We recognize the following categories of courses:
In consultation with the Duthler Academy training coordinator, the student determines a learning path for taking the 30 courses from the categories mentioned above. After this, the student, or rather the aspiring DPO (ADPO), starts the DPO training program. Every time a course is completed, the ADPO takes an exam and the teacher assesses the answers or papers.
An overview of the training:
The GDPR came into effect in 2016. The GDPR became applicable in 2018. Case law, fine decisions from supervisors and guidelines from the EDPB now provide further details on the GDPR. The development of European and national related legislation and regulations does not stand still. We note that the formal legal framework for protecting personal data is continuing to develop.
An overview of the category of Formal Legal courses.
- Overview of current privacy laws and regulations
- Case law, decisions and guidelines
- Monitoring and enforcement of the GDPR
- The GDPR in an international perspective: Europe and transfers to third countries
- The GDPR in an international perspective: tools for transfers to third countries
- Privacy and related national legislation
- Privacy and related international law
Governance & Compliance
Organizing the effective protection of personal data requires the continuous attention of company management, management and employees. The legal role of the DPO fits the company management into the organization of the existing governance. The nature and scope of the business activities and how they are effectively organized with business processes that include internal control measures have an impact on the tasks of the DPO. The GDPR assumes that a risk analysis is carried out on business activities and the associated data processing. We also call this a DPIA. The results of the DPIA determine the structure of an organization’s governance and compliance.
An overview of the category of Governance & Compliance courses:
- The DPO: position, duties, powers and responsibilities
- Peer consultation
- Governance and compliance: legislation in a broader perspective
- Governance and compliance: further elaborated
- A data breach and being prepared for it
- How can and should I act after a data breach?
Organizing business activities
This section focuses on the impact of the GDPR on the organization of business activities. Business activities are carried out with business processes. Business processes are supported by IT systems and controlled by management and employees. The internal controls, or “non-functional requirements” are included “by design” in the IT systems and employees are aware and trained to ensure that personal data is effectively protected. There is “compliance by default” with legal and contractual obligations, in particular the protection of personal data. These legislator requirements for controllers require new organizational concepts, IT architectures and IT systems. With the arrival of cloud service providers that systematically and rigidly apply the “zero trust” architecture, a good step in the right direction is to ensure that the processing of company and personal data is compliant with legal obligations.
An overview of the category of courses Organizing business activities:
- Overview and insight into responsibilities & liabilities
- Transparency and rights of data subjects
- Information security, the basis for privacy protection
- Information security, detailed
- Lifecycle data protection management
- Architectures and principles
- Models and Attribute Based Credentials
- Setting up an appointment complex
- Privacy by design and privacy by default
- Retention periods
- Data portability
Assessments & Audits
The legal context of data protection affects the social accountability framework of financial and tax reporting. How can company management justify the effective operation of management and security measures when processing personal data? Generally accepted accounting is needed. A practical set of instruments is needed for carrying out assessments (Data Privacy Impact Assessment, DPIA). The effective protection of personal data will be included in the social accountability of the company management and the confirmation of this by a certified auditor.
An overview of the category of courses of Assessments and Audits.
- Privacy accounting
- DPIA, theoretical framework
- DPIA, practical application
- From assessments to auditing