Personal Data Protection Officer - Basic Level Training Course

Basic Principles of Personal Data Processing

• Sources of national and international law.
• Scope of application of personal data protection laws.
• Scope of powers of the data protection authority.
• Judicial protection of the right to personal data protection.
• GDPR - Basic information and definitions - selected issues.
• Sector-specific GDPR.
• Personal data.
• Processing of personal data.
• Legal bases for processing personal data.
• Administrator's responsibilities.
• Rights of data subjects.
• Administrative fines.
• Personal Data Protection Act of 10 May 2018 – Scope of regulations.
• Appointing a Data Protection Officer.
• Proceedings for infringement of personal data protection laws.
• Monitoring compliance with personal data protection regulations.
• Civil, criminal and administrative liability.
• Conditions for the admissibility of processing personal data (ordinary and sensitive data).
• Legal requirements for entrusting the processing of personal data to other entities.
• Data Protection Impact Assessment.
• Data protection by design, data protection by default.
• Legal bases for transferring personal data to a third country.
• Protection of personal data in employment relations.

Appointment of a Data Protection Officer

• Mandatory appointment of a Data Protection Officer.
• Optional appointment of an Inspector.

Who Can Be a Data Protection Officer?

• Qualifications required to act as an Inspector.
• Form of employment for the Inspector.

Status of the Data Protection Officer

• Direct reporting of the Inspector to top management.
• Arranging support for the Supervisor.
• Participation of the Inspector in all matters related to the protection of personal data.
• Prohibition of giving instructions to the Supervisor on how to carry out their duties.
• Avoiding conflicts of interest in the organisation – tasks of the Supervisor.
• Prohibition of dismissal and punishment of the Inspector.
• The Inspector's duty to maintain the secrecy or confidentiality of performed tasks.

Information Security Management

• Discussion of the security management system within the organisation, based on, inter alia, Polish standards.
• Identification of privacy risks and their legal implications.
• Principles of risk assessment and evaluation of the impact of applying specific solutions on the effectiveness of safety management.
• How to understand and apply a risk-based approach – practical completion of the Risk Analysis template.
• Personal Data Lifecycle Management.

Performing the Tasks of the Data Protection Officer (DPO)

• Legal basis for appointing the DPO.
• Who and when must appoint a DPO, and how they will be appointed.
• DPO status and qualifications.
• DPO's tasks and the rules for planning their performance.
• Conducting reports on compliance of data processing with provisions on personal data protection in traditional and IT systems.
• Documenting activities carried out by the DPO.
• Preparation of inspection reports.
• Rules for supervising the documentation of personal data processing.
• Scope of UODO's powers in relation to DPOs.

Practical Information on the Inspection of the Office for Personal Data Protection

• Requirements of the Office for auditees.
• How to prepare for the inspection.
• Case study.

Hands-on Activities

• Development of an exemplary Information Security Policy.
• Development of management instructions.
• Development of a Register of Processing Activities.
• Preparation of the so-called Small Personal Data Protection Documentation.
• Case study.
• The most common errors in the preparation of documentation.

Additional Materials for Course Participants:

Useful Forms and Templates:

• Consent to the use and dissemination of the image.
• Event-newsletter entry.
• Consent to send you an offer.
• Sending offer emails.
• Sending general emails.
• Example of a personal data protection policy.
• Template for the preparation of the information obligation, in accordance with the GDPR, together with instructions.
• Risk analysis template.
• Register of personal data processing activities – template.
• Register of categories of processing activities – template.
• GDPR Breach Register – Template.
• GDPR Compliance Checklist Template.
• Instructions on how to proceed in the event of a breach of personal data protection regulations.
• Data Protection Breach Report Template.
• Register of security incidents and corrective and preventive actions.
• Register of corrigenda.
• Register of restorations.
• Model corrigendum.
• Restoration pattern.
• Model Objection.
• A model contract excluding further processing of personal data.
• Sample consents for competitions, marketing, publications.
• Obligation to provide information for ferry crossings.
• Obligation to provide information on meeting monitoring.
• Obligation to provide information on recruitment.
• Obligation to provide information to the National Revenue Administration.
• Information obligation of the LES.
• Public Procurement Law (UCoC) information obligation.
• Information obligation: Labour Code.
• Tax information obligation.
• Authorisation to process personal data for employees: a template to be filled in with an example.
• Notification of a breach to data subjects – template.
• Personal Data Processing Agreement for the Controller – template.
• Personal Data Processing Agreement for the Processor.
• And many more.