The Institute of Continuous Professional Training and Education (ICPTE) offers an extensive variety of Self-Paced Online and Live Online seminars created by Professional and qualified Instructors with years of experience in their field.
The ICPTE platform offers the flexibility to watch online self-paced seminars at Your own convenience, at Your own pace, in Your own time and place. Start watching a seminar today and complete it at Your own time. You can have access from anywhere. All self-paced online seminars are in the form of PowerPoint presentations and a number of them includes video.
GDPR – Start acting
A company/organisation that processes personal data is responsible for complying with all data protection principles under Article 5 of the Regulation (EU) 2016/679 (General Data Protection Regulation [GDPR]). Processing personal data lawfully, fairly and in a transparent manner are essential elements of GDPR.
When deciding the purposes and means of processing personal data, a company must ensure that individuals’ personal data is protected. To achieve this, the company must design and implement the necessary security measures to protect personal data and enable individuals to exercise their rights, as those are provided under GDPR.
Start acting! – The 4 phases process
It is important for a company to attain GDPR compliance. A good practice to comply with GDPR is to follow a 4 phases process that includes:
- Phase 1: Identify
- Phase 2: Assess
- Phase 3: Implement
- Phase 4: Apply
Phase 1: Identify
As the first action, a company needs to understand the purpose(s) for processing personal data, the details of the processing activities that shall perform, the assets on the processing activities (for example, what personal data shall process, what equipment shall use for the processing activities) and who are the asset owners (for example, who are the data subjects from whom the company shall collect personal data).
Phase 2: Assess
When Phase 1 is completed, the company must elaborate its findings in Phase 2 and design the necessary processes, procedures and policies for the processing of personal data. This includes the design of various security measures for the protection of personal data. The assessment phase also includes the management of various risks that the company may face for the security of personal data and the assessment of its processes and procedures in order to comply with the GDPR and national legislation for the protection of personal data.
Phase 3: Implement
The implementation phase is related to the development and implementation of the necessary policies that a company should have in place, as well as the implementation of a “Record of Processing Activities”. The scope of personal data polices is to document how the company processes personal data for compliance with the GDPR. The implementation phase involves the development of a detailed “Personal Data Policy” as an internal document for the company’s members, a “Personal Data Notice” and a “Cookies Policy” as publicly available documents for the company’s website visitors and data subjects accordingly, a “Record of Processing Activities”, as well as the development of the “Consent” procedures and other polices relevant to the various processing activities related to personal data.
Phase 4: Apply
Phase 4 is relevant to the application of security measures, training of employees and reviewing of company’s processing activities. During this phase, a company should apply the appropriate security measures that has designed for the protection of personal data. The company should have assessed during the assessment phase, Phase 2, at which stage of the processing activities security measures is needed and what security measures should be implemented. In accordance with the GDPR, the application of the appropriate security measures, by design and by default, is an obligation for all companies that process personal data, irrespective of size and varying complexity of processing. In addition, Phase 4 includes the design and provision of specific training to employees in relation to their usual daily tasks and the company’s procedures. Also, Phase 4 includes the review of all processing activities that a company performs in order to ensure that the company complies with the GDPR provisions.
Good practises when following the 4 phases process
- Apply a risk management procedure and assess all the processing activities of the company in order to identify the appropriate security measures to be implemented.
- Perform documented reviews, tests and simulations of implemented security measures and keep the results in records.
- Set as a priority to educate employees regarding the protection of personal data and the company’s GDPR procedures.
Looking to enhance your knowledge and learn new skills on GDPR?
▶️Click HERE to find online self-paced seminars on GDPR topics.