Prerequisites
None
Course Content
This one-day course provides an updated overview of the European Data Protection Regulation and its organizational impact. The first part covers GDPR principles, focusing on data protection by design, security, breach management, and DPIA, with references to relevant international standards and guidelines. The second part addresses legal and organizational aspects, including regulatory updates and practical guidance supported by real-world examples.
Course program
First part program
- Fundamental principles of the GDPR
- Security and types of personal data
- Special categories of personal data
- Risk analysis
- Security measures
- Data Protection by Design and by Default
- Personal data breaches
- Data Breach
- Management procedure: prevent, prepare, manage, remediate
- Data Protection Impact Assessment (DPIA)
Second part program
- Regulatory updates
- Legislative Decree No. 101/2018
- General authorizations
- General measures of the Data Protection Authority: which ones are “GDPR-compliant”?
- Privacy notices: processes and legal design
- Legal bases for processing. From consent to legitimate interest
- How to manage data subject rights (access, rectification, erasure, portability, right to be forgotten, etc.)
- Organizational model and roles
- Authorized personnel
- External processors
- Data Protection Officer (DPO)
- Record of processing activities
- International data transfers
- Administrative sanctions and offenses
- Staff training