Information Security – Preventing Data Breaches

INTRODUCTION

According to the Breach Level Index, over 9.7 billion data records have been lost or stolen globally since 2013 as a result of data breaches and cyber crime.

While data breaches refer to specific incidents that lead to data loss, identity theft is the moment one’s compromised data is used for malicious purposes. There have been a total of 10 million stolen identities stolen since 2013.

The course aims to increase employee awareness of the reputational, operational and financial risks associated with data protection breaches and helps employees take appropriate action to help counter these risks.

The course uses an international framework for data protection adopted in the 28 countries of Europe known as the GDPR – The General Data Protection Regulation.

Objectives

The objectives of this two-day course are to embed the principles of good information security management and to provide an understanding of the following important areas:

• Relevant law and regulation
• What personal data is
• Issues associated with collecting, handling, transferring and disposing of personal data
• The emphasis in the new regulation on the rights of the individual
• How to identify and report breaches

WHO SHOULD ATTEND

The programme is designed for:

• Managers
• Data Protection Officers
• Data Protection Lawyers
• Compliance Officers
• Information Officers
• Record Managers
• Human Resources Officers
• Data Protection Professionals
• Internal Audit
• Anyone who uses, processes and maintains personal data

 

LEARNING OUTCOMES

In this course participants will develop the following competencies:

• An enhanced understanding of jurisdictional laws, regulations and enforcement models, rules and standards
• Feel confident with the essential privacy concepts and principals and legal requirements for handling and transferring data
• Be familiar with the key areas of CIPP/E required for the exam
• Practical experience to apply concepts and achieve a best practice privacy program
• Be skilled to help your organization have resilience with personal data management and data flow between different countries

 

COURSE CONTENT

Day One:

Module 1: Data Protection laws

Coverage of how data protection laws came into effect and the scope of the data protection laws.

Module 2: Personal data

Exploring the definition of personal data and a data subject.

Module 3: Roles and responsibilities of controllers and processors

Distinguish between the concepts “controllers” and “processers”, and their respective responsibilities.

Module 4: Processing personal data

Exploring the principles related to the processing of personal data.

Module 5: Data subjects’ rights

Clarify the data subjects’ rights in the context of the GDPR legislation, such as the right to access by the data subject.

Module 6: Security of processing

Clarifying the information security requirements that apply to personal data processed, accessed and stored.

 

Day Two: 

Module 7: Accountability

Clarifies who is ultimately accountable for processing and storing personal data

Module 8: International data transfers

Specific considerations will be covered pertaining to the transfer of personal data to third countries or international organisations.

Module 9: Supervisions and enforcement

The GDPR legislation calls for independent supervisory authorities, with investigative powers.

Module 10: Compliance in host country

Discuss the applicability of data protection laws in the country where the training is performed.

Activity: Data Sharing Checklist

 

 

 

 

Share This