This course aims to describe and explain how an organisation can practically implement the provisions of the Regulation (EU) 2016/679, also known as the GDPR Regulation, during the processing of personal data activities. It aims to explain with examples about the necessary documents that an organisation should have in place and briefly describes a number of security measures for the protection of personal data that an organisation can implement. It also aims to explain the role of the Data Protection Officer (DPO) and how the DPO involves in an organisation.
This course describes the provisions of the Regulation EU 2016/679 and explains the processes that an organisation may apply in order to comply with these provisions. It describes different applications of key aspects e.g. the Record of Processing Activity, the Data Impact Assessment and analyses a number of technical and organisational security measures that an organization shall implement for the safety of the processing activities. It also describes a number of documents that an organization must have in place, like the “Privacy Notice” and “Cookies Policy” and a number of documents that an organisation is recommended to have in place in order to respond to data subjects’ rights. In addition, this course provides a detailed explanation about the Data Protection Officer.
The course is split into the following sections:
Section 1: The GDPR Legislation in Summary and start with a Data Flow Map
- A brief summary about the Regulation (EU) 2016/679 (GDPR Regulation)
- When the GDPR Regulation applies
- What a Data Flow Map is
- How a Data Flow Map helps an organisation
- How to develop a Data Flow Map
Section 2: How and Why a Record of Processing Activities shall be developed and the process to conduct a Data Protection Impact Assessment
- Why a Record of Processing Activities should be developed
- What the Record of Processing Activities should include
- Examples of Record of Processing Activities
- What a Data Protection Impact Assessment (DPIA) is
- In which cases a DPIA should be performed
- How an organisation can carry out a DPIA
Section 3: What information should be provided to data subjects and understand when it is lawful to transfer personal data to third countries
- Why an organisation must provide certain information to data subjects
- The information that should be provided to data subjects
- How this information can be provided
- Informing employees and candidates for employment
- The cases when an organisation can lawfully transfer personal data to third countries
- How organisations of the same group can transfer personal data between them
- What an agreement between different organisations shall include for the transfer of personal data
Section 4: Organisational and technical security measures that an organisation can implement and what documents an organisation should have in place
- The need to have security measures in place and how can decide what security measures to implement
- Examples of security measures
- Pseudonymisation and Encryption explained
- The data subject’s rights in detail
- Examples of documents to be in place in order to respond to data subject’s rights
- Data breach in brief
- The necessary documents to notify the Supervisory Authority and data subjects in case of a breach
Section 5: Develop a “Privacy Notice” and a “Cookies Policy”; What should be included
- Why a “Privacy Notice” should be developed
- The information that a “Privacy Notice” should at least include
- Explanation of the information that a “Privacy Notice” should at least include
- Develop a “Cookies Policy”
- What “cookies” are, the “cookies” legislation and the different types of “cookies”
- Examples of “cookies” banner/notice
Section 6: How a Data Protection Officer is involved in an organisation
- The role of the Data Protection Officer (DPO)
- When a DPO shall be designated
- The tasks of the DPO
- The expertise and skills that a DPO should have
- Who can be designated as a DPO
This course may take up to 5 hours to be completed. However, actual study time differs as each learner uses their own training pace.
The course is addressed to:
This course is addressed to all individuals who are involved in the processing of personal data in an organisation:
- Designated DPOs in Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Insurance Companies, Hospitals, Schools and in general DPOs of all organisations
- Employees of Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Insurance Companies, Hospitals, Schools and in general of all organisations involved in the processing of personal data
- Internal Auditors
- Senior managers
It is also suitable to professionals pursuing regulatory CPD for the renewal of the “Basic” and “Advance” CySEC Certificate.
The course is offered fully online using a self-paced approach. The learning units consist of power point presentations and examples. Learners may start, stop and resume their training at any time.
At the end of each section, participants take a Quiz to complete their learning unit and earn a Certificate of Completion once all quizzes have been passed successfully.
Accreditation and CPD Recognition
The course can be accredited by regulators and other bodies for 5 CPD Units that require CPD training in financial and other regulation.
Eligibility criteria and CPD Units are verified directly by your association or other bodies in which you hold membership.
Registration and Access
To register to this course, click on the Take this course button to pay online and receive your access instantly. If you are purchasing this course on behalf of others, please be advised that you will need to create or use their personal profile before finalizing your payment.
Access to the course is valid for 60 days.
If you wish to receive an invoice instead of paying online, please Contact us by email. Talk to us for our special Corporate Group rates.
Andreas Nicolaides has more than 8-years experience in the financial Industry. He is the Operations Manager of G.P. GLOBAL LTD offering consulting services and training courses to Investment Firms, Administrative Service Providers and Funds focuses in Internal Audit, compliance & AML issues. He is a member of the Internal Audit team of G.P. GLOBAL LTD and is involved in numerous Internal Audits of Cyprus Investment Firms, Administrative Service Providers and Funds where he is engaged, among others, in the audit for compliance with the GDPR regulatory framework. He has completed a number of trainings on GDPR regulatory framework and assisted a number of Cyprus Investment Firms, Administrative Service Providers and Funds to comply with their GDPR legal obligations.
Andreas Nicolaides holds a BA in Business Management from the Northumbria University (Newcastle – UK). Andreas also holds an Advance and Money Laundering certificate from the Cyprus Securities and Exchange Commission for the provision of investment services/activities.
See more Courses from Andreas Nicolaides