Privacy Impact Assessments (PIA)
The EU General Data Protection Regulation (GDPR) is new legislation that provides a single, harmonised data privacy law for the European Union. The GDPR will replace the current Directive and will be directly applicable from 25 May 2018 in all Member States. The GDPR will affect every organisation that processes EU residents' personally identifiable information (PII).
The EU General Data Protection Regulation (GDPR) also imposes obligations on companies to not only document and safeguard information on identifiable living persons but companies must also be able to evidence compliance.
With the increasing risk of data breaches and cyber-attacks, the GDPR aims to prevent the loss of personal data by improving data security for all individuals living in EU member states.
All organisations must comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million, from the 25th. May 2018.
Privacy By Design;
The GDPR places onerous accountability obligations on data controllers to demonstrate compliance. This includes requiring them to:
- Maintain certain documentation
- Conduct a data protection impact assessment (PIA) for more risky processing (DPAs should compile lists of what is caught)
- Implement data protection by design and by default, eg data minimisation.
The GDPR states that companies embarking on new projects or changing how they collect, store, process and retain personal information consider and document implications for the privacy of individuals information from the outset. This is done using Privacy Impact Assessments and is part of implementing privacy by design.
What will this course provide:
This Advanced Data Protection course will teach you how to plan, develop and implement a Privacy Risk Impact Assessment under the new GDPR. You will also learn how to identify and mitigate risks in a proactive way and incorporate privacy by design into your daily operations in the workplace.
Under the new EU General Data Protection Regulation (GDPR), organisations will be required to conduct Data Protection Impact Assessments, particularly in situations where policies, procedures, programmes and project initiatives will involve the collection, use, keeping and disclosure of personal and special categories of data.
- Overview of Data Protection Impact Assessments (PIAs)
- Legal Basis for PIAs
- Guidance from the regulator
- How does this relate to GDPR?
- Comparison with other risk reviews
- Who should conduct a PIA?
- When should a PIA be done?
- How should a PIA be done?
- Overview of PIA Process
- Risk Assessment
- Risk Register
- PIA Process steps
- Initial Assessment
- UK and Irish example
- Information Flows & Planning
- Consult and Gather Information
- Compliance review
- Implement and Review
Who should attend our Privacy Impact Assessments (PIA) Course?
This course is suitable for individuals, company secretaries, directors, compliance officers, HR staff, legal advisors, IT Administrators or Managers and anyone with a responsibility for managing data or advising on data protection issues.
This is a comprehensive one-day course which will show you how to comply with the new EU GDPR Regulations and what will change from the existing legislation.
The course will explain the new rules regarding the legal basis for processing, consent, privacy notices, control of personal data, mandatory breach reporting, complaints and penalties as well as practical guidance on what organisations can do to remain compliant.
Attendees with no existing data protection knowledge may find it helpful to attend our 3-Day Data Protection Practitioner Training course before attending this course.
What you will learn;
- An overview of the Irish data protection legislation and EU regulation.
- Provisions of the new EU regulation relating to privacy risk
- Privacy Risk Impact Assessment (PRIA) roles and responsibilities
- Whether the information being collected complies with privacy-related legal and regulatory compliance requirements.
- The risks and effects of collecting, maintaining and disseminating PII.
- Determining an organisation's privacy risk attitude, appetite, and proximity.
- Infringements and the cost of non-compliance
- An overview of privacy by design and privacy by default.
- How to develop a privacy impact assessment procedure.
- How to integrate a privacy risk impact assessment into a Project and plan its implementation
- Monitoring and track outcomes and implementing appropriate privacy risk responses.
- Best practices, protections and processes for handling information to alleviate any potential privacy risks.
The Benefits of the Privacy Impact Assessments Course:
The content in this course will provide you with accessible and practical information and will provide examples of situations which could have been prevented by a Privacy Risk Impact Assessment (PRIA).
By attending this course you will learn how to develop and implement a PRIA, how to identify and mitigate privacy-related risks early on in a new project. This will make sure your organisation continues to be compliant with the new EU GDPR Regulations.
The course will help you significantly lower the risk to your organisation's data by implementing a privacy by design mentality and by using PRIAs on a regular basis you will help build a process to your organization's day to day operations.
If for any reason you need to cancel your place on the course, please ensure you are aware of our cancellation policy.
FTC Takes Action against Companies Falsely Claiming Compliance with the EU-U.S. Privacy Shield, Other International Privacy Agreements
European Data Protection Board – Eleventh Plenary session: Guidelines on Codes of Conduct, annex to the Guidelines on Accreditation, annex to the Guidelines on Certification