icjp

O curso tem a duração de 5 dias úteis, em língua inglesa, com 32h de sessões de aulas e avaliação de manhã e à tarde, com a seguinte estrutura curricular: 
(o alinhamento das sessões é indicativo e está sujeito a alterações)

Monday – Privacy fundamentals and essential GDPR principles and requirements

• a) The legal framework (including Council of Europe Convention) and the existing data protection regimes in police and judicial cooperation area
   
• b) Key data protection concepts, principles and obligation
   
• c) Grounds for processing, including legitimate interest and consent (legal basis for data processing under the GDPR)
   
• d) Processing sensitive personal data
   
• e) The rights of data subjects and how to handle them
   
• f) Actors, roles and responsibilities: The controller and processor

Tuesday – Setting up and implementing a GDPR compliance framework in practice

• a) The role of the DPO and the interaction with the rest of the organisation (including professional standards and accountability)
   
• b) The supervisory authority and cooperation with the DPAs
   
• c) Data transfers: An introduction
   
• d) Current trends and developments in the Case-Law of the EU and ECHR Courts: What lessons should be learned?
   
• e) Case study: Privacy principles, actors and data subject rights in practice
   
• f)  Multiple-choice exam (1h)

Wednesday – Getting technical
 

• a) Data security management under the GDPR

1) Security incidents: recent examples

2) Technical and organisational measures

3) Personal data breach type and risk management

4) Data breach communication: Incidents response plan
 

• b) Case study: Data breach management in practice
   
• c) Data protection by design and default 
   
• d) Data protection impact assessments
   
• e) Case study: Data protection impact assessment and data protection by design in practice
   

Thursday – Data transfers: Options and solutions to ensure compliance

• a) Third country data transfers, including:

1) Standard contractual clauses

2) Binding corporate rules

3) Derogations and exceptions, including data subject consent

4) Transfer personal data safely

5) Adequacy decisions
 

• b) Case study: Cross-border data transfers in practice
   
• c) Graded group assignment (2h)

Friday – Demonstrating compliance

• a) Accountability requirements, evidence collection and audits
   
• b) Setting up policies and procedures: A practical roadmap
   
• c) Final written exam (90m)