GDPR Executive Certification

The Board of directors and Senior Management need clear, reliable information and updates from multiple corporate functions including Legal, HR, IT, Procurement, Customer Services and Marketing to help them to comply with the Governance, Accountability and Proportionality (GAP) principles of GDPR. The Executive seminar will guide, improve and facilitate establishing a dialogue between all stakeholders needed to engage in executing their responsibilities with transparent and well-documented procedures that genuinely embed Data Protection, Data Privacy and Cybersecurity to lessen the risk of incurring hefty penalties for non-compliance and reputational damage.

GDPR, Data Privacy, IT-Security, Cyber-Security Tone at the top

Without executive sponsorship, GDPR programs are likely to become compliance tick-box programs, will not change how people behave, and the implementation is expected to fail.

By virtue of its scope, GDPR and cyber security is a highly distributed venture that involves legal, marketing, HR, procurement, customer support, analytics, operations, R&D, and M&A. Therefore, it is apparent that unless there is executive sponsorship, a GDPR program with the related components of privacy, IT and Cyber security will not reach deep into the organisation to be embedded, effective and integrated. Executive sponsorship ensures that the necessary change management processes, awareness and training programs will get properly funded, adequately deployed, and have the required ongoing attention for business as usual inclusion and not as a supplement.

Some surveys have found that less than a third of boards and senior management participate directly in a review of IT security and privacy risks. Without a solid understanding of these IT, data and cyber threats, boards and senior management are not well-positioned to exercise their oversight responsibilities for data protection and privacy matters as GDPR mandates.
Day 1
GDPR Essentials
  • Introduction to privacy and data protection
  • GDPR legal basics: cases and examples, principles, penalties, responsibilities of data processor and controller, privacy by design and default
  • A complete review of a GDPR implementation methodology as a workshop
  • Gap analysis for implementation: readiness assessment, and differences
  • Data protection authorities: objectives, notifications, local regulation and enforcement
  • Q&A session + giveaway: a compendium on the GDPR issues
Day 2
GDPR in Practice
  • The "GDPR Institute Roadmap": steps and tips for implementation, conducting data mapping, setting the project governance
  • Privacy program: risk-based approach, design and build, privacy in HR, Marketing, IT, legal, Logistics and Procurement departments
  • Transfers of personal data: to third countries, third parties and the cloud, binding corporate rules, standard contractual clauses; bid data and analytics, options and solutions
  • Codes of conduct and certification mechanisms
  • Executive role: day-to-day activities, responsibilities, cross-organisational actions, interactions with upper management, IT, audit, legal, compliance and risk management
  • Privacy impact assessment, the PIA "GDPR Institute Roadmap", need, timing, process, internal/external consultation, flows, standard risks, approvals and communication
  • Q&A session + giveaway: policy templates
Day 3
IT Security and Privacy Programs in Practice
  • Privacy control accountability framework
  • Data privacy audits and monitoring: e-discovery, data audits, activity tracking
  • Privacy awareness training: examples of initiatives
  • Data subjects’ rights in practice: dealing with requests and complaints
  • Incidence response: contingency plan for a data breach: responding to investigations
  • Scenario based-case for a data breach
  • Standard privacy controls: good practices, sources of risks, protecting information assets, encrypting, anonymising, reducing soft and hardware vulnerabilities, evaluating privacy solutions and tools
  • Business case: practical exercise to demonstrate compliance with the GDPR
  • Q&A session + giveaway: templates and bibliographic references
  • Exam 50 questions (multiple choice)

PAS-icon7

There is no single owner for developing a GDPR program

GDPR mandates a host of corporate policies and mission statements on data- privacy and protection and the right tone at the top will guarantee enforcement across the business and organisation. The proper involvement of senior management is also required to comply with Article 5 of the GDPR that requires the data controllers to demonstrate how they comply with the accountability principles. Another GDPR article 83 talks about intentional or negligent violations that is more about certifying than guaranteeing compliance to GDPR and cyber security.

With the right corporate involvement, GDPR can be rolled out as a framework that can build a culture of privacy that pervades the entire organisation. The tone can then trickle down and throughout the organisation with the right message and take ownership of ensuring understanding and use of policies as standard operating procedures. Technology cannot cover gap detection, escalation and mitigation, and disciplinary activities. The entire staff needs the training to understand what is acceptable and unacceptable within the parameters of the corporate data-privacy culture.

The correct data privacy culture will then reduce the risk of data breaches and sanctions that cause reputational damage. The burden of ensuring that GDPR and cyber security is handled cost effectively, consistently, and safely is a management responsibility to get the people involved and preventing the staff from falling back on old habits and bad behavior with the management teams and business process owners with an auditable trail of evidence and actions to ensure Governance, Risk Management, Compliance and IT Security.
PAS-icon5

Our Methodology

  • Complete GDPR lifecycle and implementation methodology
  • Holistic approach: HR, legal, IT, Procurement, Marketing, Management
  • Based on real business scenarios and practical experiences
  • Option to customise the 3-day sessions with a focus on required GDPR and IT Security issues
  • We provide tools, templates and policies for uniform implementation
PAS-icon6

The EUGDPR Institute Executive Professional Certification Training & Examination

The certification is offered in cooperation with our partners for consultants, managers and administrators in the field of GDPR, Data Privacy and Protection.

Individuals wishing to obtain The EUGDPR Institute professional certificate must:
  • Study the course materials provided when registration is accepted.
  • Complete 3.0 days of classroom training certification.

The GDPR executive seminar will give participants the opportunity to get complete guidance, ask questions and group discussions on relevant and key GDPR and IT Security issues. The examination consists of a multiple choice test covering a broad range of relevant GDPR knowledge and topics that are dealt with, in this advanced GDPR executive training course.