Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Five domains of competences for Data Protection activities


Published on

Beyond the legal and compliance skills, DPO and Data Protection professionals require various skills in domains including Digital transformation, Information and Cybersecurity, Risk assessment and Incident and dreach management. Read more..

Published in: Business

Five domains of competences for Data Protection activities

  1. 1. 1 PROGRAMME IN EUROPEAN DATA PROTECTION Five domains of competences for Data Protection activities Copyright 2017 SBS-EM, ICTC.EU and ITMA vzw-asbl
  2. 2. 1. LEGAL AND MANAGEMENT REQUIREMENTS Business objectives are combined with applicable regulations to identify Data Protection requirements. • GDPR Principles: Material scope, Personal scope, and Territorial scope • Processing principles: Lawfulness of processing, Conditions for consent, Processing of sensitive data and Processing not requiring identification • Data subject (DS) Rights: General modalities; Information and access to data; Rectification and erasure; Right to portability; Right to object; Right to not be subject to automated individual decision making/profiling • Remedies and sanctions • Responsibility of Controller • Responsibility of Processor and Sub-Processor • Data Processing Agreement • Data Protection by Design and by Default • Records of Processing Activities • DPO Designation, Position and Tasks • Cross border data flows today and the road ahead • International Data Transfers solutions: adequacy, Derogations and Safeguards • Role of Certification and Codes of Conduct • Analysis of Cloud computing (Case discussion) COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW- ASBL
  3. 3. 2. RISK AND IMPACT ASSESSMENT Risk Assessment and Data Protection Impact Assessment exercises shape the transformation activity • Data Protection Impact Assessments Context, Relevance • Risk Management principles, Risk Scenario and their categories • Risk Response Priority Workflow • Information Risk Management Steps • Samples of detailed Risk Scenario Analysis • DPIA Process in light if the guidelines from the G29 Working Party • Detailed Walkthrough of the DPIA Process (Risks, Controls, Risks, and Decisions) • The Concept of Legitimate Interest • Shadow IT impact on GDPR Compliance • Analysis of Internet of Things applications (Case discussion) • Analysis of Facebook tracking through social plug-ins (Case discussion) COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW- ASBL
  4. 4. • Defining security controls • Information Security Management System (ISMS) • ISO 27001 controls & the impact on Privacy & Data Protection • Role of the CISO & information security domains • Privacy Governance & Business Requirements definition • Differences CISO - DPO • Security Fundamentals • Sources of external threat • Enterprise Security Architecture • Cybersecurity processes • Bottom-up approach using comprehensive security controls checklists • Typical Shortcomings in Existing Management Processes • Network Security methods and Cloud computing threats • Identity and access management • Security information and event management • Implementing and Demonstrating the effectiveness of security controls • Security vs Privacy • Privacy threats and Privacy controls • Building privacy into systems to counter Vulnerabilities and attacks • Data protection by design • Privacy Design Strategies • Privacy Enhancing technologies • Analysis of GDPR Accountability versus consent (Case discussion) • Analysis of Privacy by default in a Geolocation (Case discussion) • Threat modelling technique for privacy 3. COMPLIANCE TRANSFORMATION​ Transformation includes program and project management, process improvement and the implementation of adequate enablers to target protection levels. COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW- ASBL
  5. 5. • Personal data categories • Data Life Cycle Management • Data Classification Process • Manage privacy within a classification process • Apply security rules to software • Data Flow • Governance enablers in a privacy transformation • Seven steps for a Privacy program implementation • Key success factors for a successful implementation • Link to external resources and usual privacy frameworks • Overview of Privacy standards • The transformation process and Organizational Barriers • Practical step by step implementation at a complex organisation • Creating a privacy notice/policy, a consent policy/withdrawal, a Data breach notification form, and a complaint form 4. INFORMATION SECURITY AND PRIVACY Build the secure platform within several architectural layers. COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW- ASBL
  6. 6. • Response / Breach Management & Communication • Security of Processing & Data Breach Notification People, Process, Technology • Statistics overview and Questionnaires to relate risks of security and data breaches • Security operations centre • Data Breach requirements in GDPR • Reasons of personal data breach • Maintain a Personal Data incident/Response Plan • Incident Handling standards • Incident identification & classification and key performance indicators • Incident Management guidance 5. RESPONSE & BREACH MANAGEMENT Response management and breach handling activities require due care and adequate preparation. COPYRIGHT 2017 SBS-EM, ICTC.EU AND ITMA VZW- ASBL
  7. 7. PROFILE 1. Data Protection Officers (DPO) 2. Legal experts and Lawyers 3. Information Security and Information Technology experts 4. Enterprise and external auditors 5. Compliance Officers 6. General Managers and Financial Officers 7. Data Scientists and Data Management Professionals 8. Projects Managers 9. Enterprise Architects 10.Public Service personnel 11.Marketing Managers 12.Business Managers THE PROGRAMME IN EUROPEAN DATA PROTECTION IS DEDICATED TO:
  8. 8. IndividualThe quality of the lecturers THE KNOWLEDGE A significant career boost Organisation Accelerated GDPR compliance GDPR body of knowledge GDPR implement ation cycle
  9. 9. Established in 1903, Solvay Brussels School of Economics & Management is a Faculty of the Université libre de Bruxelles. It currently holds a leading position in Europe for research and education in the fields of Economics and Management. The school‘s core mission is to train business leaders and entrepreneurs with the ability to adapt to the ever-changing nature of Society and to shape tomorrow’s world. Professor Georges Ataya founded executive education Programmes and Masters in digital management, including data protection, Information Technology, Information Security and cybersecurity in 2001. ABOUT US
  10. 10. 3.400