| day 1 |
GDPR: In Practice- GDPR in field of information security and data protection
- GDPR vs export regulations, IP and industry standards (ISO, PCI-DSS etc.)
- Territorial scope
- Controlling and processing
- Categories of personal data + Cookie
- Open data, public data
|  |
GDPR: Basis- Data subject
- Controller (natural person, business reason, authorities)
- Processors
- Joint controllers
- Purpose of personal data processing, purpose limitation
- Data minimisation, transparency vs stockpiling data
- Data protection by design
|  |
GDPR: Lawfulness of Processing- Consent, opt-in (silence is not consent)
- Processing is necessary for the performance of a contract
- Legal obligation
- Legitimate interests of a controller or third party (impact assessment, risk evaluation)
- To protect the vital interests of a natural person
- Public interest or in the exercise of official authority
|  |
GDPR: Rights of Data Subjects- Communication, Notification obligation
- Right of access by the data subject
- Right to rectification
- Right to erasure (right to be forgotten)
- Right to restriction of processing
- Right to data portability
- Right to object
|  |
| day 2 |
GDPR: Administration Activities of Data processing- Automated decision-making, including profiling
- Contracts
- Data transfer of personal data to third party, countries or international organisations
- Export regulations
- Expiration
- Privacy Notice, Policy Policy, Binding Corporate Rules
|  |
GDPR: Ascpects of Using of Personal Data- Codes of conduct, certification
- Confidentiality, integrity
- Anonymous information, pseudonymisation
- What, Where, Whom, Why, Till when, Which form?
|  |
GDPR: Complaint and Possible Outcomes- Controller's representative
- Data Protection Officer (when to designate a DPO?)
- Supervisory authority
- Court
- Compensation
- Incident (reporting: when and how?)
- Fines: Max. 20 000 000 EUR, or 4% of the total worldwide annual turnover!
|  |
GDPR: IT Data Protection Requirements- Limiting authorisations, least privilege principle
- Strong passwords, multi factor authentication
- Encryption (file, connection, VPN etc.)
- Configuration, virus and firewall protection
- Patching of assests and softwares
- Logging
- Penetration testing, Audit, controll
|  |
| day 3 |
GDPR: Data Processing In Workplace- Documents of employee and CVs of job seekers
- Copying personal IDs
- Health data, certificate of criminal record
- Personal data related to private life
- Photos
- Biometric data, chips
- Transferring employee data
|  |
GDPR: Controlling Employee- Alcohol and drug test
- Search employee's bag
- Tracking, monitoring employee, spying on employee, candid camera observation
- Related regulations
|  |
GDPR: Marketing- DM
- Opt-in, opt-out (consent and withdraw consent)
- Robinson list (Mail Preference Service - MPS)
- Facebook
- Google
|  |
GDPR: Business Continuity Principle- Encryption of data stored on media (Floppy, CD, DVD, pendrive)
- Backup
- High availability and robostness
- Crisis management
- Inventories
- Training, Education
|  |
BAHACO GDPR AI Cloud Ltd.
Address: 1/3 Tulipán utca, Pápa, 8500, Hungary
E-mail: workshop [at] bahaco.hu
Internet: https://www.bahaco.eu
VAT number: 28809355-2-19
Companies Court Nr.: 19-09-521486 | 
Workshop |
English