Chief Data Protection Officer – CDPO

CDPO – Certified Chief Data Protection Officer

Become a Certified Chief Data Protection Officer (CDPO) with our comprehensive BCAA CDPO course. This certification equips you with the knowledge and skills needed to effectively manage and implement data protection strategies within organizations, ensuring compliance with global privacy regulations.

Key Features:

• Expert-Led Training: Learn from industry experts with extensive experience in data protection and privacy management.
• Practical Skills Development: Gain hands-on experience through real-world case studies and simulations.
• Comprehensive Curriculum: Cover essential topics including privacy laws, risk assessment, data governance, and more.
• ISO/IEC 27701 Focus: Understand the requirements of ISO/IEC 27701 standard for privacy information management systems.
• Preparation for Certification: Prepare thoroughly for the BCAA CDPO certification exam with our structured training approach.
• Flexible Learning Options: Choose from in-person workshops or convenient online sessions to suit your schedule.

Who Should Attend:

• Data Protection Officers
• Compliance Officers
• Privacy Professionals
• Legal Counsel
• IT Managers

Data Privacy

Data privacy generally means the ability of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to others. This personal information can be one’s name, location, contact information, or online or real-world behavior. Just as someone may wish to exclude people from a private conversation, many online users want to control or prevent certain types of personal data collection.

As Internet usage has increased over the years, so has the importance of data privacy. Websites, applications, and social media platforms often need to collect and store personal data about users in order to provide services. However, some applications and platforms may exceed users’ expectations for data collection and usage, leaving users with less privacy than they realized. Other apps and platforms may not place adequate safeguards around the data they collect, which can result in a data breach that compromises user privacy.

ISO27701

ISO/IEC 27701:2019 is built to complement the widely used ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. It specifies requirements and provides guidance for a Privacy Information Management System (PIMS), making the implementation of PIMS a helpful compliance addition for the many organizations that rely on ISO/IEC 27001, as well as creating a strong integration point for aligning security and privacy controls. ISO/IEC 27701 accomplishes this integration through a framework for managing personal data that can be used by both data controllers and data processors, a key distinction for General Data Protection Regulation (GDPR) compliance.

In addition, any ISO/IEC 27701 audit requires the organization to declare applicable laws/regulations in its criteria for the audit meaning that the standard can be mapped to many of the requirements under GDPR, California Consumer Privacy Act (CCPA), or other laws. Once mapped, the ISO/IEC 27701 operational controls are implemented by privacy professionals. An internal or external third party, who is accredited to assess, then evaluates the organization’s compliance with the requirements of the standard and issues a certificate to that effect. This universal framework allows organizations to efficiently implement compliance with new regulatory requirements.

Benefits:

• Helps with compliance audits.
• Ensures a consistent approach to information security management throughout an organization.
• Enables organizations to understand and manage risks in a systematic manner.
• Provides guidance on how to meet high-level objectives for information security management.
• Includes guidelines for implementing controls at each stage in the risk assessment process.
• Identifies key components that need to be addressed by organizational policies and procedures.
• Provides a framework for assessing effectiveness of implemented controls, including monitoring activities and reporting on results.

Course Outline:

Module 1: Privacy Compliance Frameworks

• Material scope
• Territorial scope
• Governance
• Objectives
• Key processes
• Personal information management systems
• ISO/IEC 27001:2013
• Selecting and implementing a compliance framework
• Implementing the framework

Module 2: Role of the Data Protection Officer

• Voluntary designation of a Data Protection Officer
• Undertakings that share a DPO
• DPO on a service contract
• Publication of DPO contact details
• Position of the DPO
• Necessary resources
• Acting in an independent manner
• Protected role of the DPO
• Conflicts of interest
• Specification of the DPO
• Duties of the DPO
• The DPO and the organization
• The DPO and the supervisory authority
• Data protection impact assessments and risk management In house or contract

Module 3: Common Data Security Failures

• Personal data breaches Anatomy of a data breach Sites of attack Securing your information
• ISO 27001
• Ten Steps to Cyber Security
• Cyber Essentials
• NIST standards
• The information security policy
• Assuring information security
• Governance of information security
• Information security beyond the organisation’s borders

Module 4: Six Data Protection Principles

• Principle 1: Lawfulness, fairness and transparency
• Principle 2: Purpose limitation
• Principle 3: Data minimisation
• Principle 4: Accuracy
• Principle 5: Storage limitation
• Principle 6: Integrity and confidentiality
• Accountability and compliance

Module 5: Requirements for Data Protection Impact Assessments

• Data protection impact assessments
• When to conduct a DPIA
• Who needs to be involved
• Data protection by design and by default

Module 6: Risk Management and DPIAs

• DPIAs as part of risk management
• Risk management standards and methodologies
• Risk responses
• Risk relationships
• Risk management and personal data

 Module 7: Data Mapping

• Objectives and outcomes
• Four elements of data flow
• Data mapping, DPIAs and risk management

Module 8: Conducting DPIAs

• Reasons for conducting a DPIA
• Objectives and outcomes
• Consultation
• Five key stages of the DPIA
• Integrating the DPIA into the project plan

Module 9: Data Subjects’ Rights

• Fair processing
• The right to access
• The right to rectification
• The right to be forgotten
• The right to restriction of processing
• The right to data portability
• The right to object
• The right to appropriate decision making

Module 10: Consent

• Consent in a nutshell
• Withdrawing consent
• Alternatives to consent
• Practicalities of consent
• Children
• Special categories of personal data
• Data relating to criminal convictions and offences

Module 11: Subject Access Requests

• The information to provide
• Data portability
• Responsibilities of the data controller
• Processes and procedures
• Options for confirming the requester’s identity
• Records to examine
• Time and money
• Dealing with bulk subject access requests
• Right to refusal

Module 12: Controllers and Processors

• Data controllers
• Joint controllers
• Data processors
• Controllers that are processors
• Controllers and processors outside the EU
• Records of processing
• Demonstrating compliance

Module 13: Managing Personal Data Internationally

• Key requirements
• Adequacy decisions
• Safeguards
• Binding corporate rules
• The EU-US Privacy Shield
• Privacy Shield Principles
• Limited transfers
• Cloud services

Module 14: Incident Response Management and Reporting Notification

• Events vs incidents
• Types of incidents
• Cyber security incident response plans
• Key roles in incident management
• Prepare
• Respond
• Follow up

Module 15: GDPR Enforcement

• The hierarchy of authorities
• One-stop-shop mechanism
• Duties of supervisory authorities
• Powers of supervisory authorities
• Duties and powers of the European Data Protection Board
• Data subjects’ rights to redress
• Administrative fines
• The Regulation’s impact on other laws

Dual Certification

The training program carries dual certification.

1. ISO27701 Lead Implementer
2. Certified Chief Data Protection Officer

Eligibility

• Managers or consultants seeking to prepare and support an organization in planning, implementing, and maintaining a compliance program based on the GDPR
• DPOs and individuals responsible for maintaining conformance with the GDPR requirements
• Members of information security, incident management, and business continuity teams
• Technical and compliance experts seeking to prepare for a data protection officer role
• Expert advisors involved in the security of personal data