Take a
tour of our
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

Take a
tour of our
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

GENERAL DATA PROTECTION REGULATION – GDPR TRAINING

If you're a citizen of the European Union, the General Data Protection Regulation (GDPR) protects any information that could be used to identify you, either directly or indirectly.

It could be a name, photo, email address, date of birth, ethnicity, religion, financial record, medical information, or employment history. It could even be posts on social networking sites.

Any organizations that do business in the European Union or the European Economic Area (EEA) must comply with the GDPR.

It doesn't matter where the organization is located – if you are an EU citizen and they hold or process your data, they must comply with the GDPR.

It is essential that you and your employees are trained on GDPR and can implement a GDPR strategy in advance of the May 2018 launch of the legislation.

iPhone, Android, Tablet and desktop devices – seamless playback and tracking

Easily add your own learning screens to enhance stock content

Single enterprise licence covers your entire workforce, including contractors

Available in 20+ languages, with compliance training resources for local market regulations

TOPIC 1:

WHAT IS THE GENERAL DATA PROTECTION REGULATION?


Video Screen: What is the GDPR, and why is it important?

Text & Image Screen: Who are the key players in the GDPR? Data controllers, data processors, and data subjects.

Interactive Screen: How does the GDPR protect personal data? Data controllers, processors, and subjects. Consent and privacy statements.

Scenario: Real-life scenario covering subject access requests, investigating and enforcing of the GDPR, and penalties for breaching the GDPR.

Key Learning: Dealing with Subject Access Requests (SARs). Each member state has a Supervisory Authority (SA). Function of SA. Organizations can be fined up to 4% of annual global turnover or €20 million, whichever is greater, for breaching the GDPR.

Scenario: Transferring data between EU countries.

Key Learning: Before you can even consider a transfer, you must be sure the collection and processing of any personal data comply with the principles of the GDPR.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 2:

THE GDPR IN ACTION


Interactive Screen: Personal data. Privacy by design and default. Standardized data protection rules. Personal data transferred to countries outside the EU and the EEA.

Interactive Screen: Breach notification. Right of access. Right to be forgotten. Data portability. Right to object.

Scenario: Real-life example around transferring data from the EU to the US.

Key Learning: Personal data can only be transferred if all the data protection principles concerning its collection, processing, and transfer are met. For transfers to countries outside the EU and the EEA, an adequate level of protection must be assured by the third country.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 3:

PRIVACY SHIELD


Text & Image Screen: Overview of the Privacy Shield Framework.

Interactive Screen: Seven Privacy Shield principles.

Scenario: Real-life scenario around preparing for certification into the Privacy Shield Framework.

Key Learning: Privacy policy notices. Explicit consent. Rights of data subjects.

Scenario: Real-life scenario around adhering to the requirements of Privacy Shield.

Key Learning: To transfer data outside the EU/EEA, you need to ensure an adequate level of protection. The Privacy Shield Framework for data transfers provides a certification scheme for US companies. It also retains and clarifies some existing transfer mechanisms.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 4:

INTERNATIONAL DATA TRANSFERS


Video Screen: GDPR restrictions on transferring personal data to third countries.

Interactive Screen: Adequate safeguards. EU recognition of the country’s safeguards. Privacy shield. Standard contractual clauses/model clauses. Contractual arrangements.

Interactive Screen: Real-life example on transferring customer data from the EU to the US.

Scenario: Real-life scenario on key considerations when transferring personal data outside the EU.

Key Learning: There are only a limited number of countries that the EU Commission has recognized as having an adequate level of protection of personal data.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 5:

THE GDPR AND HR


Interactive Screen: How does the GDPR impact the role of HR professionals? Deal with high level of employee personal data on a regular basis. Deal with queries from staff on the GDPR.

Scenario: Real-life HR scenario on protecting employee personal data.

Key Learning: We all have a responsibility to protect any personal data we handle. Consequences of breaches. Reporting requirements and reporting channels.

Scenario: Real-life HR scenario on sharing employee personal data.

Key Learning: Personal data should only be shared when it is relevant and appropriate for the required task. When sharing data, always use the most secure method available.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 6:

THE GDPR AND IT


Interactive Screen: How does the GDPR impact the role of IT professionals? Tasked with protecting high levels of personal data.

Interactive Screen: Protecting personal data. Data Privacy Impact Assessments. Privacy by design. Privacy by default. Security of processing. Principle of least privilege.

Scenario: Real-life scenario on best ways to protect the personal data we hold.

Key Learning: We all have a responsibility to prevent breaches. Consequences of breaches. Reporting requirements and reporting channels.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 7:

THE GDPR AND PROCUREMENT


Interactive Screen: How does the GDPR impact the role of procurement professionals? Deal with suppliers and third-party vendors on a regular basis. Must ensure that any personal data shared with suppliers and vendors is protected in line with GDPR requirements.

Scenario: Real-life procurement scenario on protecting personal data when dealing with third-party vendors.

Key Learning: We all have a responsibility to protect any personal data we handle. Consequences of breaches. Reporting requirements and reporting channels.

Scenario: Real-life procurement scenario on sharing personal data with outside organizations.

Key Learning: Personal data should only be shared when it is relevant and appropriate for the required task. When sharing data, always use the most secure method available.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 8:

THE GDPR AND MARKETING


Interactive Screen: How does the GDPR impact the role of marketing professionals? The impact of the GDPR on how we collect and use personal data for marketing purposes. Explicit consent – opt in, not opt out.

Scenario: Real-life scenario around collecting personal data during a marketing campaign.

Key Learning: Under the GDPR, requests for consent must be provided in an easily accessible form, must be written in plain language, and must clearly state how any personal data collected will be processed or held. Companies can’t rely on silence, pre-ticked boxes, or inactivity as a basis for consent.

Scenario: Real-life scenario around using the personal data collected during a marketing campaign.

Key Learning: Personal data collected for a specific reason must not be reused for other purposes that are incompatible with the initial one to which the data subject consented, regardless of where the processing takes place.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 9:

THE GDPR AND THE SUPPLY CHAIN


Interactive Screen: How does the GDPR impact the supply chain? Define third parties. Examples of third parties. We must ensure compliance with the GPDR throughout our supply chain.

Interactive Screen: Third-party due diligence. Proactive governance of third-party data processors. Privacy Impact Assessments. Data processing agreements.

Scenario: Real-life scenario on engaging a new supplier and the steps required to ensure compliance with the GDPR.

Key Learning: We are ultimately responsible for any personal data processed in our supply chain. We must ensure adequate, secure procedures are in place and that any third parties have policies in place to protect personal data. Breach notification procedures must also be in place.

Assessment: Five-question quiz on the content presented in this topic.

 
 
 

MORE ON GDPR

Non-EU Companies


The GDPR protects any personal data you, as an EU citizen, provide to organizations outside the EU to obtain goods or services. It also applies to non-EU-based organizations that may monitor how you behave online (for example, analyzing your online behavior to predict your online shopping habits). This means that all organizations, irrespective of where they are located, must ensure that the personal data of EU citizens is protected to the standard outlined in the GDPR.

Despite the UK voting to leave the European Union in 2017, GDPR will sitll apply to UK citizens and to companies in the UK.

Personal Data


The definition of “personal data” has been widened significantly – for example, IP addresses, cookie identifiers, mobile device IDs, and other types of online identifiers are now considered personal data. So, for example, if your company website is accessible to EU consumers and you collect their IP addresses in access logs, or if you track EU visitors using cookies, the data you collect is subject to the GDPR.

Privacy by Design and Default


Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Organizations must ensure that privacy and data protection are key considerations in the early stages of any project, and then throughout its life cycle – for example, when:

  • Building new IT systems for storing or accessing personal data
  • Developing legislation, policy, or strategies that have privacy implications
  • Embarking on a data-sharing initiative
  • Using data for new purposes

Organizations should therefore, ensure that they integrate core privacy considerations into existing project management and risk management methodologies and policies.

Privacy by default means that the strictest privacy settings automatically apply for products and services (by “default”) and no manual change to such privacy settings should be required on the part of the user. For example, if you sign up for a service that includes a published profile, such as a profile on a social media site, the profile should show the minimum information required and not add additional elements, such as age and location.

Transferring Data Outside the EU


Personal data can only be transferred to countries outside the EU and the EEA where certain, very specific arrangements are in place ensuring data protection. Some countries are recognized by the EU as having adequate protections in place (i.e., in line with the standards of protection required in the EU).

However, for most other non-EEA countries, there are procedures that need to be complied with in order for the legitimate transfer of personal data from the EU to take place, such as entering into data transfer contracts between the companies who are sharing the personal data. Note that countries outside the EU and EEA are often referred to as “third countries."
interactive services compliance training gdpr training
interactive services compliance training gdpr training
interactive services compliance training gdpr and the marketing