The General Data Protection Regulation (GDPR), which has been applicable since 25th May 2018, provides for the compulsory designation of a Data Protection Officer (DPO) for public authorities and organizations, bodies that carry out regular and systematic large-scale observation of persons, and bodies whose main activities include the large-scale processing of sensitive data.
The Data Protection Officer (DPO) is thus one of the key elements of adaptation to the GDPR and a guarantor of compliance with data protection regulations in organizations.
The DPO should have technical and legal expertise, and obviously knowledge of data protection, and will act independently.
The Spanish Data Protection Agency (AEPD), in collaboration with the National Accreditation Body (ENAC), has presented a Certification Scheme for the professional practice of Data Protection Officers. The AEPD thus becomes the first European Supervisory Authority to develop a certification scheme for the activity of Data Protection Officers (DPD).
The aim is to provide security and reliability to both privacy professionals and to companies and bodies that are going to establish the position of DPO in their organizations by offering a mechanism to certify that DPOs have the professional qualifications and knowledge required.
The Advanced Data Protection Officer Program, as well as the certification, is not only aimed at postgraduates with legal training. The type of training will depend exclusively on the participant's degree of experience:
- For participants with no professional experience in projects and/or activities and tasks related to DPO functions in the field of data protection: 180-hour preparation course.
- For participants with at least 2 years’ professional experience in projects and/or activities and tasks related to DPO functions in the field of data protection: 100-hour preparation course.
- For participants with at least 3 years’ professional experience in projects and/or activities and tasks related to DPO functions in the field of data protection: 60-hour preparation course.
1. General Data Protection Regulations
- Regulatory context.
- The European Data Protection Regulation and updating of the Data Protection Act. Fundamentals.
- The European Data Protection Regulation and updating of the Data Protection Act. Principles.
- The European Data Protection Regulation and updating of the Data Protection Act. Legitimation.
- Rights of individuals.
- The European Data Protection Regulation and updating of the Data Protection Act. Compliance measures.
- The European Data Protection Regulation and updating of the Data Protection Act. Proactive responsibility.
- The European Data Protection Regulation. Data Protection Officers (DPOs).
- The European Data Protection Regulation and updating of the Data Protection Act. International data transfers.
- The European Data Protection Regulation and updating of the Data Protection Act. Control Authorities.
- Interpretation guidelines for the General Data Protection Regulations.
- Sectoral regulations affected by data protection.
- Spanish legislation with implications for data protection.
- European legislation with implications for data protection.
2. Active Responsibility
- Personal data processing risk analysis and management.
- Risk analysis and management methodologies.
- Data Protection and Security Compliance Program in an organization. Information security.
- Data Protection Impact Assessment "DPIA".
3. Techniques to Ensure Compliance with Data Protection Regulations
- Data protection audit.
- Audit of Information Systems.
- Management of processing security.
- Other knowledge.
The DPO should have legal and technical expertise and data protection experience.
Therefore, the necessary knowledge, skills or abilities that the person to be certified must know or possess in order to carry out each of the functions of the post of Data Protection Officer have been identified.
These generic DPO functions can take the form of advisory and monitoring tasks, among others, in the following areas:
- Compliance with principles relating to processing, such as purpose limitation, minimization or accuracy of data.
- Identification of the legal bases for processing operations.
- Assessment of compatibility of purposes other than those for which the data were initially collected.
- Determination of the existence of sectoral regulations that may determine specific treatment conditions other than those established by the general data protection regulations.
- Design and implementation of information measures for those affected by the processing of personal data.
- Establishment of mechanisms for receiving and managing applications for the exercise of rights by data subjects.
- Assessment of applications for the exercise of rights by interested parties.
- Recruitment of data controllers, including the content of contracts or legal documents governing the controller-processor relationship.
- Identification of international data transfer instruments appropriate to the needs and characteristics of the organization and the reasons for the transfer.
- Design and implementation of data protection policies.
- Data protection audit.
- Establishment and management of processing activity records.
- Risk analysis of the processing carried out.
- Implementation of data protection measures from the design and data protection by default appropriate to the risks and nature of the processing.
- Implementation of security measures appropriate to the risks and nature of the processing.
- Establishment of procedures for managing data security breaches, including risk assessment for the rights and liberties of data subjects and procedures for notifying supervisory authorities and data subjects.
- Determination of the need for data protection impact assessments to be carried out.
- Conducting data protection impact assessments.
- Relations with supervisory authorities.
- Implementation of training and staff awareness programs on data protection.
- Application for admission
- Send documentation
- Enrolment procedure
Application for admission:
Complete an application form.
- Copy of National Identity Card/Foreigners Identity Card/Tax Identification Number (DNI/NIE/NIF) or Passport
- Curriculum Vitae
- One photograph
Send proof of reservation.
Price: 1.600 €
About the School
The Institute For Advanced Management (CEU IAM) Business School is the business school of CEU, the largest educational group in Spain. Meet us and our educational offer based on academic excellence, i ... Read More