GDPR for DPOs

The GDPR entered in effect on 25 May 2018, putting emphasis on the Data Protection Officer (DPO) as a key person to ensure personal data are kept and managed safely.

During that one-day training session, DPO as well as other staff coordinating data protection will gain knowledge as to the key concepts underlying the GDPR as well as to their roles in an organisation.

While this training session does not support a DPO certification, it aims at providing a comprehensive and solid ground for DPO and alike in their day-to-day activities.

By the end of this training, the participants will be able to:

• have a proper understanding of the Luxembourg and EU regulatory framework as to data privacy;
• understand their role and function as a key person in charge of data privacy;
• explain the key concepts of the GDPR and how they apply to their respective organisation, whether locally or a group level;
• define their action and monitoring plans for compliance with the regulation;
• interact with the data protection authorities.

1. Introduction: overview of the regulation

Purpose, territorial scope, material scope, general principles, controller/processor, data privacy by design and by default, register of processing

2. Role and position of a DPO

Mission and role of the DPO, typical tasks of a DPO, management of conflict of interest, criteria leading to the appointment of a DPO

3. Lawfulness of processing

Different lawful bases as per the regulation, attention areas applicable to each base, case study

4. Consent as a lawful base

Valid consent, balancing test vs the data subject rights, case study

5. Management of personal data of special category

Children, criminal convictions, special category of data, case study

6. Data subject rights

Different rights, limitations and conditions to the exercise of rights, role of the DPO, case study

7. Requirements for data controllers and data processors

Information security, DPIA, incident and breach management, training, case study

8. Transfer of personal data in/ou the EEA

Conditions for transfer incl BCR, case study

9. CNPD
Organisation, approach, certification

10. When it goes wrong

Fines, practical examples

11. Q&A and closing

An attendance certificate will be sent to participants.

From daily operations to regulatory compliance, Frederic Vonner has been helping local and global asset managers, fund service providers and banks to successfully run their businesses for nearly 20 years. Areas of focus: UCITS, AIFMD and GDPR regulations, private equity & real estate, organisation setup and review, project management.