Sign up to our mailing list

Sign up for more info including course updates,
upcoming courses and the latest news from GTA

Search

Data Protection

GDPR Foundation and Practitioner (Online)

Course details

Start Date

Upcoming - find out more »

CPD Points

35

Cost

£2,790

Length

5 full days (09:00-17:00)

Course Overview

This combined online course offers the Foundation and Practitioner level GDPR (General Data Protection Regulation) courses. The Foundation course provides a complete introduction to the Regulation, and an overview of the implications and legal requirements for organisations, including responding to individuals (data subjects) exercising their rights, DPIAs (data protection impact assessments) and data breach reporting (1 day).

The Practitioner course is at advanced-level and builds on the GDPR Foundation qualification to give you the knowledge and operational skills to build, implement and manage a GDPR compliance programme, and to fulfil the DPO (Data Protection Officer) role.

This programme is primarily aimed at professionals working in the field of data protection and data privacy. It is also suitable for individuals with little experience but who wish to enter the field of data protection with a professional qualification.

This course is delivered virtually through the GTA, tutor led in real time.

Course Content

The GDPR provides a single, harmonised data privacy law across the EU, and Guernsey has updated its own law to reflect these new rules. All organisations need to respond to fast changing risk in this area – with cyber-attacks and poor information governance featuring heavily in recent times.

The GDPR tightens up on rules around data security and information handling and will require a comprehensive risk-based approach by all those handling personal data.

This Foundation element of the course (day 1) provides a complete introduction to the EU GDPR, and an overview of the key implementation and compliance activities.

Day 1 focuses on:

  • Bands of penalties for breaches
  • Lawfulness of processing and consent
  • The six data protection principles
  • Special categories of personal data
  • The rights of data subjects, including data access requests
  • Controllers and processors
  • Data protection by design
  • Securing personal data
  • How to perform a DPIA (Data Protection Impact Assessment)
  • Reporting data breaches
  • The DPO role
  • Transferring personal data outside the EU
  • Certification against the GDPR
  • The powers of supervisory authorities
  • Lead supervisory authorities
  • The role of the EDPB (European Data Protection Board)

On the Practitioner element of the course (days 2-5) you will understand how to implement an effective privacy and information security compliance programme in line with the GDPR, which is essential for anyone involved in implementing and maintaining GDPR compliance in their organisation.

Days 2 – 5 focuses on:

  • The role of the DPO (Data Protection Officer)
  • What constitutes personal data
  • Accountability, the privacy compliance framework and a PIMS (personal information management system)
  • Lessons to be learned from common data security failures
  • The six data protection principles – how to apply them and demonstrate compliance
  • The security of personal data
  • An organisational risk management framework
  • Legal requirements for a DPIA
  • How to conduct a DPIA with a DPIA tool
  • Why and how to conduct a data mapping exercise
  • The rights of data subjects
  • Giving and withdrawing consent
  • Handling DSARs (data subject access requests)
  • The roles of controllers and processors, and the relationships between them
  • Transferring personal data outside the EU and the mechanisms for compliance
  • How to become GDPR compliant using a compliance gap assessment tool

Who should attend this course:

  • Privacy Managers
  • Data Protection Managers
  • Information Security Managers
  • IT Managers
  • Project Managers
  • Corporate Governance Managers
  • Risk and Compliance Managers
  • General or privacy counsels
  • Individuals with little experience but who wish to enter the field of data protection with a professional qualification

Read the States of Guernsey's draft legislation document The Data Protection (Bailiwick of Guernsey) Law, 2017(published in November 2017)

Course Benefits

By attending this course you will gain a comprehensive introduction to the GDPR, its implications and what it means for your organisation.

You will also benefit from a comprehensive learning experience, from specialist consultants, on the GDPR (General Data Protection Regulation), developing a practical understanding of the implications and legal requirements for your organisation.

You will have attended a IBITGQ and CIISec (The Chartered Institute of Information Security) accredited, five-day training course.

Successful completion of the course and included exams leads to the ISO 17024-certificated EU GDPR Foundation & Practitioner (EU GDPR) qualification.

Assessment

GDPR Foundation Exam (end of day one)

Attendees take the ISO 17024-certificated EU GDPR Foundation exam set by IBITGQ (International Board for IT Governance Qualifications).

There is no extra charge for these exam.

  • Duration: 60 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

GDPR Practitioner Exam (end of day 5)

You will take the ISO 17024-certificated EU GDPR Practitioner exam set by IBITGQ.

  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

Prerequisites

We recommend purchasing and reading EU GDPR - A Pocket Guide, and one or both of the following:

  • EU GDPR - An Implementation and Compliance Guide
  • GDPR Toolkit

Next Steps

If you would like to book a place on this course please click on the ‘Book Course’ button to the right of this page and login or register for a user account to complete your booking(s). Any queries please do not hesitate to contact us via [email protected] or call us on 01481 224570.

If no date is scheduled for this course at the present time please click on the ‘Register Interest’ button and login or register for a user account so that we can add you to our course interest register. This register allows us to contact our tutors and finalise dates for a course as soon as we have a few people who have expressed their interest, so the more delegates who register their interest, the sooner we can schedule a particular course.


Course Tutor

  • IT Governance - A GRC Solutions Company

    IT Governance - A GRC Solutions Company is a professional services company, founded in 2002, with a wealth of consultancy skills that originally focused on information security/cybersecurity standards, notably ISO27001. Their consultants have extensive practical experience of designing and implementing management systems and help to develop the skills needed to deliver best practice and compliance in an organisation.

    The company has an impressive track record having helped well over 130 clients over the years to successfully gain the coveted ISO27001 certificate, proving their compliance with one of the most demanding management system standards. They have since developed their offerings into various other management disciplines and now provide a comprehensive single source of information, advice, books, tools, consultancy and training for IT governance, risk management, compliance and IT security objectives.

Related Courses

GDPR Foundation (Online)

Find out more
Data Protection Workshop

Find out more
Upcoming Courses

Some courses we run are scheduled based on demand. Please ensure you register your interest to ensure we know which courses you would like to attend.