Module 1

- The European Regulation, EU GDPR 2016/679
- General processing principles (articles 5 – 11)
- Data Controllers and Data Processors
- Joint Data Controllers
- Privacy by design & by default
- Data Mapping
- Risk assessment
- Analytical assessment tools
Auditing is a strategic activity to maintaining compliance with current regulations on any data protection management system. The ability to design audits and make them effective helps guarantee that every activity carried out by the data controller, to create a good privacy management system, is implemented correctly and maintained over time. This course creates the basis with which trained auditors and the Lead Auditor can manage, schedule, conduct and implement a first party, second party and a third party audit plan in reference to the requirements of ISDP©10003:2015.
The course is structured so that participants can acquire all the practical tools and skills necessary to verify data protection systems, including the organisation and the assessment of the quality of the data stored in databases, including as part of second party audits of suppliers and sub-contractors.
The course is preparatory and qualified by InVeo for registration in the Register of Auditors/Lead Auditors who have been qualified for the ISDP©10003:2015 scheme and the award of the relative certification.
The course offers technical and practical skills to carry out first party, second party and third party audits in order to assess suitability to the new European regulations. Special attention is given to the skills to assess management, in terms of precision and correctness, of personal data stored in a company's archives in compliance with the principles referred to in article 5 of EU Regulation 2016/679.
Professional results:
At the end of the course participants will be able to:
Understand the aims and the benefits of a certification system compliant with EU Regulation 2016/679
Acquire techniques and methodologies to perform and manage an Audit on the compliance of a data protection system and the relative certification
Plan a check, conduct an audit, prepare a report, carry out a surveillance audit on data protections systems to assess compliance to the ISDP©10003:2015 scheme, in accordance with that indicated in ISO/IEC 17065 and ISO 19011
Courses are given by teachers with specific experience in data protection certification mechanisms.
The examination board is made up of people that have taken part in training/educating candidates: a technical expert, a lawyer and a representative from the interested parties.
5 modules
MODULES 1,2 *
2 days 16 h + progress test
€1.560,00+IVA 22%
MODULE 3**
1 day 8 h + progress test
€ 700,00+IVA 22%
MODULE 4**
1 day 8 h + progress test
€ 700,00+IVA 22%
MODULE 5
1 giorno 8 h with cases studies exercises
costo € 500,00+IVA 22%
Final Examination***
per l’iscrizione al Registro ISDP©10003:2015 Auditor/Lead Auditor
costo € 250,00+IVA 22%
Admission to successive modules is open to those who have attended and passed the preceding modules
*modules 1 and 2 are consecutive
**modules 3, 4, 5 can be substituted by 2 accompanied audits on clients selected by the auditor (the assessment sheet substitutes for the progress test)
***The examination is organised into 3 tests, one written, multiple choice exam, one oral exam and one simulation of a documentary audit; to be admitted to the final examination, a candidate must pass all the preceding progress tests. If the candidate fails to pass the examination, it can be retaken in a subsequent session with a 50% reduction.
The course includes a final examination and, if passed, the candidate will receive a proficiency certificate that enables him/her access to the Auditor certification register.
The examination is organised into three tests, one written, multiple choice exam, one oral exam and one simulation of a documentary audit and focuses solely on the topics dealt with during the course; to be admitted to the final examination, a candidate must pass all the preceding progress tests.
The examination sessions will be established in a timetable that will be prepared at the beginning of each year, taken at a single location in Rome on a quarterly basis. Exclusively for 2017, two extraordinary sessions are planned for November and December.
Participants who fail to pass the examination at the end of the course will receive an attendance certificate and for registration in the register of Auditors or Lead Auditors, they will have to retake the examination not earlier than 90 days from the last test.
The certificate is valid for three years, at the end of which it will have to be renewed.
Renewing is necessary in order to continuously update and maintain skills, but also to comply with the regulations in force, with the provisions issued by the supervisory authority and with the updates to the ISDP©10003:2015 scheme.
During the three years, the auditor/lead auditor will have to send documentation attesting to the required training and professional experience requirements, as in the preceding point regarding updating skills.
The registration and maintenance costs are 200.00 euro per year.
Maintenance/updates must be annual and may be done after an assessment of the documentation submitted by the auditor to InVeo srl on the basis of that provided by the scheme owner:
16 credits (1h=1 credit) from:
10 days of auditing or 3 audits