) Foundation Exam

Certified EU General Data Protection Regulation (EU GDPR) Foundation And Practitioner

Module 1: Introduction to the GDPR​

  • GDPR in a Nutshell​
  • Generate Customer Confidence​
  • Focus of GDPR​
  • What is Personal Information? ​
  • Who has PII? ​
  • Lawful Processing of Personal Data

Module 2: Binding Corporate Rules ​

  • Introduction
  • Scope​
  • UK ICO’s View of the Scope​
  • Processing GDPR Definition​
  • Who Processes PII? ​
  • What is Special Data? ​
  • Legal Framework​
  • Timeline​ and Derogations​
  • Some Key Areas for Derogation​
  • Data Breaches/Personal Data Breach​
  • Consequences of Failure​
  • Governance Framework​

Module 3: GDPR Terminology and Techniques ​

  • Key Roles​
  • Data Set​
  • Subject Access Request (SAR)​
  • Data Protection Impact Assessments (DPIA) ​
  • What Triggers a Data Protection Impact Assessment? ​
  • DPIA is Not Required
  • Processes to be Considered for a DPIA​
  • Responsibilities​
  • DPIA Decision Path​
  • DPIA Content​
  • How Do I Conduct a DPIA? ​
  • Signing Off the DPIA​
  • Mitigating Risks Identified by the DPIA​
  • Privacy by Design and Default​
  • External Transfers​
  • Profiling​
  • Pseudonymisation​
  • Principles, User Rights, and Obligations​
  • One Stop Shop​

Module 4: Structure of the Regulation​

  • Parts of the GDPR​
  • Format of the Articles​
  • Articles​

Module 5: Principles and Rights​

  • Introduction
  • Legality Principle​
  • How the Permissions Work Together​?
  • Lawfulness of Processing Conditions​
  • Lawfulness for Special Categories of Data
  • Criminal Offence Data​
  • Consent
  • Transparency Principle​
  • Fairness Principle​
  • Rights of Data Subjects​
  • Purpose Limitation Principle​
  • Minimisation Principle​
  • Accuracy Principle​
  • Storage Limitation Principle​
  • Integrity and Confidentiality Principle​
  • Accountability Principle​

Module 6: Demonstrating Compliance​

  • Demonstrating Compliance with the GDPR ​
  • Impact of Compliance Failure​
  • Administrative Fines​
  • What Influences the Size of an Administrative Fine?
  • Joint Controllers​
  • Processor Liability Under GDPR​
  • Demonstrating Compliance
  • Protecting PII is Only Half the Job
  • What must be Recorded? ​
  • Additional Ways of Demonstrating Compliance​
  • Demonstrating a Robust Process​
  • PIMS (Personal Information Management System) ​
  • Cyber Essentials​
  • ISO 27017 Code of Practice for Information Security Controls​
  • Risk Management​

Module 7: Incident Response and Data Breaches​

  • What is a Personal Data Breach? ​
  • Notification Obligations​
  • What Breaches Do I Need to Notify the Relevant Supervisory Authority About? ​
  • What Information Must Be Provided to the SA? ​
  • How do I Report a Breach to the SA? ​
  • Notifying Data Subjects​
  • What Should I do to Prepare for Breach Reporting? ​
  • Updating Policies and Procedures​
  • Breach Reporting and Responses ​
  • Ways to Minimise the Breach Impact​

Module 8: Understanding the Principle Roles

  • What does the GDPR Makes Businesses Responsible For?
  • Difference Between a Data Controller and a Data Processor
  • How the Roles Split?
  • Controllers and Processors
  • Main Obligations of Data Controllers
  • Demonstrate Compliance
  • Joint Controllers and EU Representative
  • Controller-Processor Contract
  • Maintain Records and Keeping Records for Small Businesses
  • Cooperation with Supervisory Authorities
  • Keeping PII Secure
  • Data Breach Transparency
  • Role of the Data Processor
  • Controller-Processor Contract
  • Main Obligations of the Processor
  • Perform Only the Data Processing Defined by the Data Controller
  • Update the Data Controller
  • Sub-Process or Appointment
  • Keep PII Confidential
  • Maintaining Records
  • Cooperate with Supervisory Authorities
  • Security
  • Appoint a DPO – If Necessary
  • Transferring Data Outside the EU

Module 9: Role of the DPO

  • Role of a Data Protection Officer
  • Involvement of the DPO
  • Main Responsibilities of the DPO
  • Working Environment for the DPO
  • Must We Have A DPO?
  • Public Body
  • What does Large Scale mean?
  • Systematic Monitoring
  • Who Can Perform the Role of DPO?
  • Skills Required
  • Monitoring Compliance
  • Training and Awareness
  • Data Protection Impact Assessments (DPIAs)
  • Risk-Based Approach
  • Business Support for the DPO
  • DPO Independence
  • DPO – Conflict of Interest

Module 10: UK Implementation

  • Key Differences Between the Data Protection Act and the GDPR
  • Highlights from the Data Protection Bill
  • Definition of Controller
  • Health, Social Work, Education, and Child Abuse
  • Age of Consent
  • Exemptions for Freedom of Expression
  • Research and Statistics
  • Archiving in the Public Interest

Module 11: Key Features

  • Specific Permission
  • Privacy by Design
  • Data Portability
  • Right to be Forgotten
  • Definitive Consent
  • Information in Clear Readable Language
  • Limits on the Use of Profiling
  • Everyone Follows the Same Law
  • Adopting Techniques

Module 12:  Subject Access Requests and How to Deal with them?

  • Subject Access Requests (SAR)
  • Dealing with SAR
  • Recognise the Request
  • Understand the Time Limitations
  • Dealing with Fees and Excessive Requests
  • Identify, Search, and Gather the Requested Data
  • Learn about What Information to Withhold
  • Developing and Sending a Response

Module 13: Data Subject Rights

  • Must I Always Obey a Right?
  • Rights and Third Parties
  • Requests Made on Behalf of Other Data Subjects
  • Guidelines for Children's Maturity
  • Responding to a Rights Request
  • What is a Month?
  • Rights Request Flow Chart
  • Right to be Informed
    • When Should Information Be Provided?
    • Best Practice Guidance
  • Right of Access
  • Right to Rectification
  • Right to Erasure
    • When can I Refuse to Comply with a Request for Erasure?
    • Erasing Children's Data
  • Right to Restrict Processing
    • When Processing Should be Restricted?
    • Protecting PII
    • Other Issues about Restricting Processing
  • Right to Data Portability
  • Right to Object
    • Complying with the Right to Object
    • Rejecting the Right to Object
    • Processing for Direct Marketing Purposes
    • Processing for Research Purposes
  • Rights Related to Automated Decision Making and Profiling
    • When does the Right not apply?

Module 14: Subject Access Requests

  • Provenance
  • Overview: SARs
  • SAR is an Activity, Not a Title
  • How can a SAR be Submitted?
  • What Information Should the Response to a SAR Contain?
  • Additional Information
  • Replying to a SAR
  • Confirming a Data Subject’s Identity
  • Scope
  • Electronic Records
  • Non-Electronic Records
  • SARs Involving 3rd Party PII
  • Fees
  • Refusing a Subject Access Request
  • Access Requests from Employees
  • Credit Reference Agencies
  • Best Practice for SARs

Module 15: Lawful Processing

  • Lawful Processing: A Reminder
  • User Rights Change Depending on the Justification
  • Lawfulness of Processing Conditions
  • Lawfulness for Special Categories of Data
  • UK ICO Tool
  • Consent
  • Key Points About Consent
  • Affirmative Action and Explicit Consent
  • Introduction of Affirmative Action
  • What is Not Affirmative Action?
  • Examples of Affirmative Action from the ICO
  • Introduction of Explicit Consent
  • Explicit Statement
  • Obtaining Explicit Consent
  • ICOs View of a Poor Form of Explicit Consent
  • Obtaining Consent for Scientific Research Purposes
  • Getting Consent
  • What Should Go into the Consent Request?
  • Consent Granularity
  • Right to Withdraw Consent
  • Children
  • Consent Records
  • ICOs Examples of Record Keeping
  • Key Points When Establishing Consent
  • Legitimate Interests
  • Getting the Balance Right
  • Consent or Legitimate Interest?
  • What Lawful Basis Can be Used for Processing Marketing PII?

Module 16: Third Country Data

  • Cross Border Transfers
  • Transfer Mechanisms
  • Derogations
  • Adequacy
  • Adequate Ways to Safeguard Transfers of PII
  • Consent
  • One-Off or Infrequent Transfers
  • Who is Responsible?
  • Transferring PII Between EEA Members
  • Adequate Countries Outside of the EEA
  • Binding Corporate Rules (BCR)
  • What a BCR Must Cover?
  • Authorisation for BCRs
  • EU-US Privacy Shield
  • Privacy Shield Overview
  • Privacy Shield: Mechanics
  • Model Clauses
  • Public Authority Agreements

Module 17: Introduction to Protecting Personal Data

  • Need to Secure
  • What is Appropriate?
  • Protecting PII – 3 Key Areas
  • Coverage
  • Defensive Design
  • Single Point of Failure (SPOF)
  • Incident Response
  • Data Breach Reporting Requirements
  • Incident Response Team

Module 18: Data Protection Impact Assessments (DPIA)

  • Introduction
  • What Triggers a Data Protection Impact Assessment?
  • Cases Where DPIA is Not Required
  • Benefits of DPIA
  • Processes to be Considered for a DPIA
  • Responsibilities
  • DPIA Decision Path
  • DPIA Content
  • How Do I Conduct A DPIA?
  • Signing Off the DPIA
  • Mitigating Risks Identified by the DPIA

Module 19: Need Want Drop

  • Overview
  • Need-Want-Drop: Concept Diagram
  • Need-Want-Drop: Categorising Data
  • Need/Want/Drop Methodology

Module 20: Dealing with Third Parties and Data in the Cloud

  • What is Cloud Computing?
  • Myths of Cloud
  • Cloud Challenges
  • Controller-Processor Contract
  • Checklist
  • Data Controller - Summary

Module 21: Practical Implications: GDPR

  • Brexit and its Impact on the GDPR
  • Adequacy
  • What does this Mean in Practice?
  • EU and UK Representatives
  • Exemption Rule
  • One-Stop Shop

Module 22: Legal Requirements of the GDPR

  • Lawful, Fair, and Transparent Processing
  • Limitation of Purpose, Data and Storage
  • Data Subject Rights
  • Consent
  • Personal Data Breaches
  • Privacy by Design
  • Data Protection Impact Assessment
  • Data Transfers
  • Data Protection Officer
  • Awareness and Training

Module 23: Privacy Principles in GDPR

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

Module 24: Common Data Security Failures, Consequences, and Lessons to be Learnt

  • Common Data Security Failures
  • Consequences
    • Fines Relating to Data Breaches
    • Litigation from Customers Relating to Data Breaches
    • Directors, Officers, and Professional Advisors
    • Reputational Damage
  • Lesson Learned
    • Knowing When and How to Communicate with Affected Individuals is Not Easy
    • GDPR is Important, as are Other Legal Frameworks

Show moredown

Who should attend this Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Course?

The Certified EU GDPR Foundation and Practitioner Course aims to educate professionals about the details of the GDPR and how to implement and comply with its provisions. This GDPR Training Course can be beneficial for the professionals, including:

  • Data Protection Officers
  • Data Privacy Lawyers
  • IT Security Professionals
  • Compliance Officers
  • Privacy Professionals
  • Legal Professionals
  • Risk and Compliance Managers
  • IT Consultants

Prerequisites of the Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Course

There are no formal prerequisites required for the Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Course.

Certified EU General Data Protection Regulation Foundation and Practitioner Course Overview

The General Data Protection Regulation (GDPR) is a comprehensive data privacy and protection framework enacted by the European Union (EU) to safeguard the personal data of its citizens. The regulation grants individuals' greater control over their data, ensuring transparency, consent, and the right to access, rectify, or erase their personal information, ultimately aiming to harmonise data protection laws across the EU and fortify individuals' rights in the digital age.

The Knowledge Academy's General Data Protection Regulation (GDPR) Course is a comprehensive and in-depth structure designed to equip professionals with the knowledge and skills required to navigate the complex landscape of data protection and privacy regulations. Safeguarding sensitive data is paramount, and this GDPR Training Course provides a deep dive into GDPR, the European Union's landmark legislation.

This 4-day GDPR Training Course provides a detailed introduction to the EU GDPR, and a full overview regarding how to plan and implement a continuous compliance approach. It enables delegates to fulfil the knowledge requirements of a Data Protection Officer (DPO) – a position that is now a legal requirement in EU Organisations with a central data storage and processing function. The Knowledge Academy's GDPR Training Course consists of the EU GDPR Foundation (two days) and GDPR Practitioner (two days) training courses.

Course Objectives

  • To understand the fundamentals of GDPR legislation
  • To comprehend the rights and responsibilities of data controllers and processors
  • To learn how to conduct data protection impact assessments (DPIAs)
  • To develop expertise in data subject consent and management
  • To gain insights into GDPR compliance and risk assessment
  • To master cross-border data transfer regulations
  • To learn best practices for data breach management and reporting
  • To acquire practical skills for implementing GDPR compliance within your organisation

After successfully finishing The Knowledge Academy's GDPR Training Course delegates will possess a comprehensive understanding of GDPR regulations and adherence. They will acquire the abilities necessary to evaluate, execute, and sustain GDPR conformity within their respective companies, guaranteeing the fulfilment of data protection and privacy criteria.

Show moredown

What’s included in this Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Course?

  • Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Examination
  • World-Class Training Sessions from Experienced Instructors
  • Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitioner Certificates
  • Digital Delegate Pack

Show moredown

EU GDPR Foundation Exam Information

To achieve the Certified EU General Data Protection Regulation (EU GDPR) Foundation, candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 45 
  • Total Marks: 45 Marks 
  • Pass Mark: 65%, or 29/45 Marks 
  • Duration: 60 Minutes 
  • Open Book/ Closed Book: Closed Book

EU GDPR Practitioner Exam Information

To achieve the Certified EU General Data Protection Regulation (EU GDPR) Practitioner, candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 30 
  • Total Marks: 30 Marks 
  • Pass Mark: 57%, or 17/30 Marks 
  • Duration: 90 Minutes
  • Open Book/ Closed Book: Closed Book

Show moredown

Online Instructor-led (2 days)

Online Self-paced (16 hours)

Official EU General Data Protection Regulation (EU GDPR) Foundation Exam

Certified EU General Data Protection Regulation (EU GDPR) Foundation Course Outline

This GDPR Foundation Course covers the following topics:

Module 1: Introduction to the GDPR​

  • GDPR in a Nutshell​
  • Generate Customer Confidence​
  • Focus of GDPR​
  • What is Personal Information? ​
  • Who has PII? ​
  • Lawful Processing of Personal Data

Module 2: Binding Corporate Rules ​

  • Introduction
  • Scope​
  • UK ICO’s View of the Scope​
  • Processing GDPR Definition​
  • Who Processes PII? ​
  • What is Special Data? ​
  • Legal Framework​
  • Timeline​ and Derogations​
  • Some Key Areas for Derogation​
  • Data Breaches/Personal Data Breach​
  • Consequences of Failure​
  • Governance Framework​

Module 3: GDPR Terminology and Techniques ​

  • Key Roles​
  • Data Set​
  • Subject Access Request (SAR)​
  • Data Protection Impact Assessments (DPIA) ​
  • What Triggers a Data Protection Impact Assessment? ​
  • DPIA is Not Required
  • Processes to be Considered for a DPIA​
  • Responsibilities​
  • DPIA Decision Path​
  • DPIA Content​
  • How Do I Conduct a DPIA? ​
  • Signing Off the DPIA​
  • Mitigating Risks Identified by the DPIA​
  • Privacy by Design and Default​
  • External Transfers​
  • Profiling​
  • Pseudonymisation​
  • Principles, User Rights, and Obligations​
  • One Stop Shop​

Module 4: Structure of the Regulation​

  • Parts of the GDPR​
  • Format of the Articles​
  • Articles​

Module 5: Principles and Rights​

  • Introduction
  • Legality Principle​
  • How the Permissions Work Together​?
  • Lawfulness of Processing Conditions​
  • Lawfulness for Special Categories of Data
  • Criminal Offence Data​
  • Consent
  • Transparency Principle​
  • Fairness Principle​
  • Rights of Data Subjects​
  • Purpose Limitation Principle​
  • Minimisation Principle​
  • Accuracy Principle​
  • Storage Limitation Principle​
  • Integrity and Confidentiality Principle​
  • Accountability Principle​

Module 6: Demonstrating Compliance​

  • Demonstrating Compliance with the GDPR ​
  • Impact of Compliance Failure​
  • Administrative Fines​
  • What Influences the Size of an Administrative Fine?
  • Joint Controllers​
  • Processor Liability Under GDPR​
  • Demonstrating Compliance
  • Protecting PII is Only Half the Job
  • What must be Recorded? ​
  • Additional Ways of Demonstrating Compliance​
  • Demonstrating a Robust Process​
  • PIMS (Personal Information Management System) ​
  • Cyber Essentials​
  • ISO 27017 Code of Practice for Information Security Controls​
  • Risk Management​

Module 7: Incident Response and Data Breaches​

  • What is a Personal Data Breach? ​
  • Notification Obligations​
  • What Breaches Do I Need to Notify the Relevant Supervisory Authority About? ​
  • What Information Must Be Provided to the SA? ​
  • How do I Report a Breach to the SA? ​
  • Notifying Data Subjects​
  • What Should I do to Prepare for Breach Reporting? ​
  • Updating Policies and Procedures​
  • Breach Reporting and Responses ​
  • Ways to Minimise the Breach Impact​

Module 8: Understanding the Principle Roles

  • What the GDPR Makes Businesses Responsible For?
  • Difference Between a Data Controller and a Data Processor
  • How the Roles Split?
  • Controllers and Processors
  • Main Obligations of Data Controllers
  • Demonstrate Compliance
  • Joint Controllers and EU Representative
  • Controller-Processor Contract
  • Maintain Records and Keeping Records for Small Businesses
  • Cooperation with Supervisory Authorities
  • Keeping PII Secure
  • Data Breach Transparency
  • Role of the Data Processor
  • Controller-Processor Contract
  • Main Obligations of the Processor
  • Perform Only the Data Processing Defined by the Data Controller
  • Update the Data Controller
  • Sub-Process or Appointment
  • Keep PII Confidential
  • Maintaining Records
  • Cooperate with Supervisory Authorities
  • Security
  • Appoint a DPO – If Necessary
  • Transferring Data Outside the EU

Module 9: Role of the DPO

  • Role of a Data Protection Officer
  • Involvement of the DPO
  • Main Responsibilities of the DPO
  • Working Environment for the DPO
  • Must We Have A DPO?
  • Public Body
  • What does Large Scale mean?
  • Systematic Monitoring
  • Who Can Perform the Role of DPO?
  • Skills Required
  • Monitoring Compliance
  • Training and Awareness
  • Data Protection Impact Assessments (DPIAs)
  • Risk-Based Approach
  • Business Support for the DPO
  • DPO Independence
  • DPO – Conflict of Interest

Module 10: UK Implementation

  • Key Differences Between the Data Protection Act and the GDPR
  • Highlights from the Data Protection Bill
  • Definition of Controller
  • Health, Social Work, Education, and Child Abuse
  • Age of Consent
  • Exemptions for Freedom of Expression
  • Research and Statistics
  • Archiving in the Public Interest

Module 11: Key Features

  • Specific Permission
  • Privacy by Design
  • Data Portability
  • Right to be Forgotten
  • Definitive Consent
  • Information in Clear Readable Language
  • Limits on the Use of Profiling
  • Everyone Follows the Same Law
  • Adopting Techniques

Module 12:  Subject Access Requests and How to Deal with them?

  • Subject Access Requests (SAR)
  • Dealing with SAR
  • Recognise the Request
  • Understand the Time Limitations
  • Dealing with Fees and Excessive Requests
  • Identify, Search, and Gather the Requested Data
  • Learn about What Information to Withhold
  • Developing and Sending a Response

Show moredown

Who should attend this EU GDPR Foundation Course?

The Certified EU GDPR Foundation Course is designed to provide professionals with a fundamental understanding of the European Union's General Data Protection Regulation (GDPR). This GDPR Training Course can be beneficial to a variety of professionals, including:

  • Data Protection Officers
  • IT Security Analysts
  • HR Managers
  • IT Project Managers
  • Customer Relationship Managers (CRM)
  • Database Administrators
  • Data Privacy Lawyers

Prerequisites of the EU GDPR Foundation Course

There are no formal prerequisites for attending the Certified EU General Data Protection Regulation (EU GDPR) Foundation Training Course.

EU GDPR Foundation Course Overview

This course illuminates the General Data Protection Regulation, crucial legislation aiming to enhance and harmonize data protection for individuals within the EU and EEA. It underscores the importance of GDPR in the digital era, particularly for entities managing EU citizens' data, stressing compliance with strict privacy and data protection norms.

Professionals engaged in data processing, compliance, information security, and data protection are highlighted as primary beneficiaries of GDPR knowledge. They are pivotal in crafting and executing GDPR adherence strategies within organisations. A profound understanding of GDPR principles not only mitigates the risk of hefty penalties but also fortifies trust with clients and customers by ensuring their personal information is treated with respect and legality.

The Knowledge Academy’s 1-day training offers a thorough comprehension of GDPR, preparing participants to devise and oversee an effective compliance structure. This exhaustive course addresses the regulation’s fundamental principles, data subjects' rights, and data controllers' and processors' duties. Interactive sessions and practical instances enhance grasp of the subject matter, empowering attendees to apply GDPR concepts proficiently in their professional settings.

Course Objectives

  • To understand the key principles and legal framework of GDPR
  • To identify and manage personal data within their organisation effectively
  • To implement data protection policies and procedures in compliance with GDPR
  • To comprehend the rights of data subjects and how to uphold them
  • To recognise the role of Data Protection Officers (DPOs) and their responsibilities
  • To prepare for GDPR audits and assessments
  • To navigate GDPR's international implications
  • To develop strategies to minimise data breaches and ensure data security

After successfully finishing this GDPR Training Course, participants will acquire a strong grounding in GDPR, which will empower them to make well-informed choices regarding data protection compliance within their respective organisations. They will be adequately prepared to play a meaningful role in ensuring GDPR compliance, minimising data-related risks, and safeguarding individuals' privacy rights in accordance with EU regulations.

Show moredown

What’s included in this Certified EU General Data Protection Regulation (EU GDPR) Foundation Course?

  • Certified EU General Data Protection Regulation (EU GDPR) Foundation Examination
  • World-Class Training Sessions from Experienced Instructors
  • Certified EU General Data Protection Regulation (EU GDPR) Foundation Certificate
  • Digital Delegate Pack

Show moredown

EU GDPR Foundation Exam Information

To achieve the Certified EU General Data Protection Regulation (EU GDPR) Foundation, candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 45 
  • Total Marks: 45 Marks 
  • Pass Mark: 65%, or 29/45 Marks 
  • Duration: 60 Minutes 
  • Open Book/ Closed Book: Closed Book

Show moredown

Online Instructor-led (2 days)

Online Self-paced (16 hours)

Official EU General Data Protection Regulation (EU GDPR) Practitioner Exam

Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course Outline

Module 1: Data Subject Rights

  • Must I Always Obey a Right?
  • Rights and Third Parties
  • Requests Made on Behalf of Other Data Subjects
  • Guidelines for Children's Maturity
  • Responding to a Rights Request
  • What is a Month?
  • Rights Request Flow Chart
  • Right to be Informed
    • When Should Information Be Provided?
    • Best Practice Guidance
  • Right of Access
  • Right to Rectification
  • Right to Erasure
    • When can I Refuse to Comply with a Request for Erasure?
    • Erasing Children's Data
  • Right to Restrict Processing
    • When Processing Should be Restricted?
    • Protecting PII
    • Other Issues about Restricting Processing
  • Right to Data Portability
  • Right to Object
    • Complying with the Right to Object
    • Rejecting the Right to Object
    • Processing for Direct Marketing Purposes
    • Processing for Research Purposes
  • Rights Related to Automated Decision Making and Profiling
    • When does the Right not apply?

Module 2: Subject Access Requests

  • Provenance
  • Overview: SARs
  • SAR is an Activity, Not a Title
  • How can a SAR be Submitted?
  • What Information Should the Response to a SAR Contain?
  • Additional Information
  • Replying to a SAR
  • Confirming a Data Subject’s Identity
  • Scope
  • Electronic Records
  • Non-Electronic Records
  • SARs Involving 3rd Party PII
  • Fees
  • Refusing a Subject Access Request
  • Access Requests from Employees
  • Credit Reference Agencies
  • Best Practice for SARs

Module 3: Lawful Processing

  • Lawful Processing: A Reminder
  • User Rights Change Depending on the Justification
  • Lawfulness of Processing Conditions
  • Lawfulness for Special Categories of Data
  • UK ICO Tool
  • Consent
  • Key Points About Consent
  • Affirmative Action and Explicit Consent
  • Introduction of Affirmative Action
  • What is Not Affirmative Action?
  • Examples of Affirmative Action from the ICO
  • Introduction of Explicit Consent
  • Explicit Statement
  • Obtaining Explicit Consent
  • ICOs View of a Poor Form of Explicit Consent
  • Obtaining Consent for Scientific Research Purposes
  • Getting Consent
  • What Should Go into the Consent Request?
  • Consent Granularity
  • Right to Withdraw Consent
  • Children
  • Consent Records
  • ICOs Examples of Record Keeping
  • Key Points When Establishing Consent
  • Legitimate Interests
  • Getting the Balance Right
  • Consent or Legitimate Interest?
  • What Lawful Basis Can be Used for Processing Marketing PII?

Module 4: Third Country Data

  • Cross Border Transfers
  • Transfer Mechanisms
  • Derogations
  • Adequacy
  • Adequate Ways to Safeguard Transfers of PII
  • Consent
  • One-Off or Infrequent Transfers
  • Who is Responsible?
  • Transferring PII Between EEA Members
  • Adequate Countries Outside of the EEA
  • Binding Corporate Rules (BCR)
  • What a BCR Must Cover?
  • Authorisation for BCRs
  • EU-US Privacy Shield
  • Privacy Shield Overview
  • Privacy Shield: Mechanics
  • Model Clauses
  • Public Authority Agreements

Module 5: Introduction to Protecting Personal Data

  • Need to Secure
  • What is Appropriate?
  • Protecting PII – 3 Key Areas
  • Coverage
  • Defensive Design
  • Single Point of Failure (SPOF)
  • Incident Response
  • Data Breach Reporting Requirements
  • Incident Response Team

Module 6: Data Protection Impact Assessments (DPIA)

  • Introduction
  • What Triggers a Data Protection Impact Assessment?
  • Cases Where DPIA is Not Required
  • Benefits of DPIA
  • Processes to be Considered for a DPIA
  • Responsibilities
  • DPIA Decision Path
  • DPIA Content
  • How Do I Conduct A DPIA?
  • Signing Off the DPIA
  • Mitigating Risks Identified by the DPIA

Module 7: Need Want Drop

  • Overview
  • Need-Want-Drop: Concept Diagram
  • Need-Want-Drop: Categorising Data
  • Need/Want/Drop Methodology

Module 8: Dealing with Third Parties and Data in the Cloud

  • What is Cloud Computing?
  • Myths of Cloud
  • Cloud Challenges
  • Controller-Processor Contract
  • Checklist
  • Data Controller - Summary

Module 9: Practical Implications: GDPR

  • Brexit and its Impact on the GDPR
  • Adequacy
  • What does this Mean in Practice?
  • EU and UK Representatives
  • Exemption Rule
  • One-Stop Shop

Module 10: Legal Requirements of the GDPR

  • Lawful, Fair, and Transparent Processing
  • Limitation of Purpose, Data and Storage
  • Data Subject Rights
  • Consent
  • Personal Data Breaches
  • Privacy by Design
  • Data Protection Impact Assessment
  • Data Transfers
  • Data Protection Officer
  • Awareness and Training

Module 11: Privacy Principles in GDPR

  • Lawfulness, Fairness, and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

Module 12: Common Data Security Failures, Consequences, and Lessons to be Learnt

  • Common Data Security Failures
  • Consequences
    • Fines Relating to Data Breaches
    • Litigation from Customers Relating to Data Breaches
    • Directors, Officers, and Professional Advisors
    • Reputational Damage
  • Lesson Learned
    • Knowing When and How to Communicate with Affected Individuals is Not Easy
    • GDPR is Important, as are Other Legal Frameworks

Show moredown

Who should attend this Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course?

The Certified EU GDPR Practitioner Course goes a step beyond the foundational principles provided in the GDPR Foundation course. It is designed to give professionals a more detailed insight into the GDPR. This GDPR Training Course can be beneficial to a variety of professionals, including:

  • Data Protection Officers
  • IT Security Managers
  • Legal Counsel & Compliance Lawyers
  • Senior HR Managers
  • Risk and Compliance Managers
  • Chief Information Officers (CIOs)
  • Digital Marketing Directors
  • Database and System Administrators

Prerequisites of the Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course

There are no formal prerequisites required for the Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course.

Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course Overview

The EU General Data Protection Regulation (GDPR) represents a comprehensive set of laws that oversee the handling of personal data within the European Union. It is crucial to establish technical and organisational safeguards to safeguard data. Pursuing this GDPR Training equips individuals with the expertise and capabilities necessary to ensure that their organisations adhere to GDPR regulations. This GDPR Training also enables learners to grasp the significance of assessing GDPR compliance and making adjustments to maintain ongoing adherence. Undertaking this GDPR Training empowers individuals with the essential skills and methods to improve their professional prospects and ultimately boost their income as well.

The EU GDPR Practitioner Course is designed for individuals seeking a deeper and practical understanding of the General Data Protection Regulation (GDPR) within the European Union context. This advanced course delves into the intricacies of GDPR implementation, compliance strategies, and how to effectively manage data protection within an organisation. Participants learn to conduct Data Protection Impact Assessments (DPIAs), manage data breaches, and develop and maintain GDPR-compliant policies and procedures.

In this two-day EU GDPR Training for practitioners, participants will acquire an in-depth understanding of managing personal data within the European Union. Throughout the course, attendees will be equipped to stay current with evolving GDPR standards, adjusting policies and procedures as necessary. Furthermore, they will gain proficiency in GDPR and the competencies essential for ensuring adherence within their respective organisations. This EU GDPR Training will be led by our experienced and highly professional trainers, boasting years of teaching expertise.

Course Objectives:

  • To understand the rights of data subjects and how to handle their requests
  • To learn how to conduct a Data Protection Impact Assessment (DPIA)
  • To develop and implement effective data protection policies and procedures
  • To know the importance of continuous improvement in GDPR compliance
  • To gain knowledge of how to handle data subject requests and complaints
  • To provide a clear explanation of why and how you are processing AI

At the end of this GDPR Training Course, delegates will be able to develop and implement effective data protection policies. They will also be able to identify and assess the risks associated with the processing of personal data.

Show moredown

What’s included in this Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course?

  • Certified EU General Data Protection Regulation (EU GDPR) Practitioner Examination
  • World-Class Training Sessions from Experienced Instructors
  • Certified EU General Data Protection Regulation (EU GDPR) Practitioner Certificate
  • Digital Delegate Pack

Show moredown

EU GDPR Practitioner Exam Information

To achieve the Certified EU General Data Protection Regulation (EU GDPR) Practitioner, candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 30 
  • Total Marks: 30 Marks 
  • Pass Mark: 57%, or 17/30 Marks 
  • Duration: 90 Minutes
  • Open Book/ Closed Book: Closed Book

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

Certified Data Protection Officer Exam

Certified Data Protection Officer (CDPO) Course Outline

This CDPO Training Course will explore the following areas:

Module 1: Role of a Data Protection Officer

  • Must We Have a DPO?
  • Who Can Perform the Role of DPO?
  • Involvement of the DPO
  • Main Responsibilities of the DPO
  • Role of a DPO: What to Expect?
  • DPO’s Place in the Business
  • What does the DPO Really Do?
  • Characteristics of Adult Learners
  • Common Learning Styles
  • Designing Your Training Event
  • Top Tips for Trainers

Module 2: Security Context

  • Incident Response Plan Overview
  • Developing an Incident Response Plan
    • Preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Lessons Learned
  • Incidence Response: DPOs Role

Module 3: Performing a Personal Data Audit

  • Personal Data Audit Overview
  • TKA Data Protection and Compliance Audit
  • Sections of TKA Data Protection and Compliance Audit
    • Corporate Compliance and Privacy Awareness
    • Collecting and Handling PII
    • Record Retention
    • Security of Personal Data
    • Direct Marketing
    • Subject Access Requests
    • DPO
    • Incident Response
    • Contract(s)
    • Privacy by Design and Default/DPIAs
  • Road to Compliance (from GDPR Practitioner)
  • Privacy Notice Audit

Module 4: Performing a DPIA

  • Data Protection Impact Assessments
  • Is a DPIA Required?
  • DPIA Questionnaire
  • Performing DPIAs through the Lifecycle
  • Risk Assessment Method
  • Mitigating Risks Identified by the DPIA
  • Risk Assessment Activity
  • ICOs PIA – GDPR Compliant
  • Signing Off the DPIA

Show moredown

Who should attend this Certified Data Protection Officer (CDPO) Course?

The Certified Data Protection Officer (CDPO) Course is designed to equip professionals with the knowledge and skills required to perform the role of a Data Protection Officer (DPO) effectively, as mandated by the EU's GDPR. This GDPR Training Course can be beneficial for a wide range of professionals, including:

  • Information Security Consultants
  • Data Protection Officers
  • Compliance Managers
  • Privacy Officers
  • Legal Professionals
  • Risk Managers
  • Security Specialists

Prerequisites of the Certified Data Protection Officer (CDPO) Course

There are no formal prerequisites for attending the Certified Data Protection Officer (CDPO) Training Course.

Certified Data Protection Officer (CDPO) Course Overview

A Certified Data Protection Officer (DPO) is a pivotal role within organisations, responsible for overseeing and ensuring compliance with data protection laws and regulations. As data privacy concerns escalate globally, having a designated DPO becomes imperative. This professional is well-versed in privacy laws, including the General Data Protection Regulation (GDPR), and acts as a point of contact between the organisation, data subjects, and regulatory authorities.

The Certified Data Protection Officer (CDPO) Course offered by The Knowledge Academy is a comprehensive GDPR Training Course  designed to equip professionals with the knowledge and skills required to effectively manage data protection and privacy within organisations. Safeguarding sensitive information is paramount, and this course provides in-depth insights into the principles, regulations, and best practices governing data protection. Participants will gain a profound understanding of GDPR and other global data protection laws, risk assessment methodologies, and the implementation of robust data protection policies. Practical exercises and real-world case studies ensure that learners can apply their knowledge effectively, making this course a valuable asset for anyone responsible for data protection in their organisation.

This intensive 1-day CDPOTraining Course offers a comprehensive learning experience that covers the core concepts and practical aspects of data protection and privacy management.

Course Objectives:

  • To understand the fundamentals of data protection and privacy regulations
  • To effectively manage data protection compliance within their organisation
  • To conduct risk assessments and impact assessments
  • To develop and implement data protection policies and procedures
  • To navigate GDPR and other relevant data protection laws
  • To handle data breaches and incidents professionally
  • To establish a culture of data protection awareness

At the end of this GDPR Training Course,  individuals will possess the necessary skills to take on the position of a Certified Data Protection Officer. Their primary responsibilities will include ensuring their organisation's adherence to data protection laws, reducing potential risks, and protecting confidential data. Obtaining this certification can greatly advance one's career prospects while also making a valuable contribution to the organisation's efforts in data security and privacy.

Show moredown

What’s included in this Certified Data Protection Officer (CDPO) Course?

  • Certified Data Protection Officer (CDPO) Examination
  • World-Class Training Sessions from Experienced Instructors
  • Certified Data Protection Officer (CDPO) Certificate
  • Digital Delegate Pack

Show moredown

Certified Data Protection Officer (CDPO) Training Exam Information

To achieve the Certified Data Protection Officer (CDPO), candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 40 
  • Total Marks: 40 Marks 
  • Pass Mark: 65%, or 26/40 Marks 
  • Duration: 60 Minutes
  • Open Book/ Closed Book: Closed Book

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

EU General Data Protection Regulation Awareness Course Outline

Module 1: Introduction to the GDPR

  • What is the GDPR?

Module 2: Key GDPR Terminology

  • Key GDPR Terminology
    • Personal Data
    • Data Controller
    • Data Processor
    • Data Subject
    • Consent
    • Right to Access
    • Right to Rectification
    • Right to Erasure
    • Right to Data Portability
    • Data Protection Officer (DPO)
    • Privacy by Design
    • Data Breach
    • Supervisory Authority

Module 3: GDPR’s Structure - the Articles and Recitals

  • Introduction
  • GDPR's Structure According to UK Law

Module 4: Differences between the Data Protection Act and the EU GDPR

  • Introduction
  • Data Protection Act Vs the EU GDPR
    • Geographic Reach and Scope
    • Definition of Personal Data
    • Consent Policies
    • Data Breach Policies
    • Accountability
    • Data Protection Governance
    • Penalties and Compensation

Module 5: Principles of the GDPR

  • Overview
  • Principles of the GDPR
    • Lawfulness, Fairness and Transparency
    • Purpose Limitation
    • Data Minimisation
    • Accuracy
    • Storage Limitation
    • Integrity and Confidentiality
    • Accountability

Module 6: Key Roles and Features of the GDPR

  • Introduction
  • Some Key Roles and Features of the GDPR
    • Data Controller
    • Data Processor
    • Personal Data
    • Data Subject
    • Consent
    • Data Protection Officer (DPO)
    • Data Breach Notification

Module 7: The Rights of Data Subjects

  • Overview
  • Fundamental Rights of Data Subjects under GDPR

Module 8: Subject Access Requests and How to Deal with Them

  • Subject Access Requests and How to Deal with Them
  • Steps that Can Take to Deal with a Subject Access Request
    • Confirm the Identity of the Requester
    • Acknowledge the Request
    • Collect the Necessary Information
    • Review the Data
    • Respond to the Requester
    • Monitor Compliance

Module 9: Complying with the EU GDPR

  • Introduction of Complying with the EU GDPR

Module 10: Data Protection Impact Assessments (DPIA)

  • Introduction
  • DPIA is in Specific Need

Module 11: Breach Reporting and Responses

  • Breach Reporting
  • Operational Responses to GDPR
    • Data Inventory and Mapping
    • Establishing Lawful Basis for Processing
    • Building and Maintaining a Data Governance System
    • Transparency and Privacy Notices
    • Data Breach Response

Show moredown

Who should attend this EU General Data Protection Regulation (EU GDPR) Awareness Course?

The EU GDPR Awareness Course is designed to provide a high-level introduction to the fundamental concepts and principles of the EU's GDPR. This online GDPR Awareness Training Course is beneficial for a wide array of professionals, including:

  • Data Protection Officers
  • Compliance Officers
  • Privacy Officers
  • Legal Professionals
  • IT Professionals
  • Business Owners and Executives
  • HR Managers

Prerequisites of the EU General Data Protection Regulation (EU GDPR) Awareness Course

There are no formal prerequisites to attend the EU General Data Protection Regulation (EU GDPR) Awareness Course.

EU General Data Protection Regulation Awareness Course Overview

The EU General Data Protection Regulation (GDPR) has brought about substantial changes in the realm of data protection and privacy. The Knowledge Academy offers an all-encompassing GDPR Training Course that imparts a foundational comprehension of GDPR and its impact on global organisations. 

Attendees will explore the fundamental principles, legal obligations, and strategies for adhering to GDPR, equipping them to proficiently navigate this intricate regulatory landscape. With the aid of real-world illustrations and hands-on insights, delegates will acquire the expertise necessary to protect sensitive data, mitigate risks, and uphold GDPR compliance within their respective organisations.

This one-day GDPR Awareness Course provides an introduction to GDPR terminology and its significance. Delegates will grasp the importance of GDPR compliance to protect personal data and avoid substantial fines. This course also helps individuals understand their role in maintaining compliance.

Course Objectives

  • To understand the key principles and objectives of GDPR
  • To identify the roles and responsibilities of data controllers and processors
  • To comprehend the legal requirements for data processing and consent
  • To evaluate the impact of GDPR on global organisation
  • To implement data protection policies and procedures effectively
  • To manage data breaches and reporting requirements
  • To develop strategies for GDPR compliance and risk mitigation
  • enhance their organisation's data privacy practices to meet GDPR standards

After successfully finishing this GDPR Training Course, delegates will possess a strong groundwork in GDPR Awareness, empowering them to make valuable contributions to their organisations' data protection efforts. This will involve ensuring GDPR compliance and reducing the likelihood of data breaches and non-compliance-related risks.

Show moredown

What’s included in this GDPR Awareness Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • GDPR Awareness Certificate
  • Digital Delegate Pack

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

Dealing with Subject Access Requests (SAR) Course Outline

The topics covered in this GDPR Training Course  include:

Module 1: Introduction

  • Data Subject Access Request
  • GDPR
  • 8 Rights of Data Subjects

Module 2: Recognising Subject Access Requests

  • What is a SAR?
  • SAR Parameters
  • SAR Formats
  • Requests on Behalf of Others
  • Verifying Identity
  • Requests on Behalf of Children
  • Recording SARs

Module 3: Responding to Subject Access Requests

  • What Information is Needed?
  • How Should we Provide it?
  • Fees
  • Timeframes

Module 4: Extenuating Circumstances

  • Extending the Response Time
  • Refusing to Comply
  • Special Category Data

Module 5: Further Considerations

  • Fines
  • Changes from the Data Protection Act (1998)
  • The Role of the Supervisory Authority

Show moredown

Who should attend this Dealing with Subject Access Requests (SAR) Course?

This Dealing with Subject Access Requests (SAR) Course is ideal for professionals and individuals within organisations who handle personal data and are tasked with managing compliance with data protection regulations, particularly the General Data Protection Regulation (GDPR). This GDPR Training Course is particularly beneficial for the following professionals:

  • Data Protection Officers (DPOs)
  • Compliance & Risk Officers
  • Legal Professionals & Corporate Lawyers
  • HR Professionals
  • IT Managers and Data Managers
  • Customer Support & Service Managers
  • Information Officers
  • Privacy Officers

Prerequisites of the Dealing with Subject Access Requests (SAR) Course

There are no formal prerequisites for attending the Dealing with Subject Access Requests (SAR) Course.

Dealing with Subject Access Requests (SAR)​ Course Overview

Dealing with Subject Access Requests (SAR) is a crucial aspect of data protection and privacy compliance. SARs grant individuals the right to access their personal data held by organisations, making it essential for businesses to have a clear and efficient process in place for responding to these requests. Understanding how to navigate SARs is fundamental for organisations aiming to uphold data subject rights and comply with data protection regulations, such as the General Data Protection Regulation (GDPR).

The Dealing with Subject Access Requests (SAR) Course is designed to provide participants with a thorough understanding and practical expertise in managing Subject Access Requests, ensuring compliance with data protection regulations, notably GDPR. This explores the intricacies of SAR procedures, encompassing legal obligations, recommended approaches, and practical examples from real-world scenarios. Delegates will develop a deep comprehension of data privacy principles, effective SAR management, and strategies to minimise risks related to data breaches. The GDPR Training Course incorporates hands-on activities and interactive sessions, preparing learners to confidently navigate the intricate terrain of SARs.

This intensive one-day GDPR Training Course,  led by our seasoned and well-informed instructors, aims to provide participants with a thorough, systematic grasp of the procedures for addressing Subject Access Requests in compliance with the recent General Data Protection Regulation (GDPR) legislation, which became effective on May 25th, 2018.

Course Objectives:

  • To understand the legal framework and key principles governing Subject Access Requests
  • To explore the GDPR and other relevant data protection regulations
  • To learn best practices for identifying, processing, and responding to SARs
  • To develop strategies to ensure compliance and minimise data privacy risks
  • To analyse real-world SAR case studies to gain practical insights
  • To acquire proficiency in data mapping and documentation
  • To build effective communication skills for interacting with data subjects
  • To prepare for potential audit and regulatory assessments

A the end of this GDPR Training Course,  delegates will have the knowledge and confidence to effectively handle SARs while adhering to data protection regulations. They will have the capability to promptly recognise, handle, and address SARs, thereby decreasing potential data breach risks for the organisation and improving overall data privacy procedures.

Show moredown

What’s included in this Dealing with Subject Access Requests (SAR) Course?

  • World-Class Training Sessions from Experienced Instructors
  • Dealing with Subject Access Requests (SAR) Certificate
  • Digital Delegate Pack

Show moredown

Online Instructor-led (2 days)

Online Self-paced (16 hours)

Dealing with Subject Access Requests (SAR) - An Executive Briefing Course Outline

Module 1: Recognising SARs

  • Defining Data Subjects
  • Rights of Data Subjects
  • What is a SAR?
  • Purpose of SAR
  • Complying with an SAR
  • SAR Parameters

Module 2: Recording SARs

  • SAR Formats
    • Steps to Make SAR
  • Verifying Identity
    • How to Verify the Identity?
  • Requests on Behalf of Others

Module 3: Responding to SARs

  • What Information is Needed?
  • How Should We Provide It?
  • Fees
  • Timeframes
  • Extending the Response Time

Module 4: Refusing SARs

  • Special Category Data
    • Information for Special Category Data
  • Unfounded or Excessive Requests
    • Excessive Requests
    • Refuse to Comply with a Request
  • Fines

Show moredown

Who should attend this Dealing with Subject Access Requests (SAR) - An Executive Briefing Course?

The Dealing with Subject Access Requests (SAR) - An Executive Briefing Course is designed to enlighten attendees about the procedures and legal obligations concerning Subject Access Requests under data protection laws This GDPR Training Course can be beneficial for a variety of professionals, including:

  • C-Level Executives and Business Leaders
  • Chief Privacy Officers (CPOs)
  • Risk Managers
  • Data Protection Officers (DPOs)
  • Compliance Officers
  • Information Security Officers
  • HR Directors
  • IT Leaders

Prerequisites of the Dealing with Subject Access Requests (SAR) - An Executive Briefing Course

There are no formal prerequisites for attending the Dealing with Subject Access Requests (SAR) - An Executive Briefing Course.

Dealing with Subject Access Requests (SAR) - An Executive Briefing Course Overview

Dealing with Subject Access Requests (SARs) is a critical aspect of privacy management for organisations. SARs allow individuals to access their personal data held by an entity, reflecting the principles of transparency and data subject rights. Handling SARs effectively involves a structured process, from acknowledging the request, validating the requester's identity, locating and extracting the relevant data, to providing a clear and comprehensive response within the legal timelines.

The Dealing with Subject Access Requests (SAR) Course offered by The Knowledge Academy is a comprehensive method designed to equip professionals with the knowledge and skills necessary to effectively handle SARs in compliance with data protection regulations. In an era of increasing data privacy concerns, understanding how to manage SARs is crucial for organisations to protect sensitive information and uphold legal requirements.

This 2-day GDPR Training Course, provides a thorough exploration of SARs. Delegates will engage in interactive sessions, case studies, and practical exercises, ensuring a well-rounded understanding of SAR processes and strategies for timely responses. They will have the confidence and competence to manage SARs effectively, guaranteeing that organisations fulfill their legal responsibilities, safeguard sensitive data, and uphold a solid reputation for data privacy.

Course Objectives:

  • To understand the legal framework surrounding SARs
  • To identify key components of SAR requests
  • To establish efficient SAR management processes
  • To navigate the challenges of SAR compliance
  • To minimise data protection risks
  • To maintain data security during SAR handling
  • To develop effective communication strategies
  • To ensure timely and compliant SAR responses

After successfully finishing this GDPR Training Course, attendees will emerge as skilled SAR professionals, adept at maneuvering through the intricate realm of data protection laws.

Show moredown

What’s included in this Dealing with Subject Access Requests (SAR) - An Executive Briefing Course?

  • World-Class Training Sessions from Experienced Instructors
  • Dealing with Subject Access Requests (SAR) - An Executive Briefing Certificate
  • Digital Delegate Pack

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

Data Protection Act (DPA 2018) Course Outline

Module 1: Six Data Protection Principles

  • Introducing Data Protection
  • Six Data Protection Principles

Module 2: DPA’s Alignment with GDPR

  • What are the Penalties?
  • What can We Get an Administrative Fine for?
  • What Influences the Size of an Administrative Fine?
  • Staff Member Responsibilities
  • Personal Information
  • Sensitive Data

Module 3: Conditions for Sensitive Processing

  • Judicial and Statutory Purposes
  • Safeguarding of children and individuals at risk
  • Individual’s vital interests
  • Archiving
  • Preventing Fraud

Module 4: Safeguards for Sensitive Processing

  • Information Commissioner's Office (ICO)
  • Law Enforcement

Module 5: Individual Rights Under the DPA 2018

  • Right to Be Informed
    • Right to Be Informed: When Should Information Be Provided?
    • Best Practice Guidance: Selling/Sharing PII
    • Best Practice Guidance: Purchasing PII
    • Best Practice Guidance: Publicly Derived PII
    • Best Practice Guidance: Artificial Intelligence (AI)
  • Right of Access
  • Right to Rectification
  • Right to Erasure (The Right to Be Forgotten)
    • When Can I Refuse to Comply with a Request for Erasure?
    • Erasing Children's Data
  • Right to Restrict Processing
    • When Processing Should be Restricted
    • Other Issues about Restricting Processing
  • Right to Data Portability
  • Right to Object
    • Complying with the Right to Object
    • Rejecting the Right to Object
    • Right to Object: Processing for Direct Marketing Purposes
    • Right to Object: Processing for Research Purposes
    • Rights Related to Automated Decision Making and Profiling (1)
    • Rights Related to Automated Decision Making and Profiling (2)
    • Rights Related to Automated Decision Making and Profiling (3)
    • When does the Right not apply?

Module 6: Documenting and Logging Data

  • Documenting and Logging Data
  • What Must Be Recorded?
  • Maintaining Records

Module 7: Categorising Individuals and Retaining Personal Data

  • What is Personal Information?
  • Who Has PII?
  • Who Processes PII?
  • Demonstrating Compliance
  • Protecting PII

Module 8: Appointing a Data Protection Officer

  • Role of a Data Protection Officer
  • Involvement of the DPO
  • Main Responsibilities of the DPO
  • Working Environment for the DPO
  • Must We Have a DPO?

Module 9: Reporting and Responding to Data Breaches

  • Overview: Incident Response Plan
  • Developing an Incident Response Plan
  • Preparation
  • Identification
  • Containment
  • Eradication
  • 5 Whys
  • How to Complete The 5 Whys
  • Fishbone Diagram
  • Recovery
  • Lessons Learned
  • Incidence Response: DPOs role

Module 10: International Data Transfers and Relevant Authorities

  • External Transfers
  • Cross Border Transfers
  • Transfer Mechanisms
  • Derogations
  • Adequacy
  • Adequate Ways to Safeguard Transfers of PII
  • One-Off or Infrequent Transfers
  • Transferring PII Between EEA Members
  • Adequate Countries Outside of the EEA
  • EU-US Privacy Shield
  • Privacy Shield Overview
  • Privacy Shield: Mechanics
  • Model Clauses
  • Public Authority Agreements

Show moredown

Who should attend this Data Protection Act Training (DPA 2018) Course? 

The Data Protection Act Training (DPA 2018) Course aims to provide professionals with an in-depth understanding of the DPA 2018 Act, its key provisions, and how it interacts with the GDPR. This GDPR Training Course can be beneficial to a wide range of  professionals, including:

  • Data Protection Officers
  • Data Privacy Lawyers
  • IT Security Professionals
  • Compliance Officers
  • HR Managers
  • Privacy Consultants
  • Marketing & Sales Professionals

Prerequisites of the Data Protection Act Training (DPA 2018) Course

There are no formal prerequisites for attending the Data Protection Act Training (DPA 2018) Course.

Data Protection Act (DPA 2018) Course Overview

The Data Protection Act 2018 (DPA 2018) is a critical piece of legislation in the United Kingdom, enhancing data privacy and governing the processing of personal information. Enacted to align with the principles set forth in the General Data Protection Regulation (GDPR), the DPA 2018 provides a comprehensive framework for the lawful and fair handling of individuals' data. It sets out the rights of data subjects, the responsibilities of data controllers and processors, and the mechanisms for obtaining and managing consent.

The Data Protection Act 2018 (DPA 2018) Course under GDPR Training offers a comprehensive understanding of UK data protection principles and regulations. Focusing on the legal framework under DPA 2018, it equips participants with the skills to navigate data protection compliance. Learners will grasp data subject rights, processing obligations, and the ICO's role. Practical exercises and real-world case studies enable effective knowledge application in professional roles, making this course invaluable for upholding data privacy standards.

This intensive 1-day GDPR Training Course, centred on Law Enforcement Processing in accordance with the Data Protection Act of 2018, encompasses the essential aspects of Part 3 of the Act. Its primary goal is to educate participants on how to showcase comprehensive adherence within their respective organisations. The GDPR Training Course aims to furnish delegates with a thorough theoretical understanding of the Act, enabling them to apply its provisions in a practical context.

Course Objectives:

  • To understand the key principles of data protection under DPA 2018
  • To navigate the legal framework governing data processing and compliance
  • To identify and manage data subject rights and requests
  • To develop strategies for data protection impact assessments (DPIAs)
  • To comprehend international data transfers and GDPR alignment
  • To learn how to handle data breaches effectively

After successfully finishing The Knowledge Academy's Data Protection Act 2018 Training Course, individuals will emerge as knowledgeable and proficient experts in data protection. With a deep comprehension of DPA 2018 regulations, they will be fully prepared to guarantee data compliance within their organisations, protect the rights of data subjects, and efficiently reduce data-related risks.

Show moredown

What’s included in this Data Protection Act Training (DPA 2018) Course?

  • World-Class Training Sessions from Experienced Instructors
  • Data Protection Act (DPA 2018) Certificate
  • Digital Delegate Pack

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

Personal Data Protection Bill Training​ Course Outline

Module 1: Introduction to the Personal Data Protection Bill

  • Overview of the Bill and its Significance
  • Key Objectives of the Bill
  • Understanding the Scope and Application

Module 2: Categories of Personal Data

  • Types of Personal Data
  • Significance of Sensitive Personal Data
  • Data Classification According to the Bill

Module 3: Roles and Responsibilities

  • Role of the Data Fiduciary
  • Role of the Data Processor
  • Role of the Data Principal

Module 4: Data Processing Principles

  • Conditions for Lawful Data Processing
  • Transparency and Accountability Measures
  • Purpose and Data Minimisation

Module 5: Consent Mechanisms

  • Importance of Informed Consent
  • Procedures for Obtaining and Revoking Consent
  • Special Provisions for Minors

Module 6: Data Storage and Localisation

  • Storage Limitations and Data Retention Policies
  • Cross-Border Data Transfer Regulations
  • Localisation Requirements under the Bill

Module 7: Data Security Measures

  • Security Standards and Encryption Requirements
  • Process for Reporting and Handling Data Breaches
  • Organisational Measures for Data Protection

Module 8: Rights of Data Principals

  • Right to Data Access and Correction
  • Right to Data Portability
  • Right to be Forgotten and Deletion of Data

Module 9: Regulatory Compliance and Penalties

  • Enforcement Bodies and their Jurisdiction
  • Penalties and Remedies for Non-Compliance
  • Compliance Auditing

Show moredown

Who should attend this Personal Data Protection Bill Training Course?  

The Personal Data Protection Bill Training Course is suitable for a diverse range of individuals and professionals who handle personal data and are keen on understanding the intricacies of data protection in accordance with the upcoming legislation. This GDPR Training Course can be beneficial for a variety of  professionals, including:

  • Business Owners and Managers 
  • Legal Professionals 
  • Data Protection Officers 
  • IT and Security Personnel 
  • Human Resources Personnel 
  • Marketing and Sales Professionals 
  • Data Analysts and Researchers 

Prerequisites of the Personal Data Protection Bill Training Course

There are no formal prerequisites for attending this Personal Data Protection Bill Training Course.

Personal Data Protection Bill Training Course Overview

The Personal Data Protection Bill is a significant legislative proposal aimed at fortifying data privacy and protection in the digital realm. As a crucial initiative, the bill seeks to govern the collection, storage, processing, and transfer of personal data by both government and private entities within a nation. It endeavors to establish clear guidelines and legal mechanisms to ensure that individuals have control over their personal information and that organisations handle data responsibly and ethically.

This Personal Data Protection Bill Training Course equips individuals and organisations with essential knowledge and practical skills for navigating data protection in the digital age. This GDPR Training Course explores the intricacies of the Personal Data Protection Bill, helping delegates grasp its implications, compliance requirements, and effective personal data safeguarding strategies. Through expert-led lectures in this GDPR Training Courseparticipants gain a deep understanding of data protection principles, privacy regulations, and best practices for securing personal data.This intensive 1-day GDPR Training Course covers essential concepts for delegates to become well acquainted with the Personal Data Protection Bill. In this GDPR Training, they'll learn about processing personal data, especially children's sensitive personal data, data fiduciary accountability, reporting personal data breaches, authority powers, right to legal representation, grievance redressal by data fiduciary, and more.

Course Objectives:

  • To comprehend the legal foundations and principles outlined in the Personal Data Protection Bill
  • To delve into the core data protection principles embedded in the bill, such as consent, purpose limitation, etc
  • To gain insights into the rights of individuals and corresponding obligations of data handlers and organisations
  • To learn about the compliance obligations stipulated by the bill, including data localisation, cross-border data transfers, etc
  • To understand how the Personal Data Protection Bill impacts different sectors and industries

After completing this GDPR Training, delegates will have the capability to categorise data fiduciaries, including significant ones, and effectively manage record-keeping.

Show moredown

What’s included in this Personal Data Protection Bill Training Course?

  • World-Class Training Sessions from Experienced Instructors    
  • Personal Data Protection Bill Certificate 
  • Digital Delegate Pack

Show moredown

Online Instructor-led (1 days)

Online Self-paced (8 hours)

Data Privacy Awareness Course Outline

Module 1: Introduction to Data Privacy

  • What is Data Privacy?
    • Physical Privacy
    • Social Privacy Norms
    • Privacy in a Technology-Driven Society
  • Doctrine of Information Privacy
    • Information Sharing Empowers the Recipient
    • Monetary Value of Individual Privacy
    • Model Data Economy
  • Notice and Choice Versus Privacy as Trust
  • Enforcement of Notice and Choice Privacy Laws
    • Broken Trust and FTC Enforcement
    • Notice and Choice Model Falls Short
  • Privacy as Trust: An Alternative Model
  • Additional Challenges in the Era of Big Data and Social Robots
    • What is a Social Robot?
    • Trust and Privacy
    • Legal Framework for Governing Social Robots
    • General Data Protection Regulation (GDPR)

Module 2: GDPR's Scope of Application

  • When Does GDPR Apply?
    • Processing of Data
    • Personal Data
    • Exempted Activities under GDPR
  • Key Players under GDPR
  • Territorial Scope of GDPR
  • Operation of Public International Law

Module 3: Technical and Organisational Requirements under GDPR

  • Accountability
  • Data Controller
  • Technical and Organisational Measures
  • Duty to Maintain Records of Processing Activities
  • Data Protection Impact Assessments
  • Data Protection Officer
  • Data Protection by Design and Default
  • Data Security During Processing
  • Personal Data Breaches
  • Codes of Conduct and Certifications
  • Data Processor

Module 4: Material Requisites for Processing under GDPR

  • Central Principles of Processing
  • Legal Grounds for Data Processing
  • International Data Transfers
  • Intragroup Processing Privileges
  • Cooperation Obligation on EU Bodies
  • Foreign Law in Conflict with GDPR

Module 5: Data Subjects Rights

  • Controller's Duty of Transparency
  • Digital Miranda Rights
  • Right of Access
  • Right of Rectification
  • Right of Erasure
  • Right of Restriction
  • Right to Data Portability
  • Rights to Automated Decision Making
  • Restrictions on Data Subject Rights

Module 6: GDPR Enforcement

  • In-House Mechanisms
  • Data Subject Representation
  • Supervisory Authorities
  • Judicial Remedies
  • Alternate Dispute Resolution

Module 7: Remedies

  • Allocating Liability
  • Compensation
  • Administrative Fines
  • Processing Injunctions
  • Specific Performance

Module 8: Creating a GDPR Compliance Department

  • Steps to Create a GDPR Compliance Department

Show moredown

Who should attend this Data Privacy Awareness Course?

The Data Privacy Awareness Course is tailored for professionals across industries who handle personal data or have a vested interest in data protection and privacy. This GDPR Training Course is particularly beneficial for the individuals who are aiming for a better understanding of data privacy regulations and best practices, including:

  • Data Protection Officers
  • Privacy Compliance Managers
  • Legal and Compliance Experts
  • Human Resources Personnel
  • Cybersecurity Analysts
  • Marketing Managers
  • CRM Managers

Prerequisites of the Data Privacy Awareness Course

There are no formal prerequisites for attending the Data Privacy Awareness Course. However, a basic knowledge of data handling practices can be beneficial more from the course.

 

Data Privacy Awareness Course Overview

Data privacy, a subset of data security, focuses on the careful management of data, including aspects like notification, consent, and regulatory compliance. It is essential for individuals to have a strong awareness of data privacy to make informed choices regarding data sharing and to mitigate potential disruptions in their work.

Businesses often adopt data protection measures to foster trust and loyalty among customers concerning their private information, thereby enhancing their Return on Investment (ROI). The demand for robust data privacy practices is increasing rapidly due to the ever-expanding volume of data generated and stored daily. Professionals possessing data privacy skills are in high demand, especially among multinational corporations.

Our 1-day GDPR Training Course imparts comprehensive knowledge of data privacy. Delegates will learn the legal framework governing social robots, GDPR territorial scope, and handling personal data breaches from this GDPR Training Course. They'll grasp data processing legal grounds, data subject rights, supervisory authorities, liability allocation, and establishing a GDPR compliance department. Our experienced professional trainers ensure a complete understanding of this GDPR Training Course. 

Course Objectives:

  • To gain a comprehensive understanding of the key concepts and significance of data privacy
  • To learn about relevant data protection laws, regulations, and frameworks
  • To understand the roles and responsibilities of individuals and organisations in preserving data privacy
  • To acquire the knowledge about the best practices for collecting and sharing personal data while maintaining confidentiality
  • To develop the skills to respond to data privacy incidents, including reporting procedures

After completing this GDPR Training Course, participants will have the skills to efficiently establish a GDPR-compliant department and safeguard data during processing using security measures.

 

Show moredown

What’s included in this Data Privacy Awareness Course?

  • World-Class Training Sessions from Experienced Instructors
  • Data Privacy Awareness Certificate
  • Digital Delegate Pack

Show moredown

Not sure which course to choose?

Speak to a training expert for advice if you are unsure of what course is right for you. Give us a call on + 1-866 272 8822 or Enquire.

Package deals for GDPR Training

Our training experts have compiled a range of course packages on a variety of categories in GDPR Training, to boost your career. The packages consist of the best possible qualifications with GDPR Training, and allows you to purchase multiple courses at a discounted rate.

Swipe for more. Don’t miss out!

GDPR Training FAQs

GDPR stands for General Data Protection Regulation. The European Union (EU) passed the GDPR rule in May 2018 to bolster and standardise data protection for all EU citizens. The export of personal data outside the EU is also covered.
The six principles of the General Data Protection Regulation (GDPR) are lawfulness, fairness, and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality. These principles form the core guidelines for processing personal data in the European Union.
The benefits of GDPR Certifications include legal compliance to avoid fines, enhanced data protection, open doors to new career opportunities and effective risk mitigation.
This training comes with training sessions from experienced trainers, a digital delegate pack, and a certificate upon completion of the course.
Anyone involved in processing the personal data of persons inside the European Union, including company owners, data protection officials, and staff members in charge of managing data, should take these GDPR Courses.
Yes, all GDPR Training Courses have exams that shall be taken on the final day of the relevant course. The GDPR Awareness Course does not have any exams as it is purely an information-based course.
There are no prerequisites for the GDPR Foundation and Awareness Courses. Completion of the GDPR Foundation Course fulfils the prerequisites for the GDPR Practitioner Course.
Yes, The Knowledge Academy provides self-paced training sessions, alongside online instructor-led sessions, on-site training, and classroom training sessions for all courses, including our GDPR Training Courses.
Yes, we offer tailored corporate training courses that can be customised to meet the specific needs of an organisation and its employees.
After completing this GDPR Course you will receive a certificate of completion from us, either electronically or by mail, which confirms that you have successfully completed the course.
The Essentials of Data Protection (GDPR) Certificate is valid for three years. After this period, it's advisable to renew or update the certification to ensure continued compliance with the latest GDPR regulations and best practices in data protection.
Our GDPR Courses are structured to be accessible to learners with a basic understanding of data protection concepts and laws.
Yes, we offer support for our courses, including GDPR Training Courses. We provide a Q&A section on each course page where learners can ask questions related to the course, and the instructor or other learners can respond.
These GDPR Courses can span from 1-4 days. Delegates engage in intensive learning sessions, covering various aspects of this course.
Pursuing GDPR Courses can be worthwhile for individuals and organisations that process the personal data of individuals within the European Union. It can provide a better understanding of GDPR requirements, help ensure compliance, and minimise the risk of data breaches and potential fines.
After completing this training, you can work as a Data Protection Officer, Privacy Consultant, or Compliance Manager, helping organisations follow GDPR and protect data.
Any organisation or business that handles the personal data of persons inside the European Union (EU) is accountable for complying with the General Data Protection Regulation (GDPR). Learn more about GDPR and GDPR compliance with our wide range of GDPR Courses.
The eight rights under GDPR include the right to access, the right to be forgotten, the right to data portability, the right to rectification, the right to restriction processing, the right to object, the right to be informed, and the right against automated decision-making.
The 10 key requirements of GDPR include having a lawful basis for processing, obtaining consent, implementing data protection by design and default, conducting Data Protection Impact Assessments (DPIAs), notifying breaches within 72 hours, appointing Data Protection Officers (DPOs), respecting individual rights, demonstrating compliance, ensuring protection during international data transfers, and facing significant penalties for non-compliance.
Organisations can face heavy fines up to 4% of annual global turnover or €20 million (whichever is greater), audits, and reputational damage.
Processing personal data without explicit consent or legitimate purpose, ignoring individuals' rights over their data, and transferring data to non-compliant international organisations without adequate safeguards are some of the procedures not allowed under GDPR.
GDPR Training is not mandated by law, but it is highly recommended for organisations to ensure compliance and protect personal data effectively.
These GDPR Certification Courses ensure an understanding of data protection regulations, help achieve compliance, and mitigate the risk of data breaches and hefty fines.
There are no specific qualifications required to register for GDPR Training Certification, although a basic understanding of data protection principles is beneficial.
The Praxis Framework benefits this training by providing a structured approach to managing GDPR projects, integrating best practices, and enhancing project delivery and compliance.
GDPR Courses for employees focus on practical data protection practices and compliance, while managers' training includes strategic implementation, policy development, and overseeing organisational compliance.
Please see our GDPR Training courses available in Puerto Rico
The Knowledge Academy is the Leading global training provider for GDPR Training.
The training fees for GDPR Training in Puerto Rico starts from $2895.
Show more down

Why we're the go to training provider for you

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Trusted & Approved

We are accredited by PeopleCert on behalf of AXELOS

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo

Looking for more information on GDPR Training

cross

OUR BIGGEST SPRING SALE!

Special Discounts

red-starWHO WILL BE FUNDING THE COURSE?

close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.