Personal Data Protection Officer - Basic Level Training Course

Basic principles of personal data processing

• Sources of national and international law
• The scope of application of personal data protection laws
• The scope of powers of the data protection authority
• Judicial protection of the right to the protection of personal data
• GDPR - basic information and definitions - selected issues
• Sector-specific GDPR
• Personal data
• Processing of personal data
• Legal bases for processing personal data
• Administrator's Responsibilities
• Rights of data subjects
• Administrative fines
• Personal Data Protection Act of 10 May 2018 – scope of regulations
• appointing a Data Protection Officer
• Proceedings for infringement of personal data protection laws
• Monitoring compliance with personal data protection regulations
• Civil, criminal and administrative liability
• Conditions for the admissibility of the processing of personal data (ordinary and sensitive data)
• Legal requirements for the institution of entrusting the processing of personal data to other entities
• Data Protection Impact Assessment
• Data protection by design, data protection by default
• Legal bases for the transfer of personal data to a third country
• Protection of personal data in employment relations

Appointment of a Data Protection Officer

• Mandatory appointment of a Data Protection Officer
• Optional appointment of an Inspector

Who can be a Data Protection Officer?

• Qualifications to act as an Inspector
• Form of employment of the Inspector

Status of the Data Protection Officer

• Direct reporting of the Inspector to the top management
• Arranging support for the Supervisor
• Participation of the Inspector in all matters related to the protection of personal data
• Prohibition of giving instructions to the Supervisor as to how he or she shall carry out his or her duties
• Avoiding conflicts of interest in the organization - tasks of the Supervisor
• Prohibition of dismissal and punishment of the Inspector
• The duty of the Inspector to maintain the secrecy or confidentiality of the tasks performed

Information Security Management

• Discussion of the security management system in the organization based on the m.in Polish standards
• Identification of privacy risks and their legal implications
• Principles of risk assessment and assessment of the impact of the application of specific solutions in the field of effectiveness of safety management
• How to understand and apply a risk-based approach – practical completion of the Risk Analysis template
• Personal Data Lifecycle Management

Performing the tasks of the Data Protection Officer (DPO)

• Legal basis for the appointment of the DPO
• Who and when must appoint a DPO and how they will be appointed
• DPO status and qualifications
• DPO's tasks and the rules for planning their performance
• Conducting reports on the compliance of data processing with the provisions on the protection of personal data in traditional and IT systems
• Documenting the activities carried out by the DPO
• Preparation of inspection reports
• Rules for supervising the documentation of personal data processing
• Scope of UODO's powers in relation to DPOs

Practical information on the inspection of the Office for Personal Data Protection

• Requirements of the Office for auditees
• How to prepare for the inspection
• Case study

Hands-on activities

• Development of an exemplary Information Security Policy
• development of management instructions
• Development of a Register of Processing Activities
• Preparation of the so-called Small Personal Data Protection Documentation
• Case study
• The most common errors in the preparation of documentation

Additional materials for course participants:

Useful forms and templates:

• Consent to the use and dissemination of the image
• Event- newsletter entry
• Consent to send you an offer
• Sending offer emails
• Sending general emails
• Example of a personal data protection policy
• Template for the preparation of the information obligation, in accordance with the GDPR, together with the instructions
• Risk analysis template
• Register of personal data processing activities – template
• Register of categories of processing activities – template
• GDPR Breach Register – Template
• GDPR Compliance Checklist Template
• Instructions on how to proceed in the event of a breach of personal data protection regulations
• Data Protection Breach Report Template
• Register of security incidents and corrective and preventive actions
• Register of corrigenda
• Register of restorations
• Model corrigendum
• Restoration pattern
• Model Objection
• A model contract excluding further processing of personal data
• Sample consents for competitions, marketing, publications
• Obligation to provide information to ferry crossing
• Obligation to provide information monitoring of the meeting
• Obligation to provide information on recruitment
• Obligation to provide information to the National Revenue Administration
• Information obligation of the LES
• Public Procurement Law (UCoC) information obligation
• Information obligation: Labour Code
• Tax information obligation
• Authorization to process personal data for employees: a template to be filled in with an example
• Notification of a breach to data subjects – template
• Personal Data Processing Agreement for the Controller – template
• Personal Data Processing Agreement for the Processor
• And many more