PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

GDPR Training, Writings, and Resources: Roundup from the Past Year

General Data Protection Regulation - GDPR - Training Resources by Prof. Daniel Solove

The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs.  In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task.

GDPR Whiteboard

GDPR Whiteboard - TeachPrivacy Privacy Awareness Training 02 small

200+ pages of the GDPR summarized into 1 page! Download it for free here. This one page visual summary of  GDPR will help you and your workforce understand many of the key elements associated with this law including Territorial Scope, Lawful Processing, Rights of Data Subjects, Enforcement and more.

GDPR Interactive Whiteboard

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

I created a new highly-interactive version of the GDPR Whiteboard (~5 mins) — a computer-based module that can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in a learning management system (LMS)

The GDPR Interactive Whiteboard adds a new level of engagement to the analog GDPR Whiteboard. and can be used in tandem with the analog version or in lieu of it.

A Guide to GDPR Training

Cover Image for A Guide to GDPR Training by Daniel J Solove

A Guide to GDPR Training will answer many of your questions about implementing workforce privacy awareness training.

The GDPR mandates that all staff “involved in the processing operations” receive privacy awareness training. In general, the Data Protection Officer (DPO)  is tasked with ensuring that all training requirements have been fulfilled. A comprehensive GDPR training program should include:

  • basic privacy awareness training for your general workforce
  • advanced training for personnel who need more detailed knowledge of GDPR
  • role-based training specific to an individual’s job function.

I have several training courses to help organizations meet the GDPR requirements, such as the ones below plus courses on Privacy by Design, vendor management, risk and trust, and other important privacy topics.

GDPR (Short Introductory Course ~ 7 Mins)

GDPR Training

This course provides an overview of the GDPR. It also explains the importance of GDPR compliance and the severe penalties that may be imposed for non-compliance. It is suitable for both lawyers and non-lawyers . This course can also be offered in conjunction with other courses in our series  – Privacy Shield and European Union Privacy Law.

COURSE OUTLINE:

  • Structure
    Scope
    Personal Data
    Sensitive Data
    Data Controllers and Data Processors
    Supervisory Authority
    Enforcement
    Rights and Responsibilities
    International Data Transfer
  • Rights and Responsibilities
    Transparency
    Purpose Specification and Minimization
    Consent
    Right to Erasure
    Right to Data Portability
    Data Protection by Design
    Data Protection Impact Assessments
    Record of Data Processing Activities
    Data Breach Notification
  • International Data Transfer

Global Privacy and Data Protection
(Privacy Awareness Course ~20 Mins or ~30 Mins)

 

 This course (~20 minutes or 30 minutes) is designed to provide basic privacy awareness to the workforce of global organizations.  I updated this program for GDPR.  The course focuses on three main issues:

  • Why is privacy important?
  • What is personal data?
  • How do we protect privacy?

COURSE OUTLINE:

  • The Purpose of this Training
    Personal Data
    People Care About Privacy
    Your Role
  • Why We Protect Personal Data
    Respect
    Preventing Harm
    Trust
    Reputation
    Legal Compliance
    Contractual Compliance
  • What is Personal Data?
    Identifying Personal Data or PII
    Sensitive Data
  • Data Collection
    Lawful Basis
    Data Collection Limitation
  • Data Handling and Processing
    Limited Access
    Confidentiality
    Security Safeguards
  • Use of Personal Data
    Purpose Specification
  • Individual Knowledge and Participation
    Notice
    Access and Correction
    Consent
    Right to Erasure
    Right to Data Portability
  • Transfer and Sharing of Data
    International Transfers of Data
    Sharing Data with Third Parties
  • Accountability
    Privacy by Design
    Ask the Privacy Office

GDPR’s Broad Scope: A Short Vignette

GDPR Humorous Vignette

Please check out our humorous 1-minute video vignette about the GDPR.

CARTOONS

Preparing for GDPR

 

Taking Privacy Seriously

cartoon-gdpr-training-privacy-shield-training-01

Blogging Highlights 2015: Privacy Issues

Privacy Training

I’ve been going through my blog posts from 2015 to find the ones I most want to highlight.  Here are some selected posts on privacy issues:

I. PHILOSOPHICAL

Privacy by Design:
4 Key Points

title image

What Is Privacy?

Solove Taxonomy of Privacy

II. PRIVACY LAW

Why All Law Schools Should Teach Privacy Law
— and Why Many Don’t

why law schools should teach privacy

Continue Reading

10 Implications of the New EU General Data Protection Regulation (GDPR)

EU GDPR Training General Data Protection Regulation

EU Flag EU Privacy TrainingLast week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries.  Clocking in at more than 200 pages, this is quite a document to digest.  According to the European Commission press release: “The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.”

The GDPR has been many years in the making, and it will have an enormous impact on the transfer of data between the US and EU, especially in light of the invalidation of the Safe Harbor Arrangement earlier this year.  It will has substantial implications for any global company doing business in the EU.  The GDPR is anticipated to go into effect in 2017.

Here are some of the implications I see emerging from the GDPR as well as some questions for the future:

1. Penalties and Enforcement

Under Article 79, violations of certain provisions will carry a penalty of “up to 2% of total worldwide annual turnover of the preceding financial year.”  Violations of other provisions will carry a penalty of “up to 4% of total worldwide annual turnover of the preceding financial year.”  The 4% penalty applies to “basic principles for processing, including conditionals for consent,” as well as “data subjects’ rights” and “transfers of personal data to a recipient in a third country or an international organisation.”

These are huge penalties.  Such penalties will definitely be a wake-up call for top management at companies to pay more attention to privacy and to provide more resources to the Chief Privacy Officer (CPO).  Now we can finally imagine the CEO at a meeting, with her secretary rushing over to her and whispering in her ear that the CPO is calling.  The CEO will stand up immediately and say: “Excuse me, but I must take this call.  It’s my CPO calling!”

EU Privacy Training Money

To date, EU enforcement of its privacy laws has been spotty and anemic, so much so that many characterize it as barely existent.  Will the new GDPR change enforcement?  With such huge fines, the payoff for enforcement will be enormous.  We could see a new enforcement culture emerge, with more robust and consistent enforcement.  If privacy isn’t much of a priority of upper management at some global companies, it will be soon.

Continue Reading

New Resource Page: Privacy and Security Training Requirements

Privacy and Security Training Requirements 02

by Daniel J. Solove

I have created a new resource page for the TeachPrivacy website: Privacy and Security Training Requirements.

Continue Reading

Why We Should Persuade and Train with Stories

title image

By Daniel J. Solove

 

Once upon a time, there was a teacher who wanted to train people. At first, the teacher stated a list of things to do and not do. But this had little effect. The teacher was upset and started to doubt whether he could ever get through to people. But then the teacher tried a new approach – using stories. People remembered the stories, and the training started to change people’s behavior. And the teacher and everyone he taught lived happily ever after.

Continue Reading