Starts: April 25, 2023

Duration: part of the day (10:00 to 14:00)

Investment: €500, – excl. VAT

Module B3b is a part that will provide the student with insight into a further elaboration of Governance & Compliance in Administrative Organization and Internal Control (as part of the Internal Control Measures), and is primarily aimed at further detailing the management processes for data protection and guaranteeing privacy .

Important principles of the GDPR are Accountability and Auditability. Non-compliant behavior is sanctioned with fines of material importance. This means that the GDPR does not differ from laws and regulations from non-EU countries. The GDPR assumes a lifecycle data protection management system, of which compliance policy is an important part. It is reasonable to assume that GDPR compliance will become part of governance codes. With this, the controller will report in the annual report on the privacy policy and the results thereof in the social accountability. The accountant charged with the statutory audit will determine the risks of a sanction of material importance and determine that the annual report is correct.

This module will mainly focus on the perspective of the person responsible and will link up with the previous modules of this cluster. The measures of Administrative Organization and Internal Control (AO / IC) are interpreted in which a bridge is built to the thinking of R.W. Starreveld, the founder of AO / IC) to what is currently important in the context of data protection and privacy. The central questions are: where do the laws and regulations intervene, what are the consequences for the controller and what are appropriate measures and procedures to mitigate the risks?

Participants in the module learn to translate the requirements of the GDPR and related laws and regulations and their interpretation in standards (even better the Policy Framework) into the framework of Governance & Compliance, the risk management of their organization and the impact on it, so that GDPR compliance becomes part of the risk management system. Participants are enabled to put the manager in control of the processing of personal data.

In this module, we work towards a governance solution, which has been elaborated in a methodology, perhaps more precisely a code of conduct, with which, through adequate administration and documentation, including evidence of effective operation, every responsible person who adheres to that code of conduct can be accountable. can demonstrate, has thereby become Auditable and on the basis of which it can render account to society, including those involved, supervisors such as the Dutch Data Protection Authority and many others.

Obligations associated with this part

To fulfill the obligations under this section, you must:

• Make a diagnostic test, in preparation for the subject matter to be followed;
• Take a diagnostic test after the self-study, which must be completed with a pass. This is a condition for participation in the workshop;
• To be present during the workshop;
• A final exam with a passing mark.

Study load

The self-study takes about 16 hours, the workshop takes about 4 hours and the final exam takes about 2 hours.

Investment and sign up

After registration you will have direct access to the course in our learning environment. The total costs for the module are €500 (excluding VAT and per person). Participants of the Center for Information Security and Privacy Protection (CIP) and the The Hague Security Delta receive a 15% discount on the entire training offer. Contact our service desk.

Private individuals and government institutions are exempt from VAT.