GDPR

Goals


- Set up an approach adapted to the context of the GDPR

- Identify the needs

- Delimit the scope of application

- Set up an action plan

- Integrate and manage the approach within the framework of current projects

- Communicate and advise non-IT stakeholders

Program

Legal framework

The protection of personal data
– Data and data files
– Data processing
– Data breach
– People affected by the processing
– Stakeholders (Recipient, controller, subcontractor, authorized third parties)

Reminder of prior formalities the implementation of data processing
staff
– Fundamentals of the CNIL: its role, its missions, its powers on French territory
– different regimes prior formalities
– procedures to complete the formalities with the CNIL
– the changes to declarative regimes by regulation
– The registers (data controllers and subcontractors)

The GDPR (or RGPD) and its consequences for private companies and public bodies
The content of the European regulation
The DPO (Delegate for the Protection of Personal Data), the linchpin of compliance with the
RGPD
The functions of the DPO and the certification process
The challenges for the company: risk management, better control of the content and organization
of its IS data, adaptation of measures to the context and nature of the information processed

Governance and protection of personal data

Fundamental principles of the GDPR
– Lawfulness and fairness in processing
– Transparency
– Purpose of processing
– Relevance and adequacy of data to the purpose pursued
– Limited data
retention – Security and confidentiality of data
– Processing of sensitive data
– Rights of individuals

Scope implementation of GDPR: existing situation and IS issues
– Extended business scope: private or public organization and its multiple
partners
– Impacts on internal standards of individuals
– Mapping and inventory of data personal (Data collected, data
processed, transmitted and shared data, internal and external data, …)

Data management and life cycle

Perfectly controlled business processes
– Definition of the people concerned, within the meaning of the GDPR (customers, prospects, users,
employees, suppliers, etc.)
– Identification of the nature of the personal data collected by the company
– Monitoring of data flows: their entry and transfer points
– Identification of the processing operations carried out on this data


IT procedures tracing personal data (Acquisition, conservation,
transformation and operation)
– Definition of internal and external processes in interaction with the people concerned
– Identification of the information systems on which these processes are directly based
– Identification of data flows and processing personal data supported by these systems
– Feedback of the flow and processing of related data external to these systems


Distribution to trainees of a questionnaire on the strengths and weaknesses of their current organization, with regard to the regulatory points of the GDPR. This support will serve as a source of reflection and sharing. It will make it possible to accentuate the exchanges on recurring and priority points of the various representatives of the companies registered in the training.
* Depending on the wishes of the participants, in the context of inter-company training, these results
may be returned anonymously.

Prospective reflections on the strategy to be adopted

How to define the needs at the level of the company or the public organization?
How to ensure compliance with personal data protection rules?
How to set up data governance, in line with the regulations?

Anticipation of organizational changes

Actors responsible for ensuring compliance with regulations
– Roles and respective functions with regard to data (decision-makers, business profiles, staff in support activities: IT, HR, etc.)
– Role of the DPO / IT and Civil Liberties Correspondent

Determination of the impacted IS perimeter
Operational systems:
– Internal IS (Infrastructure, database, internal applications and software packages)
– Shared, pooled IS (Partners, subcontractors, responsibilities and
data properties )

Duration

4 days

Price

£ 2468

Audience

Manager, manager or operational person with a general IS or digital culture Anyone whose ambition or mission is to ensure respect for the protection of personal data, within their private or public organization Profiles involved in sensitive projects, handling personal data or those responsible for IS security

Prerequisites

Knowledge and / or involvement in IS or digital projects

Reference

GES100418-F

 

Sessions

Contact us for more informations about session date