Complete data protection system A-Z in 16 steps (GDPR, CIPM)

سرفصل های دوره

A-Z guide & templates by Dr Paweł Mielniczek

1. Preview

1. Preview

2. Get ready to go

1. 5 reasons to take care of your data protection system

2. Motivator 1 liability

3. Motivator 2 reputation

4. Motivator 3 time-effectiveness

5. Motivator 4 cost-effectiveness

6. Motivator 5 respect for data subjects

7. Support from management & stakeholders

8. 10 differences between a privacy-careless firm and your goals

9. Difference 1 purposes for data processing

10. Difference 2 scope of personal data processed

11. Difference 3 verification and updating

12. Difference 4 retention

13. Difference 5 likelihood of a security breach

14. Difference 6 severity of violation

15. Difference 7 data subject rights

16. Difference 8 formal compliance

17. Difference 9 transparency

18. Difference 10 evidence

19. The organization you will service

20. Meaning of organizations context

21.1 GC templates - part 1 & 2, GC - T&S example, GDPR text - password AZcourse16steps.html

21. Where to write down the answers

22. Brief description of organizations activity

23. Applicable laws & standards

24. How to consider local and detailed laws

25. Estimated total number of data subjects

26. Locations where data are processed

27. What your project will look like

28. Steps

29. Phase 1 identify

30. Phase 2 assess

31. Phase 3 implement

32. Phase 4 apply

33. Start acting!

34. The privacy team

35. Governance model

36. How to prepare the project

37. Kick-off meeting

38. After the kick-off meeting

39.1 To send to interlocutors before audit meetings.docx

39. To send to interlocutors (processes)

40. To send to interlocutors (assets)

41.1 Your to-do list (before you start).pdf

41. To send to interlocutors (general obligations)

3. Step 1 Identify data processing purposes

1. Mode of operation

2. Processes and processing

3. Typical processes (controller)

4. Typical processes (processor)

5. Purposes v. processes

6. Whose the purposes are

7. Which questionnaires to use

8. Processing activities (controllers questionnaire)

9. Joint controllers (controllers questionnaire)

10. Processing purposes (controllers questionnaire)

11. Typical purposes (add more details if possible)

12. Controller(s) (processors questionnaire)

13.1 Your to-do list (step 1).pdf

13. Processing activities & purposes (processors questionnaire)

4. Step 2 Identify data processing details

1. Categories of data subjects (controllers questionnaire)

2. Typical categories of data subjects

3. Categories of personal data (controllers questionnaire)

4. Typical categories of ordinary personal data

5. Special categories of personal data

6. Categories of recipients (controllers questionnaire)

7. Typical categories of recipients

8. Transfers outside the European Economic Area

9. Typical cases of transfer outside the EEA

10. Envisaged time limits for data erasure (controllers questionnaire)

11. Typical time limits for data erasure

12. General description of security measures

13. Transfers outside the EEA (processors questionnaire)

14.1 Your to-do list (step 2).pdf

14. Providing guarantees for controller(s)

5. Step 3 Identify assets

1. Mode of operation

2. How to group identified assets

3. Locations & areas

4. Typical assets (locations & areas)

5. Typical safeguards (locations & areas)

6. Equipment

7. Typical assets (equipment)

8. Typical safeguards (equipment)

9. Networks & servers

10. Typical assets (networks & servers)

11. Typical safeguards (networks & servers)

12. Websites

13. Typical assets (websites)

14. Typical safeguards (websites)

15. Software

16. Typical assets (software)

17. Typical safeguards (software)

18. Digital files (unstructured)

19. Typical assets (digital files)

20. Typical safeguards (digital files)

21. Printed documents

22. Typical assets (printed documents)

23. Typical safeguards (printed documents)

24. Staff

25. Typical assets (staff)

26. Typical safeguards (staff)

27.1 Your to-do list (step 3).pdf

27. Other

6. Step 4 Identify process & asset owners

1. Process and asset owners

2. Process owner - typical responsibilities

3.1 Your to-do list (step 4).pdf

3. Asset owner - typical responsibilities

7. Intro assessment phase

1. Mode of operation

2. Record of processing activities (controllers questionnaires)

3. Record of all categories of processing activities (processors questionnaires)

8. Step 5 Assess controllers processes

1. Goal 1, Purpose limitation principle (controllers questionnaire)

2. Goal 1, Lawfulness principle (controllers questionnaire)

3. Goal 1, Legal basis for data sharing (controllers questionnaire)

4. Goal 2, Data minimization principle (controllers questionnaire)

5. Goal 3, Accuracy principle (controllers questionnaire)

6. Goal 4, Storage limitation (controllers questionnaire)

7. Goal 5 protect personal data against security breach

8. Goal 6, Obligation to carry out DPIA (controllers questionnaire)

9. Goal 6, Threats to data subjects (controllers questionnaire)

10. Goal 7 prepare to handle data subject requests

11. Goal 8, Joint controllers (controllers questionnaire)

12. Goal 8, Typical vulnerabilities (processors)

13. Goal 8, Processors provide compliance guarantees (controllers questionnaire)

14. Goal 8, Processors commit to all GDPR obligations (controllers questionnaire)

15. Goal 8, Lawfulness of transfers outside the EEA (controllers questionnaire)

16. Goal 9, Transparency principle (controllers questionnaire)

17. Goal 9, Providing all the required information (controllers questionnaire)

18. Goal 9, Providing information timely (controllers questionnaire)

19.1 Your to-do list (step 5).pdf

19. Goal 10 achieve accountability - ability to demonstrate compliance

9. Step 6 Assess processors processes

1. Goal 1 only process personal data under a contract with the controller

2. Goal 2, Providing guarantees for controller(s) (processors questionnaire)

3. Goal 3 do not engage another processor without controllers consent & same obli

4. Goal 4 ensure confidentiality from all persons authorized to process personal d

5. Goal 5 protect personal data against security breach

6. Goal 6 assist the controller with data subject requests

7. Goal 7 assist the controller with fulfilling other obligations

8.1 Your to-do list (step 6).pdf

8. Goal 8 demonstrate fulfillment of processors obligations to the controller

10. Step 7 Assess information security

1. Criteria for info security assessment

2. Mode of operation (info security assessment)

3. High likelihood cases and integrity & confidentiality assessment

4. Locations and areas - Typical security breaches

5. Locations and areas - Typical vulnerabilities

6. Equipment - Typical security breaches

7. Equipment - Typical vulnerabilities

8. Networks & servers - Typical security breaches

9. Networks & servers - Typical vulnerabilities

10. Websites - Typical security breaches

11. Websites - Typical vulnerabilities

12. Software - Typical security breaches

13. Software - Typical vulnerabilities

14. Digital files - Typical security breaches

15. Digital files - Typical vulnerabilities

16. Printed documents - Typical security breaches

17. Printed documents - Typical vulnerabilities

18. Staff - Typical security breaches

19. Staff - Typical vulnerabilities

20.1 Your to-do list (step 7).pdf

20. Other assets

11. Step 8 Assess general obligations

1. Data protection officer - designation (general obligations questionnaire)

2. Data protection officer - position (general obligations questionnaire)

3. Data protection officer - tasks (general obligations questionnaire)

4. Incident management & reporting

5. Privacy by design and by default

6. Right to access

7. Right to rectification

8. Right to erasure (to be forgotten)

9. Right to restriction of processing

10. Notification obligation if data rectified, erased or processing restricted

11. Right to data portability

12. Right to object

13. Automated decisions & profiling

14. Policies & procedures

15. Employee obligations & awareness

16.1 Your to-do list (step 8).pdf

16. Executive summary & risk assessment

12. Step 9 Model controllers processes

1. Intro implementation phase

2. Adjust data collecting

3. Adjust the scope of data processing

4. Prepare informational clauses

5.1 Your to-do list (step 9).pdf

5. Update contracts

13. Step 10 Model processors processes

1. Adjust the scope of processing

2. Adjust communication with controller & data subjects

3.1 Your to-do list (step 10).pdf

3. Adjust the contracts

14. Step 11 Manage security risks

1. Intro managing security risks

2. General security objectives, standards & context

3. Leadership, roles & responsibilities

4. Asset register, risk analysis & treatment

5. Asset management, media handling, information classification

6. Mobile work, home office, private devices & private use

7. Authorization management & access control

8. Physical & environmental security

9. Event logging, vulnerability & usage monitoring

10. Cryptography

11. Supplier relationships

12. Network security & information transfer

13. Software - safeguards & vulnerability management

14. Recruitment, employment, termination & end-user responsibilities

15. Project management, exceptions & non-typical assets

16. Incident management

17. Business continuity and disaster recovery

18.1 Your to-do list (step 11).pdf

18. Reviews and performance evaluation

15. Step 12 Comply with general duties

1. Data protection officer or equivalent

2. Incident management & reporting

3. Privacy by design

4. Data subject rights

5.1 Your to-do list (step 12).pdf

5. Obligation to consult the supervisory authority

16. Step 13 Prepare general policies

1. Intro application phase

2. Why general policies would be useful

3. What aspects should the policies cover

4. How to prepare general policies

5.1 Your to-do list (step 13).pdf

5. Relation with standard operating procedures (SOPs)

17. Step 14 Prepare SOPs

1. General SOP

2. SOPs for controllers processes

3. SOPs for processors processes

4.1 Your to-do list (step 14).pdf

4. SOPs for assets

18. Step 15 Adopt, publish & train

1. Adopt data protection documentation

2. Publish data protection documentation

3.1 Your to-do list (step 15).pdf

3. Train employees & associates

19. Step 16 Execute, maintain & review

1. Execute internal obligations

2. Maintain compliance and keep your system up to date

3.1 Your to-do list (step 16).pdf

3. Review and improve your data protection system regularly

20. Wrap-up

1. Wrap-up

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy-Training