GDPR Seminar, GDPR consulting, GDPR, European GDPR, Auditing Seminars, IT Audit Seminars, Integrated Audit Seminars, IT Governance seminars, Pre-Imp Seminars, Agile Seminars, Waterfall Seminars, HIPAA Seminars, Agile Audit Seminars, Waterfall Seminars

GDPR Seminar: GDPR Assessment, Implementation & Auditing Approaches

Detailed Seminar Outline 


I. Introduction to General Data Protection Regulation
Precursor to GDPR
What brought about GDPR?
What is compelling compliance?
Who is impacted?
- Overall basis
- Applying Article 3 Territorial Scope
- US-based companies
- UK Situation
Key Players within GDPR
High level introduction of key regulations
Structure of regulations

II. Performing a GDPR Pre-Implementation Review/Audits
Note: detailed discussion relating to each GDPR article occurs as part of section IV
Typical Pre-imp reviews
Audit alternatives for the GDPR project

III. Performing a GDPR Project Assessment
Note: detailed discussion relating to each GDPR article occurs as part of section IV
What is a project assessment?
Recommended approaches to conducting the GDPR Project Assessment
Establishing a scorecard for the GDPR Project Assessment
Who should be conducting the GDPR Project Assessment?
Basis for Project Assessment validation

IV. Understanding the Regulations, Implementation Assessment and Audit Approaches
This section of the seminar which represents 65% of the seminar goes through each of the GDPR articles and (1) identifies the critical components of each Article, (2) Implementation Guidance for each of these key Articles, (3) Key Assessment questions to ask for each Article and the (4) Audit procedures based on performing a full scale pre-implementation review.

Key GDPR articles covered
Record of Processing Activities (Article 30)
Information Controllers which must be provided to Data Subject at time when personal data is obtained (Article 13)
Information Controllers which must be provided to Data Subject where personal data have not been obtained from Data Subject (Article 14)
Right to Access (Articles 15)
Right to Recertification (Article 16)
Transfers of personal data to third countries
Cross Border Data Transfer/Safe Harbor (Article 44)
Data Portability (Article 20)
Expressed Consent (Article 7)
Condition’s applicable to Child’s consent relation to information society services (Article 8)
Processing of Special categories (Article 9)
Right to Erasure/Right to be forgotten  (Article 17)
Processor (Article 28)
Right to Object to Processing (Article 21)
Lawfulness of Processing (Article 6)
Security of Processing (Article 32)
Data Breach Notification (Articles 33 and 34)
Data Protection by Design and Default (Article 25)
Data Protection Impact Assessment (Article 35)
Processor Requirements (Article 28)
Automated individual decision making/profiling (Article 22)
Right to Restrict Processing (Article 18)
Right to Object to Processing (Article 21)
Recipients of personal data (Article 19)
Lawfulness of Processing (Article 6)
Condition’s applicable to Child’s consent (Article 8)
Processing of Special categories (Article 9)

Complications with implementing GDPR
US based considerations
Understanding the role of the Data Protection Officer

V.  Global Project Initiatives
Understanding Data Relationships, business relationships and global data mapping requirements
Processing Subject Requests
Identifying and managing third parties
Business & IT Change Requirements
GDPR Compliance Monitoring
Other GDPR Initiatives/Activities

VI. Performing a GDPR Project Impact Analysis
Understanding the basis in which organization is in-scope for GDPR
Understanding the overall effort to become GDPR compliant
Understand if in-scope to process data subject requests and overall business practices which need to be changed to become GDPR compliant
Understand major obstacles to becoming GDPR compliant
Who conducts the Project Impact analysis?

VII. Case Studies
Two case studies will be presented during this seminar which will provide the attendee the understanding of how to perform an Impact Analysis of the GDPR project and how to perform a Pre-Implementation Audit of the GDPR project.


AuditNet - The Global Resource for Auditors

Audit Vision

Since 1991
Join 3,500 other subscribers



Free Audit Serve Seminars Posted Online

25 minute extract from the seminar entitled "Alternate Control Design Approaches for z/OS" presented by Mitch Levine in London (at the Churchill War Rooms) March, 2018 which would be of interest to IT Audit, Security and GRC personnel

General Data Protection Regulation Seminar

Copyright © 2015. All Rights Reserved.