GDPR - Practical Implementation for Businesses

GDPR Fundamentals

• Objective: Establish a solid understanding of the core regulation, its scope, and key terminology.
• The Legal Framework: Introduction, Dates, and Direct Applicability.
• Core Definitions: Personal Data, Special Categories of Data, and "Processing."
• The Scope of GDPR: Who must comply? (Territoriality).
• The 7 Key Principles of GDPR (Lawfulness, Accountability, etc.).
• Core Roles and Responsibilities: Controller vs. Processor.
• Introduction to the Supervisory Authority and Enforcement Powers.

Learning from Others – Real-World Data Breaches

• Objective: Analyze enforcement cases to understand common pitfalls and the importance of security and transparency.
• Data Security Essentials: The CIA Triad and Article 32.
• What is a Data Breach? Notification Timelines (Article 33) and Communicating to Data Subjects (Article 34).
• Case Studies

Data Subject Rights and Cross-Border Data Transfers in Action

• Objective: Apply the rules for data subject requests and international data flows using real-world scenarios.
• Part A: Data Subject Rights
  • Articles 13 & 15: The right to be informed and the right of access.
  • Case Study: Vinted (Lithuania) - Violations of the 'right to be forgotten' and access requests.
• Part B: Cross-Border Data Transfers
  • Transfer Mechanisms: Adequacy Decisions, SCCs, and BCRs.
  • The Schrems II Ruling and its Impact.
  • Case Studies:
    • Lack of Transfer Tools: Uber (Netherlands) and Takeaway B.V. (Netherlands).
    • Inadequate Risk Assessment: Ferde AS (Norway/China) and Vodafone (Spain/Peru).
• Practical Application: Steps for a compliant data transfer.