Course Description

One of the principles of the Regulation (EU) 2016/679 (“GDPR”) is the processing of personal data in a manner that ensures appropriate security of the personal data, by implementing the appropriate security measures. The GDPR does not define the security measures that a company/organisation should have in place. According to the GDPR, a company/organisation should have a level of security that is appropriate to the risks presented by the processing of personal data.

This course describes a number of physical, technical and organizational security measures and controls that a company/organisation can implement to secure the processing of the personal data that is collected from its data subjects. It describes in detail the key provision of Article 32(1) of the GDPR Regulation (Regulation (EU) 2016/679) that provides for the implementation of appropriate security measures to mitigate the risk to the personal data that is processed, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorized access. For the implementation of the appropriate security measures, a company/organisation shall take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

It provides examples of physical, technical and organisational security measures to understand their implementation. It also describes the development of a “Data Flow Map” for the identification of the processing activities of a company/organisation and the steps to follow to decide on the appropriate security measures to implement.

This course explains in detail the various data subjects’ rights and describes the requirements to implement these data subjects’ rights, It also explains the cases when the data subjects’ rights can be restricted and the steps that can be followed in order to meet these rights.

This course also describes in detail the importance of identifying a personal data breach, how to develop a “Personal Data Breach Response Plan” and describes in detail with examples the process to notify the supervisory authority and communicate to data subjects a personal data breach.

It refers to different real cases of GDPR fines relevant to the implementation of security measures, as published by various supervisory authorities, in order to understand what to avoid for not being fined.

Topics covered

The course is split into the following sections:

Section 1: The GDPR Regulation in summary and get to know different personal data security measures and controls

• Reference to the key GDPR definitions.
• Summary of Regulation (EU) 2016/679 (General Data Protection Regulation).
• The security measures and controls.
• Examples of security measures and controls.

Section 2: The implementation of different personal data security measures and controls

• How to develop a “Data Flow Map” and identify the processing activities of your company.
• Appropriate security measures.
• Implementation of the appropriate security measures for the main processing activities.

Section 3: Understand the data subjects’ rights and the requirements to implement these rights

• The data subjects’ rights.
• In which cases the data subjects’ rights can be restricted.
• Implementation of the data subjects’ rights.

Section 4: Identifying a personal data breach and the information that shall be provided to data subjects and the supervisory authority

• Understand the personal data breach.
• Develop a Personal Data Breach Response Plan.
• When the supervisory authority shall be notified and the information that shall be provided.
• When data subjects shall be notified and the information that shall be provided.
• Record keeping of data breaches.
• Examples of personal data breaches and who to notify in each case.

Section 5: Real cases of GDPR fines related to security measures

Course Duration

This course will be presented Online Live on 14 December 2023 at 10:00 – 15:30. The Course duration is 5 hours.

The course is addressed to:

This course is addressed to all individuals who are involved in the processing of personal data in a company/organisation:

• Designated DPOs in Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Auditors, insurance companies, hospitals, schools and in general DPOs of all organisations.
• Employees of Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Auditors, insurance companies, hospitals, schools and in general of all organisations involved in the processing of personal data.
• Executive Directors, Non-executive directors, Senior Managers, Compliance Officers, Risk Managers, Product Managers, etc.
• Internal Auditors
• Consultants
• Lawyers

It is also suitable for professionals pursuing CPD for the renewal of CySEC Certificate (CySEC Basic or CySEC Advance Certificate or CySEC AML Certificate) or other relevant professional certificates in other jurisdictions.

Training Method

Live Online

At the end of the Course, participants take a Quiz. A Certificate of Completion shall be issued and sent to participants after the Course is completed.

Accreditation and CPD Recognition

The course may be accredited by regulators and other bodies for up to 5 CPD Units, that require CPD training in financial regulation. The course may be also approved for up to 5 CPD Units by institutions that approve general financial training, such as the CySEC, ICPAC, CBA and CISI.

Eligibility criteria and CPD Units are verified directly by your association or other bodies in which you hold membership.

Registration and Access

To register to this course, click “Take this Course” above to pay online and register for this course. After your registration, you will receive an email with information for the Live Online presentation of the Course.

If you are purchasing this course on behalf of others, please be advised that you will need to create or use their personal profile before finalizing your payment.

If you wish to receive an invoice instead of paying online, please Contact us by email. Talk to us for our special Corporate Group rates.

If you wish to receive an invoice instead of paying online, please complete and submit the Registration Form.

Instructor

Andreas Nicolaides has more than 10-years experience in the financial Industry. He is the Operations Manager of G.P. GLOBAL LTD offering consulting services and training courses to Investment Firms, Administrative Service Providers and Funds focuses in Internal Audit, compliance & AML issues. He is a member of the Internal Audit team of G.P. GLOBAL LTD and is involved in numerous Internal Audits of Cyprus Investment Firms, Administrative Service Providers and Funds where he is engaged, among others, in the audit for compliance with the GDPR regulatory framework. He has completed a number of trainings on GDPR regulatory framework and assisted a number of Cyprus Investment Firms, Administrative Service Providers and Funds to comply with their GDPR legal obligations.

Andreas Nicolaides holds a BA in Business Management from Northumbria University (Newcastle – UK). Andreas also holds an Advance and Money Laundering certificate from the Cyprus Securities and Exchange Commission for the provision of investment services/activities.

See more Courses from Andreas Nicolaides

Click “Take this Course” above to Register Online

OR