Day 1 & 2
Module 1: Data Protection Laws
Introduces key European Data Protection laws and regulatory bodies, describing the evolution toward a Harmonised European Legislative Framework.
Module 2: Personal Data
- Defines and differentiates between types of data, including personal, anonymous, pseudo-anonymous and special categories.
Module 3: Controllers and Processors
- Describes the roles and relationships of controllers and processors.
Module 4: Processing Personal Data
- Defines data processing and GDPR processing principles, explains the application of the GDPR and outlines the legitimate bases for processing personal data.
Module 5: Information provision
- Explains controller obligations for providing information about data processing activities to data subjects and Supervisory Authorities.
Module 6: Data Subjects Rights
- Describes data subjects' rights, application of those rights and obligations of both the controller and processor.
Module 7: Security or Processing
- Discusses considerations and duties of controllers and processors for ensuring security of personal data and providing notification of data breaches.
Module 8: Accountability
- Investigates accountability requirements, data protection management systems, data protection impact assessments, privacy policies and the role of the data protection officer.
Module 9: International Data Transfers
- Outlines options and obligations for transferring data outside the European Economic Area, adequacy decisions, appropriate safeguards and derogations.
Module 10: Supervision and Enforcement
- Describes the role, powers and procedures or Supervisory Authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for non-compliance.
Module 11: Compliance
- Discusses the applications of European data protection law, legal bases and compliance requirements for processing personal data in practice, employers-including processing employee data, surveillance, direct marketing, Internet technology and communications and outsourcing.
Day 3 & 4
Module 1: Introduction to privacy program management
- Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.
Module 2: Privacy governance
- Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.
Module 3: Applicable laws and regulations
- Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.
Module 4: Data assessments
- Relates practical processes for creating and using data inventories/maps, gap analyses, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.
Module 5: Policies
- Describes common types of privacy-related policies, outlines components and offers strategies for implementation.
Module 6: Data subject rights
- Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.
Module 7: Training and awareness
- Outlines strategies for developing and implementing privacy training and awareness programs.
Module 8: Protecting personal information
- Examines a holistic approach to protecting personal information through privacy by design.
Module 9: Data breach incident plans
- Provides guidance on planning for and responding to a data security incident or breach.
Module 10: Measuring, monitoring and auditing program performance
- Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance.
Exams & Certification
The Certified Information Privacy Professional/Europe (CIPP/E) exam assesses knowledge of European privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to and from the U.S., the EU and other jurisdictions.
The Certified Information Privacy Manager (CIPM) exam assesses understanding of the skills to establish, maintain and manage a privacy program across all stages of its operational life cycle.
The IAPP delivers the exams through computer-based testing. Candidates may register for computer-based testing via the IAPP website. Once registered, the candidate will be provided a website link from which they can schedule their exam with one of our partner testing centers. You are allowed two and a half hours (150 minutes) to complete the CIPP/E exam with 90 items. Once your exam is scheduled, you will receive an exam reservation confirmation email that includes exam day details, including location, time and any building security procedures and a personal exam activation code. Keep this reservation confirmation email; you will need to present it at the testing center. Your exam cannot be activated without this code.
For those candidates who wish to undertake an additional period of study after completion of the course, the IAPP offer a simple methodology to book and schedule the associated exam. Simply follow guidance provided at https://iapp.org/certify/certification-process/
NOTE: If you require special accommodations because of a qualifying disability, you must submit an Exam Accommodations Request, complete with documentation, at least 30 days in advance of the date you wish to test. Please do not schedule a test centre exam session until your request has been approved by the IAPP.
What is included?
1 years membership of the IAPP
Course handouts & Study Guide
- Additional Information
START DATE Apr 30, 2018 END DATE Aug 5, 2019 City Manchester