Overview
The 5-day Lead Auditor training course aims to provide participants with the knowledge, and develop the skills and expertise necessary to:
-
Audit a Quality Management System (QMS) based on ISO 9001:2015
-
Ensure that the organization is competent in maintaining and continually improving its QMS
-
Perform third party audits by applying widely recognized audit principles, procedures and techniques
-
Proficiently plan and perform internal and external audits in compliance with ISO 19011 and the certification process according to ISO 17021.
-
Manage audit teams and audit programmes, communicate with customers, resolve conflicts, etc.
Based on practical exercises, the participants will master the audit tools and techniques.
ISO 13485: 2016
Lead Auditor
First time you visit our website?
​
Empower Your Team with Industry-Leading Training Programs
Tailored corporate training for leadership, technical skills and professional development
​
-
We serve corporate clients investing in peoples' knowledge, skills, and competencies, to improve business performance, enhance process, product and service quality, and achieve sustained growth and profitability.
-
We understand the meaning of the business terms "Voice of the Customer" and what constitutes "value" from the customer's point of view.
-
We also understand the difference between "value" and "waste" from the business and individual learner point of view.
-
-
We care about the people, the knowledge enhancement of which is entrusted to us by their organisation or themselves.
-
We focus on learning (not just on training, and issuing certificates) and providing post-training advice and support through workshops and consulting services.
Stratos Lazaridis
CEO The Marvel Academy
Corporate Training Solutions
Mob: +44 (0)749 114 7156
Contents
-
Overview
-
Who should attend
-
Learning objectives
-
Organisational benefits
-
Benefits for individuals
-
Course agenda and content
-
Prerequisites
- Training approach
- Examination
- Competence domains being tested
- Certification
-
General course information
​
​
Certified EU General Data Protection Regulation (GDPR) Practitioner
The Ultimate Qualification for Data Protection Officers
Overview
​
As of the 25th of May 2018 organisations based in the UK, or any EU country must comply with the new law, or, potentially, face fines of up to 4% of annual turnover or €20 million - whichever is greater.
​
The four-day Certified EU General Data Protection Regulation (GDPR) Practitioner training course builds on, and includes, the Certified EU GDPR Foundation qualification. It is designed to provide participants the knowledge and operational skills to build, implement and manage a EU GDPR compliance programme and successfully fulfil the role of the Data Protection Officer (DPO).
More extensive in scope and application than the Data Protection Act (DPA), the EU GDPR extends the personal data rights of
individuals, and requires organisations to:
-
Develop clear policies and procedures to protect personal data
-
Adopt appropriate technical and organisational measures and controls.
Under EU data protection regulations, the appointment of a Data Protection Officer (DPO) is mandatory for controllers and processors in the public sector. The obligations for this challenging role will require insight into cyber threats, risks, data breach management, secure design and secure by default principles, privacy compliance and the legal spectrum of the DPA18 & GDPR.
​
Who Should Attend
​
The course is designed for professionals working in IT, Risk, Security, Governance, and Compliance roles across public and private sectors. It is also aimed at:
-
Marketing Professionals and Project Managers.
-
Individuals with basic knowledge of data protection regulation & practices.
The above seek to understand how the requirements of the EU GDPR affect their organisation, and are typically assigned in job roles such as:
-
Privacy Manager
-
Data Protection Officer (DPO)
-
Information Security Manager
-
IT Manager
-
Corporate Governance Manager
-
Risk & Compliance Manager
-
Member of General or Privacy Counsel
-
Finance Manager
-
HR Manager
​
Learning Objectives
​
​​​On course completion delegates should be able to:
-
Develop and implement a framework for Data Protection & GDPR compliance
-
Policies, processes, and procedures
-
Privacy by design / default
-
-
Develop a plan to address the challenges of developinga data privacy programme across the organisation
-
Identify the changing rights of data subjects, consent, data in the cloud, and third parties
-
Determine how DPA18 & GDPR compliance will be enforced and monitored across the organisation.
- Conduct data privacy impact assessments
-
Respond to data privacy incidens
-
Prepare for managing and reacting to data breaches, from a regulatory and commercial perspective
-
Perform e-discovery and data auditing
-
Identify the differences between the Data Protection Act and GDPR
-
Understand the role and responsibilities of the Data Protection Officer (DPO)
​
Organisational Benefits
​
-
Better decision-making and ROI
-
More effective marketing strategy by enduring that data is accurate, properly structured, and current
-
Cost avoidance. By being GDPR-compliant you avoid potential heavy fines from the regulator (ICO in the UK)
-
Reduced brand reputation risk in the marketplace due to data breaches
-
Better data security through improved collection, processing, storage, and management of personal data
-
Reduced operating costs by: retiring data inventory software and legacy applications, that are no longer relevant to your business; consolidating information that is kept in "silos" or stored in inconsistent formats.
-
Better alignment with evolving technology by moving towards improving the business network, endpoint, and application security. This will help to manage the growing demand for data more effectively, and enabling you to offer end users with augmented products, services and processes.
-
Improved customer confidence and relationship management
Benefits for Individuals
​
-
Understand the key provisions of data protection legislation a
-
Understand how to apply GDPR to your organisation
-
Protect and enhance your reputation and credibility
-
Improve your career prospects.
Course Agenda and Content
​
Day 1 Data Protection, GDPR, & data privacy legislation
​
-
Introduction to data protection & privacy
​
-
Data Protection & GDPR:
-
Fundamentals & principles
-
Rights of the data subject
-
Controllers & processors
-
Transfers of personal data to 3rd countries or international organisations
-
Remedies, liabilities & penalties
-
Supervisory authorities, co-operation, specific situations
-
​
-
Summary of changes
Day 2: Information Governance, Risk Management & Security
-
Information Governance, management, assurance & accreditation
-
The importance of governance (having assurance & accreditation program in place if appropriate)
-
Different approaches to governance e.g. ISO 27001, and NIST
-
Importance of information asset management control
-
Assurance and accreditation, and how organisations can use this as part of demonstrating compliance with the DPA18 & GDPR requirements for due diligence
-
-
Risk management frameworks
-
What is risk, and the requirement for risk management in DPA18 & GDPR
-
Risk management methodologies/ frameworks and their objectives
-
Residual risk, risk register, and how organisations continually monitor risk
-
-
Information security, monitoring, & incident management
-
Baseline infosec controls
-
Sources of information where organisations can find advice and guidance on implementing cyber security (10 steps, Cyber Essentials, ICO information, security recommendations, ISO 27032, etc.)
-
The importance of monitoring for data Confidentiality, Integrity, and availability
-
Security incident management process: what is required, how it feeds into the risk process, how it should be used to improve security
-
Incident reporting procedure.
-
Day 3: Implementation
​
-
Transitioning from DPA to GDPR
-
Summary of changes based on legal overview document
-
The online ICO self-assessment toolkit for baselining the current state of GDPR compliance
-
Data streaming and data mapping
-
Auditing for GDPR compliance using tools like e-Discovery
-
Policies & procedures to be reviewed for minimising privacy impact and ensuring compliance
-
​
-
Privacy by Design & Data Protection Impact Assessments (DPIA)
-
Developing and implementing security framework
-
Data Protection Impact Assessment (DPIA)
-
Consequences of failing to conduct DPIA
-
Privacy notice (or fair processingm notice)
-
Bring Your Own Device (BYOD) & data privacy
-
-
Direct marketing & Online profiling
-
Consent with regard to direct marketing
-
The issue of online profiling and tracking cookies and requirements for compliance with DPA18 & GDPR
-
The EU Privacy and Electronic Communications Regulations (PECR)
-
-
Obligations of data controllers & processors
-
How organisations ensure that data subjects can exercise their rights
-
Obligations of data controllers and information they need to provide to data subjects when collecting data from them
-
Obligations of data controllers when they buy data in
-
Notification requirements to data subjects and others they have passed the data to, when data subjects exercise their rights
-
Obligations on the data controller to ensure a data processor is compliant with the DPA & GDPR
-
How changing to liability for a breach still does not absolve the data controller of their accountability
-
Mandatory records
-
Exemption for small organisations
-
Day 4: Implementation
-
Cloud & Big Data
-
Geographic location of the cloud
-
Legal and jurisdictional issues
-
Definition of big data
-
Should we do this vs we can do this – consider repurposing of data issues
-
​
-
Staying compliant
-
Steps and quick wins to achieve compliance
-
Steps to remain compliant
-
​
-
Enforcement & supervisory authority powers
-
Enforcement regime: summary of the 2% /10 million and 4% / 20 million fines
-
Summary of ICO enforcement powers
-
Urgency requirements to stop processing of personal data immediately
-
One stop shop: simplification of administration across the EU
-
Main establishment determines the supervisory authority
-
Legal requirement to co-operate with the supervisory authority
-
​​
Prerequisites
​
-
Proficiency in the English language
-
Willingness to learn, and open mind to new ways of working
-
To sit on the Certified EU General Data Protection Regulation (GDPR) Practitioner training course, you must have passed the Certified EU GDPR Foundation examination, which is included in the 4-day Practitioner training.
​
Training Approach
​
The course covers both theory and practice:
-
Slide-based training sessions, supported by examples
-
Preparation for the Practitioner exam
-
Practice test (mock exam) simulating the certification exam.
​
Examination
​
Upon completion of the training course, you can sit for the exam and become Certified EU GDPR Practitioner.
​
Following are the exam details:
-
Duration 90 min.
-
Format Closed book
-
Nr of questions 60 multiple choice, one correct answer
-
Pass mark 70% (min. 42 correct answers).
​
Certification
​
The Certified EU GDPR Practitioner certificate will be issued to delegates passing the exam.
​
General Course Information
​
For general course information please click here.
​
N.B. Please read our Terms & Conditions (T&Cs) and ask for clarifications, if any, before booking your training event.
​
Book now to reserve an on-site or online instructor-led training event of your choice for your company's delegates.
​
Training Course details
​
-
4 day (09.00 - 17.00 GMT)
-
Online instructor-led via zoom.us
-
£1190 + VAT per delegate
-
Deadline for payment/ registration: 2 calendar days before course start
-
Included: 4 days online instructor-led training, delegate workbook, online exam for Foundation and Practitioner, and certificate.
​
Onsite training
Please refer to our Terms & Conditions:
-
Trainer's expenses for onsite training, paid by the client
-
Fixed onsite training expenses policy