GDPR Training & Awareness

GDPR lessons library

• What is EU GDPR and where does it apply? (1:35)
  EU GDPR: Protecting data rights and setting global standards for personal data processing.
  EU GDPR Article 2
• Which frameworks are related to GDPR? (1:33)
  Leveraging ISO standards (27701, 27001, 29100) and OECD guidelines to reinforce GDPR best practices.
  EU GDPR Article 5
• Key terms in GDPR (6:34)
  Essential GDPR vocabulary covering personal data, processing, roles, and data protection techniques.
  EU GDPR Article 4
• Key roles according to GDPR (2:07)
  Key GDPR roles: Controllers, processors, DPOs, and supervisory authorities shape compliance responsibilities.
  EU GDPR Article 4, 24, 26, 28, and 37
• Business activities that are impacted the most by GDPR (1:53)
  Discover how GDPR affects diverse business functions, from Marketing and IT to HR and beyond.
  EU GDPR Article 2
• Six legitimate purposes of processing personal data according to GDPR (3:58)
  Six legitimate processing purposes under GDPR: from contracts to consent
  EU GDPR Article 6
• What are the main GDPR principles? (2:58)
  GDPR principles: lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, security, and storage limits.
  EU GDPR Article 5
• Real-world example for understanding main GDPR principles (4:10)
  How GDPR’s principles—transparency, minimisation, consent, and timely deletion—apply in practice.
  EU GDPR Article 5, 6, 7, and 25
• The basics of Privacy Notices according to GDPR (2:31)
  Clear disclosures on data processing to ensure transparency under GDPR.
  EU GDPR Article 12, 13, and 14
• Contents of a Privacy Notice according to GDPR (2:04)
  Clear, plain disclosures on data collection, processing, rights, contacts, and safeguards
  EU GDPR Article 13 and 14
• What is GDPR Inventory of Processing Activities (4:58)
  How to build and maintain an Inventory of Processing Activities to meet GDPR requirements.
  EU GDPR Article 30
• What is GDPR personal data retention (2:05)
  What does data retention mean, and how to ensure compliance with GDPR requirements.
  EU GDPR Article 5
• Responsibilities for fulfilling GDPR requirements for inventory and retention (3:01)
  How to define clear roles and processes for maintaining GDPR inventories and retention schedules.
  EU GDPR Article 5, 24, and 30
• The content of GDPR Inventory of Processing Activities for controllers (1:19)
  Inventory for controllers: DPO, processing purposes, data categories, recipients, transfers, retention limits, and safeguards.
  EU GDPR Article 30
• The content of GDPR Inventory of Processing Activities for processors (1:17)
  Essential details on sub-processors, controllers, processing categories, and data transfers.
  EU GDPR Article 30
• GDPR Consent – The basics (2:42)
  What is GDPR consent is, and what its key requirements are?
  EU GDPR Article 6 and 7
• How and when to ask for GDPR consent (1:49)
  Learn how and when to request consent under GDPR, ensuring transparency and user choice.
  EU GDPR Article 7 and 8
• Data subject rights according to GDPR (3:24)
  Learn how data subject rights empower individuals to control their personal data under GDPR.
  EU GDPR Article 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, and 23
• Basic GDPR rules for data subject access rights (2:01)
  DSAR basics, from valid request formats to response timelines.
  EU GDPR Article 15
• Handling DSAR requests according to GDPR (1:20)
  DSAR best practices, response timelines, and identity verifications under GDPR.
  EU GDPR Articles 12, 13, 14, and 15
• DSAR exemptions and rejections according to GDPR (2:31)
  How to handle DSAR queries, typical exemptions, and valid grounds for rejections.
  EU GDPR Article 12 and 23
• What is Data Protection Impact Assessment (DPIA) according to GDPR? (2:05)
  How DPIAs help identify and mitigate risks in data processing.
  EU GDPR Article 35
• DPIA Step 1 according to GDPR: Listing and grouping data processing activities (1:04)
  How to identify and group data processes for assessment.
  EU GDPR Article 35
• DPIA Steps 2 and 3 according to GDPR: The threshold questionnaire & determining if DPIA is needed (1:45)
  How high-risk processing is identified accurately with a threshold questionnaire.
  EU GDPR Article 35
• DPIA Steps 4, 5 and 6 according to GDPR: Answer the DPIA questionnaire, identify and list key security risks (2:40)
  What is needed for DPIA steps and how to address key security risks
  EU GDPR Article 35
• Step 7 DPIA according to GDPR: Recording the implementation; maintenance (1:02)
  Regular DPIA reviews keep safeguards updated and documented for compliance.
  EU GDPR Article 35
• What is Data Protection by Design and by Default according to GDPR? (2:00)
  Data Protection by design and by Default concepts for building data protection into processes and systems
  EU GDPR Article 25
• GDPR policies to be implemented to ensure security of personal data (5:26)
  Key policies that support secure data practices and mitigate privacy risks.
  EU GDPR Article 32 and 24
• Best practices to implement GDPR Data Protection by Design and by Default policies (2:16)
  Key steps for defining and maintaining GDPR Data Protection by Design and by Default policies.
  EU GDPR Article 24, 25, and 32
• Introduction to GDPR data transfers (2:06)
  Managing personal data transfers, adequacy measures, and GDPR compliance.
  EU GDPR Article 44, 45, 46, 47, 48, 49, and 50
• How can GDPR data transfers be enabled? (2:55)
  How to choose suitable mechanisms for lawful international data transfers
  EU GDPR Article 45, 46, 47, 48, and 49
• Managing third parties according to GDPR (1:57)
  How to ensure GDPR compliance when engaging third-party processors and service providers
  EU GDPR Article 26, 28 and 29
• GDPR basic rules for data breaches (3:40)
  When personal data is exposed or stolen: rules for compliance and best practices.
  EU GDPR Article 33 and 34
• Data breach response according to GDPR (1:14)
  Swift actions and logging procedures to address data breaches.
  EU GDPR Article 33 and 34
• GDPR data breach notifications (1:29)
  Essential guidelines for data breach notifications under GDPR.
  EU GDPR Article 33 and 34
• What to do after a data breach according to GDPR (1:04)
  How to evaluate data breaches, contain damage, and prevent future risks.
  EU GDPR Article 32, 33, and 34
• Why does a company need a DPO? (2:18)
  Key details about the DPO’s role, appointment, and responsibilities.
  EU GDPR Article 37, 38, and 39
• The responsibilities of the DPO (4:16)
  Detailed obligations, tasks, and best practices for a DPO under GDPR
  EU GDPR Article 39
• Responsibilities towards the DPO (1:09)
  Ensuring DPO independence, resources, and timely involvement.
  EU GDPR Article 38
• Define a GDPR Personal Data Protection Policy (3:57)
  How to define a personal data protection policy for clear GDPR alignment.
  EU GDPR Article 5, 24, and 32
• Setting up privacy governance for GDPR (1:36)
  Arranging departmental champions, boards, and consistent reviews for privacy compliance
  EU GDPR Article 5, 24, and 25
• Key steps in your GDPR project (2:55)
  Key steps to launch or refine GDPR compliance within an organization.
  EU GDPR Article 5, 6, 30, 32, and 35
• Conducting a GDPR Gap Analysis (2:47)
  Identify, assess, and address key GDPR requirements through a gap analysis.
  EU GDPR Article 5 and 24
• GDPR Awareness and Training (4:38)
  How to plan effective GDPR awareness and training across teams and tasks.
  EU GDPR Article 24 and 39
• Methods for sustaining and improving GDPR compliance (1:34)
  How to sustain and improve GDPR compliance in a changing environment.
  EU GDPR Article 24 and 25
• Handling existing contracts with third parties to comply with GDPR (3:00)
  How to align third-party agreements with GDPR requirements.
  EU GDPR Article 26 and 28
• Handling new contracts with third parties according to GDPR (3:30)
  Ensuring robust selection, contractual terms, and ongoing reviews under GDPR.
  EU GDPR Article 26 and 28
• Regular GDPR reviews and improvement actions (2:41)
  Regular checks on DPIAs, DSAR handling, and staff training to keep compliance alive.
  EU GDPR Article 24, 32, and 35