r google-plus facebook twitter linkedin2 nujij P P M G W Monitor Nieuwsbrief pdclogo man met tas twitter boek

GDPR and How to Conduct a Data Protection Impact Assessment, Maastricht

Sint-Servaasbasiliek in Maastricht
wikipedia/Michielverbeek
datum 28 oktober 2019
plaats Maastricht
organisatie European Institute of Public Administration (EIPA)

The Data Protection Impact Assessment (DPIA) is one of the most important activities for an organisation to demonstrate its compliance with the GDPR. This course will provide you with the insights and techniques to successfully plan, execute and validate a DPIA report.

Your browser must support JavaScript in order to make a booking.

Persons:

Date: Choose...

Month / Day / Year

Check Availability

SKU: 1911506 Categories: Data Protection, EU Policies: Rules and Practice Tag: Data Protection Compliance

Registration for this course is closed. Do you want to receive updates about the next editions of this course? Please subscribe to our newsletter.

About this course

Compliance with the General Data Protection Regulation (GDPR) requires a deep understanding of the legislation by the organisations that handle personal data. The Data Protection Impact Assessment (DPIA) is one of the most important activities for an organisation to demonstrate its compliance with the GDPR. Carrying out a DPIA is one of the requirements under the GDPR for certain types of data processing. As part of a DPIA, an organisation must describe its processing activities related to personal data as well as assessing and mitigating risks. A DPIA can be a complex and time-consuming activity that requires expertise in several domains, in particular in terms of technological and information security. Evaluating the potential impact that a project, proposed system or scheme might have on the privacy of a data subject is a key factor in demonstrating compliance.

This course will provide you with the insights and techniques to successfully plan, execute and validate a DPIA report. You will learn about the key aspects of performing a DPIA and ensure that this compliance requirement is implemented in the project cycle within your organisation. During the course, you will gain an understanding of when a DPIA is needed, how to assess the risks and mitigate them, how to validate the DPIA report and when you need to arrange a prior consultation with the Supervisory Authority according to Article 36 of the GDPR.

At the end of the course, you will have an understanding as to why effective DPIAs are key to maintaining compliance with the GDPR. You will help people in your organisation better understand that processing personal data is a responsibility that they must take seriously, as they are protecting a fundamental right of the data subjects that entrust you with their information.

Course methodology and highlights

We believe practical know-how is the key to effective learning. This course therefore includes:

  • Detailed explanations of the key concepts and principles of the GDPR, as well as of its actors and their roles
  • Group assignments;
  • Practical exercises to perform a DPIA;
  • Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainer and other participants;
  • Several methodologies will be used, in particular the ones to perform a DPIA as used by the CNIL (FR), plus methodologies by other supervisory authorities.

Why EIPA?

  • Relevance: EIPA has direct insight into the workings of the European Union
  • Never alone: you will be part of a growing network of colleagues and professionals throughout Europe
  • Quality insurance: all of our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate.
  • Combine fun and facts: this course is held in one of the most charming cities in Europe. Discover plenty of opportunities to relax and explore what the area has to offer.

What you will learn in this course

  • The key elements of a DPIA;
  • To decide on the need to conduct a DPIA;
  • The importance of a DPIA;
  • The methods to perform a DPIA;
  • Understanding risk assessment and risk management, which are key to the GDPR;
  • Performing a DPIA;
  • The dos and don’ts of a DPIA;
  • Validating a DPIA report;
  • When to perform a prior consultation as per Article 36 of the GDPR.

By the end of the course, you will be able to:

  • be able to decide on the need to perform a DPIA;
  • be able to conduct a DPIA;
  • be able to assess privacy risks;
  • be able to suggest mitigation measures for privacy risks;
  • be able to draft a DPIA report;
  • be able to understand and validate a DPIA report;
  • be able to decide on whether to carry out a prior consultation.

Rita Beuter (DE)

Public Procurement / PPP

Fernando Poças da Silva

Computer and Network Security - External Expert

Practical information

Course venue

European Institute of Public Administration (EIPA)

O.L. Vrouweplein 22

6211 HE, Maastricht

the Netherlands

Programme Organiser

Ms Winny Curfs

Tel: + 31 43 3296320

w.curfs@eipa.eu

Fee

The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts

EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?

Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Meals

Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations

EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Payment

Prior payment is a condition for participation.

Cancellation policy

For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).

The programme

Trainer: Fernando Poças da Silva, Portuguese Data Protection Authority, Lisbon (PT)

 

09.00

Introduction to the course

 

General overview of a DPIA

  • Key concepts
  • Methodology
  • Benefits

10.30

Coffee break

10.45

Threats to personal data and risk management

  • Definition of privacy risks
  • Conducting risk assessments
  • Rating risk level - likelihood and severity
  • Countermeasures
  • Examples

12.30

Lunch

14.00

Assignment: practical case

  • Identifying data protection risks in several cases
  • Proposing mitigation measures

15.30

Coffee break

16.00

Conducting a DPIA

  • Actors in a DPIA process
  • Understanding of the project, terms of reference, resources and time frame
  • When to perform a DPIA
  • The role of the DPO
  • Examples

17.30

End of the day

19.00

Dinner in a restaurant in town

 

09.00

DPIA process

  • Description of the collection of personally identifying information (PII) and data flow
  • Compliance with data protection requirements
  • Assessment of the privacy risks and recommendations/mitigation
  • Validation
  • Examples

10.30

Coffee break

10.45

Assignment: practical case

  • Performing a DPIA on several cases

12.30

Lunch

14.00

DPIA follow-up

  • Creating a register of DPIAs
  • Reporting validation
  • Mitigating measures
  • Decision regarding a prior consultation
  • Follow-up on the decision regarding a prior consultation

15.30

Coffee break

16.00

Assignment: practical case

  • Performing an evaluation report on the DPIA of the several cases, and deciding on prior consultation

16.45

Golden rule of a DPIA

  • Wrapping up the DPIA process
  • Updating the DPIA, if there are any changes
  • Conclusions of the DPIA process

17.30

End of the course

 

MONDAY 28 OCTOBER 2019

 

Trainer: Trainer: Dr Theo Jans, Associate Professor, EIPA Maastricht

   

09.00

Introduction to the course

   
 

General overview of a DPIA

  • Key concepts
  • Methodology
  • Benefits
   

10.30

Coffee break

   

10.45

Threats to personal data and risk management

  • Definition of privacy risks
  • Conducting risk assessments
  • Rating risk level - likelihood and severity
  • Countermeasures
  • Examples
   

12.30

Lunch

   

14.00

Assignment: practical case

  • Identifying data protection risks in several cases
  • Proposing mitigation measures
   

15.30

Coffee break

   

16.00

Conducting a DPIA

  • Actors in a DPIA process
  • Understanding of the project, terms of reference, resources and time frame
  • When to perform a DPIA
  • The role of the DPO
  • Examples
   

17.30

End of the day

   

19.00

Dinner in a restaurant in town

   
   

TUESDAY 29 OCTOBER 2019

   

09.00

DPIA process

  • Description of the collection of personally identifying information (PII) and data flow
  • Compliance with data protection requirements
  • Assessment of the privacy risks and recommendations/mitigation
  • Validation
  • Examples
   

10.30

Coffee break

   

10.45

Assignment: practical case

  • Performing a DPIA on several cases
   

12.30

Lunch

   

14.00

DPIA follow-up

  • Creating a register of DPIAs
  • Reporting validation
  • Mitigating measures
  • Decision regarding a prior consultation
  • Follow-up on the decision regarding a prior consultation
   

15.30

Coffee break

   

16.00

Assignment: practical case

  • Performing an evaluation report on the DPIA of the several cases, and deciding on prior consultation
   

16.45

Golden rule of a DPIA

  • Wrapping up the DPIA process
  • Updating the DPIA, if there are any changes
  • Conclusions of the DPIA process
   

17.30

End of the course

-

Cristiana Turchetti (IT)

-

Dr Theo Jans (BE)

Course venue

European Institute of Public Administration (EIPA)

O.L. Vrouweplein 22

6211 HE, Maastricht

the Netherlands

Programme Organiser

Ms Winny Curfs

Tel: + 31 43 3296320

w.curfs@eipa.eu

Fee

The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

Discounts

EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?

Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Meals

Lunches, the reception or dinner will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations

EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Confirmation

Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Payment

Prior payment is a condition for participation.

Cancellation policy

For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.).


Inhoud

1.

European Institute of Public Administration (EIPA)

Het Europees instituut voor bestuurskunde (beter bekend als The European Institute of Public Administration - ofwel EIPA) streeft ernaar om de kennis van ambtenaren die zich met de EU bezighouden te vergroten door het ontwikkelen en organiseren van trainingen. Het instituut wil wetenschappelijke kennis en praktische 'know–how' met elkaar verbinden. EIPA bestaat al meer dan 35 jaar.

Het hoofdkantoor van EIPA is gevestigd in Maastricht en heeft dependances in Luxemburg en Barcelona. Gemiddeld nemen 14.000 nationale en Europese ambtenaren per jaar deel aan de trainingen. Daarnaast biedt EIPA ook consultancy, onderzoek en op maat gemaakte programma’s/trainingen aan. Bij EIPA werken circa 120 hoogopgeleide medewerkers.

2.

Meer over...

Terug naar boven