All posts in Training

GDPR Training, Writings, and Resources: Roundup from the Past Year

Daniel Solove
Founder of TeachPrivacy

General Data Protection Regulation - GDPR - Training Resources by Prof. Daniel Solove

The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs.  In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task.

GDPR Whiteboard

GDPR Whiteboard - TeachPrivacy Privacy Awareness Training 02 small

200+ pages of the GDPR summarized into 1 page! Download it for free here. This one page visual summary of  GDPR will help you and your workforce understand many of the key elements associated with this law including Territorial Scope, Lawful Processing, Rights of Data Subjects, Enforcement and more.

GDPR Interactive Whiteboard

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

I created a new highly-interactive version of the GDPR Whiteboard (~5 mins) — a computer-based module that can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in a learning management system (LMS)

The GDPR Interactive Whiteboard adds a new level of engagement to the analog GDPR Whiteboard. and can be used in tandem with the analog version or in lieu of it.

A Guide to GDPR Training

A Guide to GDPR Training will answer many of your questions about implementing workforce privacy awareness training.

The GDPR mandates that all staff “involved in the processing operations” receive privacy awareness training. In general, the Data Protection Officer (DPO)  is tasked with ensuring that all training requirements have been fulfilled. A comprehensive GDPR training program should include:

  • basic privacy awareness training for your general workforce
  • advanced training for personnel who need more detailed knowledge of GDPR
  • role-based training specific to an individual’s job function.

I have several training courses to help organizations meet the GDPR requirements, such as the ones below plus courses on Privacy by Design, vendor management, risk and trust, and other important privacy topics.

GDPR (Short Introductory Course ~ 7 Mins)

GDPR Training

This course provides an overview of the GDPR. It also explains the importance of GDPR compliance and the severe penalties that may be imposed for non-compliance. It is suitable for both lawyers and non-lawyers . This course can also be offered in conjunction with other courses in our series  – Privacy Shield and European Union Privacy Law.

COURSE OUTLINE:

  • Structure
    Scope
    Personal Data
    Sensitive Data
    Data Controllers and Data Processors
    Supervisory Authority
    Enforcement
    Rights and Responsibilities
    International Data Transfer
  • Rights and Responsibilities
    Transparency
    Purpose Specification and Minimization
    Consent
    Right to Erasure
    Right to Data Portability
    Data Protection by Design
    Data Protection Impact Assessments
    Record of Data Processing Activities
    Data Breach Notification
  • International Data Transfer

Global Privacy and Data Protection
(Privacy Awareness Course ~20 Mins or ~30 Mins)

 

 This course (~20 minutes or 30 minutes) is designed to provide basic privacy awareness to the workforce of global organizations.  I updated this program for GDPR.  The course focuses on three main issues:

  • Why is privacy important?
  • What is personal data?
  • How do we protect privacy?

COURSE OUTLINE:

  • The Purpose of this Training
    Personal Data
    People Care About Privacy
    Your Role
  • Why We Protect Personal Data
    Respect
    Preventing Harm
    Trust
    Reputation
    Legal Compliance
    Contractual Compliance
  • What is Personal Data?
    Identifying Personal Data or PII
    Sensitive Data
  • Data Collection
    Lawful Basis
    Data Collection Limitation
  • Data Handling and Processing
    Limited Access
    Confidentiality
    Security Safeguards
  • Use of Personal Data
    Purpose Specification
  • Individual Knowledge and Participation
    Notice
    Access and Correction
    Consent
    Right to Erasure
    Right to Data Portability
  • Transfer and Sharing of Data
    International Transfers of Data
    Sharing Data with Third Parties
  • Accountability
    Privacy by Design
    Ask the Privacy Office

GDPR’s Broad Scope: A Short Vignette

GDPR Humorous Vignette

Please check out our humorous 1-minute video vignette about the GDPR.

CARTOONS

Preparing for GDPR

 

Taking Privacy Seriously

cartoon-gdpr-training-privacy-shield-training-01

Beyond GDPR: The Challenge of Global Privacy Compliance — An Interview with Lothar Determann

Daniel Solove
Founder of TeachPrivacy

For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the lead role in guiding the practices of multinational organizations. These days, it is the new General Data Protection Regulation (GDPR) from the EU that has been the focus of privacy professionals’ days and nights . . . and even dreams.

As formidable as the GDPR is, only aiming to comply with the GDPR will be insufficient for a worldwide privacy compliance strategy. True, the GDPR is one of the strictest privacy laws in the world, but countries around the world have other very strict laws. The bottom line is that international privacy compliance is incredibly hard.privacy, privacy training, GDPR

This is what Lothar Determann focuses on. For nearly 20 years, Determann has combined scholarship and legal practice. In addition to being a partner at Baker & McKenzie, Lothar has taught data privacy law at many schools including Freie Universität Berlin, UC Berkeley School of Law, Hastings College of the Law, Stanford Law School, and University of San Francisco School of Law. He has written more than 100 articles and 5 books, including a treatise about California Privacy Law.

Hot off the press is the new third edition of Lothar Determann’s terrific guide, Determann’s Field Guide to Data Privacy Law: International Corporate Compliance. Determann has produced an incredibly useful synthesis of privacy law from around the globe. Covering so many divergent international privacy laws could take thousands of pages, but Determann’s guide is remarkably concise and practical. With great command of the laws and decades of seasoned experience, Determann finds the common ground and the wisest approaches to compliance. This is definitely an essential reference for anyone who must navigate privacy challenges in the global economy.

Continue Reading

Cybersecurity vs. Humans: The Human Problem Requires a Human Answer

Daniel Solove
Founder of TeachPrivacy

Data Security Human Error - Security Awareness Training

According to a recent Ponemon Institute study, the odds of an organization having a data breach are 1 in 4.  The study also found that the average cost of a data breach is $3.62 million in 2017.  That’s a drop of 10%, but the size of data breaches has increased.

The Human Problem

The vast majority of information security incidents and data breaches occur because of human mistakes.   Information security is only in small part a technology problem; it is largely a human problem.  The biggest risks to security are human errors — people putting data where it doesn’t belong, people not following policies, people losing portable electronic devices with data on them, people falling for phishing and social engineering schemes.

Having a robust technical cybersecurity infrastructure is very important, but it alone isn’t enough.  A recent Harvard Business Review article by Dante Disparte and Chris Furlow reinforces this point quite well.  “Firms can be lulled into a dangerous state of complacency by their defensive technologies, firewalls, and assurances of perfect cyber hygiene. The danger is in thinking that these risks can be perfectly ‘managed’ through some sort of comprehensive defense system. It’s better to assume your defenses will be breached and to train your people in what to do when that happens.”

The Human Answer

In addition to technology, effectively preventing and dealing with data breaches involves humans.  The problem is the humans, but so is the answer.

According to the Ponemon study, there were significant data breach cost reductions for having an incident response team, extensively using encryption, and engaging in workforce training.

Continue Reading

Preparing for GDPR: A Year to Batten Down the Hatches

Daniel Solove
Founder of TeachPrivacy

The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018.  The GDPR strengthens privacy protections in the EU and includes a number of additional rights and responsibilities.

Continue Reading

Privacy Cartoon: Privacy Budget vs. Security Budget

Daniel Solove
Founder of TeachPrivacy

 

Cartoon Privacy vs. Security Budget

My cartoon depicts the discrepancy in the security and privacy budgets at many organizations.  Of course, the cartoon is an exaggeration.  In an IAPP survey of Chief Privacy Officers at Fortune 1000 companies in 2014, privacy budgets were nearly half of what security budgets were.  That’s actually better for privacy than many might expect. Outside the Fortune 1000, I think that privacy budgets are much smaller relative to security.

Fortunately, it does appear that privacy budgets have increased according to the 2016  IAPP-EY Annual Privacy Governance Report which surveyed 600 privacy professionals from around the world.  Though the data captured in 2016 has far more details, comparing the charts published by the IAPP in 2015 vs 2016, you can see a significant increase in total privacy spend.

Continue Reading