Plesner Data Protection Law Certificate
When the EU Data Protection Regulation enters into force, it will be a requirement for a number of organisations, including public authorities and undertakings which handle extensive processing of particular (sensitive) data to appoint a data protection officer (DPO).
Even though the material rules in several central areas will continue with the Regulation, the requirements for the data controllers' compliance in practice - and not least their ability to document such compliance - will for most undertakings result in a need for an increased effort and not least increased formalisation of the personal data work.
To such undertakings, it may make sense to define another role - for example Chief Privacy Officer (CPO) or a similar function which will not be comprised by the independent requirements for a DPO and whose effort in the organisation will be an integrated part when performing the legal day-to-day work which the Regulation also requires. There will be a larger degree of independence to schedule the role of the CPO in accordance with the needs of the undertaking.
The Certificate is made to ensure that participants achieve the right competences which are necessary to handle the position as DPO pursuant to the Regulation. The Certificate will also be relevant to persons who are to work with Data Protection compliance, including the implementation of the Regulation in the organisation.
The participants will receive comprehensive teaching material.
The Certificate is offered to the private sector, the public sector and the financial sector.
Plesner Data Protection Law Certificate will cover the following subjects
- Background
- Introduction to the structure and principles of the Regulation
- Purpose
- Material and geographical scope of application
Definitions - Administering rules
- Transparency and the rights of the registered
- DPO*
- Data security breaches*
- Accountability*
- Privacy by design/privacy by default*
- Data processor*
- Documentation*
- Data Privacy Impact Assessment (DPIA)*
- Security*
- Code of conduct and certification
- Third country transfers*
- Regulatory authorities
- Corporation (one-stop-shop), coherence and EDPB
- Responsibility and sanctions
*These subjects will only be touched upon briefly during the introduction as they are dealt with separately in a later module
- The formal requirements for the DPO role - which tasks does the DPO handle
- The requirement of independence - what does the term cover and how is independence maintained in practice
- Chief Privacy Officer - an alternative or a supplement to Data Protection Officer
- What does accountability mean?
- How do you establish accountability?
- Documentation of the many legal requirements to specific activities and inspections
- Practical exercise in accountability
- Information security is only a part of the Data Protection compliance
- Synergy and possible conflicts between legal Data Protection compliance and information security
- Different objects - joint methods
- Background and purpose
- Practical exercise in preparing a DPIA
- What do the terms mean?
- How can it be used in support of compliance and accountability?
- How may privacy by design and privacy by default be incorporated in system development processes and the day-to-day work in the organisation in practice
- When is a data processor "only" a data processor and not data controller
- The difference between data controllers and data processors
- Typical data protection challenges when using a data processor
- Using a sub-contractor
- Third country transfers
- Inquiries from registered
- Duty of information in case of breach of data security
- Allocation of responsibility and legal risk management
- Securing accountability when part of the processes and inspections are conducted by a data processor
- Data security
- Preparing and renegotiation of data processor contracts
- Problems that may arise in connection with third country transfers in general
- Problems that may arise in connection with third country transfers internally in the Group
- The different transfer grounds
- Classical mistakes and misunderstandings
- Security and compliance breaches - similarities and differences
- Obligations in connection with security breaches
- The relationship between data controller and data processor in case a security breach happens at the data controller
- Processes and resources for handling security breaches (establishing data breach team and data breach handling procedure)
- Use of external advisers when handling security breaches - specific points that need attention
- Check lists and interviews
- Other solutions
- Pitfalls
- The individual actors and their roles (IT, law, compliance, security etc.)
- Best practice for the cooperation - how to speak the same language
- Establishment of processes and workflows that support an effective and business oriented implementation of and compliance with the requirements
- Practical implementation in the organisation
- Handling of inquiries from data subjects and from the Danish Data Protection Agency
- What sector regulation exists today?
- What are the possibilities for Denmark to maintain or introduce sector regulation under the Personal Data Regulation?
- The relationship between the personal data regulation and possible sector regulation
- Incorporation of the sector regulation in the regulatory framework that the organization must comply with, and compliance with the sector regulation
Questions
If you have any questions about the certificate, feel free to contact attorney-at-law, partner Michael Hopp at tel. 2999 3014
Compliance with CIPP/E and CIPM requirements for supplementary training
The International Association of Privacy Professionals (IAPP) offers certification in European data protection law (CIPP/E) and certification in development and implementation of a data protection program in an organisation (CIPM)
Plesner's Data Protection Law Certificate and other courses in data protection law comply with requirements for supplementary training for both CIPP/Es (Certified Information Privacy Professionals) and CIPMs (Certified Information Privacy Managers) as Plesner is an Approved Credit Provider.
Read more about CIPP/E and CIPM certification on www.iapp.org
Event language
Please note that the seminar will be held in Danish
Plesner, Kobbertårnet
Amerika Plads 37
2100 København Ø
Denmark
August - course 74b
20, 21, 22 and 27, 28 August 2024 (in Danish)
September - course 75
3, 4, 5 and 17, 18 September 2024 (in Danish)
October - course 76
8, 9, 10 and 22, 23 October 2024 (in Danish)
November - in English
26, 27, 28 November and 10, 11 December 2024 (in English)
December - course 77
3, 4, 5 and 17, 18 December 2024 (in Danish)
All days from 09:00-16:00
Plesner
Amerika Plads 37
DK-2100 Copenhagen
The course is spread over five whole days and is held as 3+2 days.
Training will take place in groups of no more than 20 persons in order to enable participants to build up personal relationships and to ensure that there is time for everyone to have their questions answered.
Participants will be provided with extensive training material.
The course will comply with the requirements for Danish attorneys’ mandatory supplementary training.
Knowledge of data protection law and/or practical compliance is an advantage but there are no formal requirements for participation in the course.
The fee for the Plesner Data Protection Law Certificate is DKK 20,000, excl. VAT, for five training days.
Registration is binding six weeks from the first day of training.
Training will be provided by members of the legal staff in our Data Protection team with extensive experience from, among other things, the legal industry and the Danish Data Protection Agency as well as information security compliance.
They will be assisted by external lecturers with experience in operational compliance and people with practical experience of the DPO-role.
On commencement of the course you will get 12 months' free access to LegalHub, Plesner's digital knowledge platform. This access comes without obligations.
LegalHub is a structured knowledge tool developed by Plesner's Data Protection team.
In addition to access to the knowledge platform which enables you to be updated on data protection law on a regular basis, Legal Hub provides access to professional seminars on relevant and topical data protection issues etc.
Your access to LegalHub will not be extended automatically on expiry of the 12-month free access period. You will have to actively register again.
To register, please send an e-mail to attorney-at-law, partner Michael Hopp at mho@plesner.com