r google-plus facebook twitter linkedin2 nujij P P M G W Monitor Nieuwsbrief pdclogo man met tas twitter boek

GDPR and How to Conduct a Data Protection Audit

Kalender
datum 18 september 2019
organisatie European Institute of Public Administration (EIPA)

This course will provide you with the insights and techniques to successfully plan and execute an audit as well as assure your organisation’s compliance with the GDPR.

Your browser must support JavaScript in order to make a booking.

Persons:

Date: Choose...

Month / Day / Year

Check Availability

SKU: 19115012 Categories: Data Protection, EU Policies: Rules and Practice

Registration for this course is closed. Do you want to receive updates about the next editions of this course? Please subscribe to our newsletter

About this course

Respect for fundamental rights, such as the right to the protection of one’s personal data, affects everyone. The extent to which measures must be taken to protect personal data against misuse or improper use depends on the information, the amount of data, the purpose of the processing, the processing methods and the eco-system surrounding the processing of the information. The EU General Data Protection Regulation (GDPR) has imposed many new obligations on organisations that process personal data. An audit will assess whether your organisation is meeting these obligations. Additional factors such as technological developments and social and personal vision also play a role. This complex whole affects the method of implementing GDPR in organisations and in particularly in the IT-related environment.

This course will provide you with the insights and techniques to successfully plan and execute an audit as well as assure your organisation’s compliance with the GDPR. You will learn about the key aspects of the GDPR and how to ensure they are being implemented within your organisation. During the course, you will gain an understanding of how to plan an audit, identify the scope of an audit, how to conduct a successful audit within that scope and how to present the report assessing your organisation’s compliance with GDPR.

At the end of the course, you will leave with an understanding of why effective audits are key to maintaining compliance with the GDPR and how such audits can be planned, conducted and reported to the highest decisional roles of the organisation.

Who is this course for:

  • Anyone, in both the public and private sector, who has a responsibility for assuring their organisation’s compliance with the GDPR;
  • Anyone who is involved with the assurance and continuous improvement of the GDPR in their organisation;
  • DPOs, internal and external auditors, the audit committee, risk managers, Chief Information Security Officers;
  • Anyone involved with managing an audit programme.

Course methodology and highlights

We believe practical know-how is the key to effective learning. This course therefore includes:

  • Individual preparation for the course: you are invited to bring along any information about the mission, vision, values and data protection (GDPR) framework and governance within your organisation for case study;
  • Detailed explanations of the key concepts and principles of the GDPR, as well as its actors and their roles;
  • Group and individual assignments;
  • Practical exercises on how to plan, prepare, conduct and report on an audit;
  • Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainer and other participants;
  • Room for note taking on what you learn, so you can apply it to your own situation.

Why EIPA?

  • Relevance: EIPA has direct insight into the workings of the European Union;
  • Never alone: you will be part of a growing network of colleagues and professionals throughout Europe;
  • Quality insurance: all of our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate;
  • Combine fun and facts: this course is held in one of the most charming cities of Europe. Discover plenty opportunities to relax and experience what this region has to offer.

What you will learn in this course

  • The key elements of the GDPR;
  • Understanding risk assessment and risk management, which are key to the GDPR;
  • The importance of an effective audit to assess an organisation’s level of compliance with the GDPR;
  • Audit responsibilities;
  • The techniques to define the scope of the audit;
  • Determining the audit assignment;
  • Developing an audit plan;
  • Audit preparation;
  • Conducting an audit;
  • Possible barriers;
  • Evaluating and reporting the findings of an audit;
  • The audit deliverable;
  • Integrating the audit within your organisation’s management system;
  • Maintaining compliance, dealing with issues and continuous improvement.

By the end of the course, you will:

  • be able to assess your organisation’s compliance with the GDPR;
  • be able to facilitate the development of an effective audit plan;
  • be able to conduct a fair, impartial and unbiased audit;
  • be able to present a report of the organisation’s level of compliance with the GDPR to members at managerial level;
  • have exchanged experiences with colleagues from other organisations and countries;
  • have developed (and continue to develop) your professional international network in the field of data protection.

Cristiana Turchetti (IT)

EU Public Management / Data Protection

Fernando Poças da Silva

Computer and Network Security - External Expert

Practical information

Course venue

European Institute of Public Administration (EIPA)

O.L. Vrouweplein 22

6211 HE, Maastricht

the Netherlands

Programme Organiser

Ms Eveline Hermens

Tel.: + 31 43 3296259

e.hermens@eipa.eu

Fee

The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts

EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?

Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Meals

Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations

EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Payment

Prior payment is a condition for participation.

Cancellation policy

For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).

The programme

 
 

Trainer: Fernando Poças da Silva, Portuguese Data Protection Authority, Lisbon (PT).

 

GDPR auditing

09.00

Introduction to the course

 

Introduction to GDPR basics

A general introduction to the EU General Data Protection Regulation and its key principles

 

Threats to data and risk management

An overview of the threats posed to data and how data can be protected, including the various methodologies used to conduct risk assessments and risk management. Risk management is key to the GDPR

10.30

Coffee break

 

Data protection safeguards

An overview of the key protection measures that should typically be in place to protect data entrusted to your organisation. This will look at the areas of:

  • Policies and procedures;
  • Technical safeguards for electronics and physical data;
  • The safeguards relating to people that should be in place.
 

Assignment: identifying data protection safeguards for a particular usage case

12.30

Lunch

14.00

Key GDPR audit principles

An overview of what a GDPR audit is and how different types of audits are performed.

15.30

Coffee break

16.00

Planning an audit

The key to a successful audit is to have a solid plan. This should involve:

  • Defining the scope/assignment of the audit;
  • Determining who should be present at the audit;
  • Agreeing timelines;
  • Gathering information;
  • Gaining an understanding of the existing structure.

17.30

End of the day

19.00

Dinner in a restaurant in town

 

09.00

Planning an audit

The key to a successful audit is to have a solid plan. This should entail:

  • Audit preparation;
  • Preliminary work - steps;
  • Possible barriers.
 

Assignment: based on a scenario, defining the objectives of a GDPR compliance audit

10.30

Coffee break

 

Conducting an audit

  • Auditing the effectiveness of controls;
  • Opening meeting;
  • Audit questionnaire;
  • Audit interview techniques - which ones to use and when;
  • Evidence gathering.

12.30

Lunch

14.00

Conducting an audit

Auditing the controls for GDPR in the areas of data security and data protection principles:

  • Privacy guidelines;
  • Data subjects’ rights;
  • Third-party agreements;
  • Staff awareness of privacy;
  • Notification of data breaches and
  • Security measures - Access control procedures and logging
 

Assignment: based on a scenario, preparing an interview for a GDPR compliance audit

15.30

Coffee break

16.00

Audit evaluation and report findings

  • Presenting an evaluation of the findings
  • Documenting and presenting findings of Audit
  • How to rate a finding
  • Selling audit findings
  • Items to include in the report to support your findings
  • The audit report structure

17.30

End of the course

 

WEDNESDAY 18 SEPTEMBER 2019

 

Trainer: Fernando Poças da Silva, Portuguese Data Protection Authority, Lisbon (PT).

 

GDPR auditing

   

09.00

Introduction to the course

   
 

Introduction to GDPR basics

A general introduction to the EU General Data Protection Regulation and its key principles

   
 

Threats to data and risk management

An overview of the threats posed to data and how data can be protected, including the various methodologies used to conduct risk assessments and risk management. Risk management is key to the GDPR

   

10.30

Coffee break

   
 

Data protection safeguards

An overview of the key protection measures that should typically be in place to protect data entrusted to your organisation. This will look at the areas of:

  • Policies and procedures;
  • Technical safeguards for electronics and physical data;
  • The safeguards relating to people that should be in place.
   
 

Assignment: identifying data protection safeguards for a particular usage case

   

12.30

Lunch

   

14.00

Key GDPR audit principles

An overview of what a GDPR audit is and how different types of audits are performed.

   

15.30

Coffee break

   

16.00

Planning an audit

The key to a successful audit is to have a solid plan. This should involve:

  • Defining the scope/assignment of the audit;
  • Determining who should be present at the audit;
  • Agreeing timelines;
  • Gathering information;
  • Gaining an understanding of the existing structure.
   

17.30

End of the day

   

19.00

Dinner in a restaurant in town

   
   

THURSDAY 19 SEPTEMBER 2019

   

09.00

Planning an audit

The key to a successful audit is to have a solid plan. This should entail:

  • Audit preparation;
  • Preliminary work - steps;
  • Possible barriers.
   
 

Assignment: based on a scenario, defining the objectives of a GDPR compliance audit

   

10.30

Coffee break

   
 

Conducting an audit

  • Auditing the effectiveness of controls;
  • Opening meeting;
  • Audit questionnaire;
  • Audit interview techniques - which ones to use and when;
  • Evidence gathering.
   

12.30

Lunch

   

14.00

Conducting an audit

Auditing the controls for GDPR in the areas of data security and data protection principles:

  • Privacy guidelines;
  • Data subjects’ rights;
  • Third-party agreements;
  • Staff awareness of privacy;
  • Notification of data breaches and
  • Security measures - Access control procedures and logging
   
 

Assignment: based on a scenario, preparing an interview for a GDPR compliance audit

   

15.30

Coffee break

   

16.00

Audit evaluation and report findings

  • Presenting an evaluation of the findings
  • Documenting and presenting findings of Audit
  • How to rate a finding
  • Selling audit findings
  • Items to include in the report to support your findings
  • The audit report structure
   

17.30

End of the course

Course venue

European Institute of Public Administration (EIPA)

O.L. Vrouweplein 22

6211 HE, Maastricht

the Netherlands

Programme Organiser

Ms Eveline Hermens

Tel.: + 31 43 3296259

e.hermens@eipa.eu

Fee

The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts

EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?

Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Meals

Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations

EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Confirmation

Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Payment

Prior payment is a condition for participation.

Cancellation policy

For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).


1.

European Institute of Public Administration (EIPA)

Het Europees instituut voor bestuurskunde (beter bekend als The European Institute of Public Administration - ofwel EIPA) streeft ernaar om de kennis van ambtenaren die zich met de EU bezighouden te vergroten door het ontwikkelen en organiseren van trainingen. Het instituut wil wetenschappelijke kennis en praktische 'know–how' met elkaar verbinden. EIPA bestaat al meer dan 35 jaar.

Het hoofdkantoor van EIPA is gevestigd in Maastricht en heeft dependances in Luxemburg en Barcelona. Gemiddeld nemen 14.000 nationale en Europese ambtenaren per jaar deel aan de trainingen. Daarnaast biedt EIPA ook consultancy, onderzoek en op maat gemaakte programma’s/trainingen aan. Bij EIPA werken circa 120 hoogopgeleide medewerkers.

2.

Meer over...

Terug naar boven