Personal Data Protection Officer - Basic Level Training Course

Fundamental Principles of Personal Data Processing

• Sources of national and international law.
• Scope of application of personal data protection laws.
• Powers of the data protection authority.
• Judicial protection of the right to personal data protection.
• GDPR – essential information, definitions, and selected issues.
• Sector-specific GDPR provisions.
• Definition of personal data.
• Processing of personal data.
• Legal bases for processing personal data.
• Responsibilities of the Data Controller.
• Rights of data subjects.
• Administrative fines.
• The Personal Data Protection Act of 10 May 2018 – regulatory scope.
• Appointing a Data Protection Officer.
• Proceedings for infringements of personal data protection laws.
• Monitoring compliance with personal data protection regulations.
• Civil, criminal, and administrative liability.
• Conditions for the admissibility of processing personal data (ordinary and sensitive data).
• Legal requirements for entrusting personal data processing to other entities.
• Data Protection Impact Assessment (DPIA).
• Data protection by design and by default.
• Legal bases for transferring personal data to a third country.
• Protection of personal data in employment relations.

Appointment of a Data Protection Officer

• Mandatory appointment of a Data Protection Officer.
• Optional appointment of an Inspector.

Eligibility for the Role of Data Protection Officer

• Qualifications required to act as an Inspector.
• Form of employment for the Inspector.

Status of the Data Protection Officer

• Direct reporting of the Inspector to top management.
• Providing support for the Supervisor.
• Participation of the Inspector in all matters related to personal data protection.
• Prohibition on giving instructions to the Supervisor regarding the execution of their duties.
• Avoiding conflicts of interest within the organization – tasks of the Supervisor.
• Prohibition of dismissal and punishment of the Inspector.
• The Inspector's duty to maintain secrecy and confidentiality regarding performed tasks.

Information Security Management

• Discussion of the organizational security management system based on Polish standards, among others.
• Identification of privacy risks and their legal implications.
• Principles of risk assessment and evaluating the impact of specific solutions on the effectiveness of safety management.
• Understanding and applying a risk-based approach – practical completion of the Risk Analysis template.
• Personal Data Lifecycle Management.

Performing the Duties of the Data Protection Officer (DPO)

• Legal basis for the appointment of the DPO.
• Who and when must appoint a DPO, and the appointment process.
• DPO status and qualifications.
• DPO tasks and rules for planning their performance.
• Conducting reports on compliance of data processing with personal data protection provisions in traditional and IT systems.
• Documenting activities carried out by the DPO.
• Preparation of inspection reports.
• Rules for supervising the documentation of personal data processing.
• Scope of UODO's powers in relation to DPOs.

Practical Information on Inspections by the Office for Personal Data Protection

• Requirements imposed on auditees during inspections.
• How to prepare for an inspection.
• Case study analysis.

Practical Activities

• Development of an exemplary Information Security Policy.
• Development of management instructions.
• Creation of a Register of Processing Activities.
• Preparation of "Small Personal Data Protection Documentation."
• Case study analysis.
• Common errors in documentation preparation.

Additional Materials for Course Participants:

Useful Forms and Templates:

• Consent to the use and dissemination of image.
• Event newsletter entry form.
• Consent to receive offers.
• Template for sending offer emails.
• Template for sending general emails.
• Example of a personal data protection policy.
• Template for preparing information obligations in accordance with the GDPR, including instructions.
• Risk analysis template.
• Register of personal data processing activities – template.
• Register of categories of processing activities – template.
• GDPR Breach Register – template.
• GDPR Compliance Checklist template.
• Instructions for handling breaches of personal data protection regulations.
• Data Protection Breach Report template.
• Register of security incidents and corrective and preventive actions.
• Register of corrigenda.
• Register of restorations.
• Model corrigendum.
• Restoration pattern.
• Model Objection.
• Model contract excluding further processing of personal data.
• Sample consents for competitions, marketing, and publications.
• Information obligation for ferry crossings.
• Information obligation for meeting monitoring.
• Information obligation for recruitment.
• Information obligation to the National Revenue Administration.
• Information obligation of the LES.
• Public Procurement Law (UCoC) information obligation.
• Information obligation: Labour Code.
• Tax information obligation.
• Authorization to process personal data for employees: a template with an example.
• Notification of a breach to data subjects – template.
• Personal Data Processing Agreement for the Controller – template.
• Personal Data Processing Agreement for the Processor.
• And many more.