A 90-minute certification course for lawyers. Master the General Data Protection Regulation from a professional practice perspective: data processing responsibilities, impact assessments, breach management, international transfers and the DPO role.
4 modules · 90 min total · Free and open access
When the firm is controller vs processor, legal bases for processing, records of activities, data subject information and processor relationships.
When a DPIA is mandatory, AEPD methodology, verification checklist, necessity and proportionality analysis, mitigation measures and prior consultation.
What constitutes a breach, 72-hour notification to AEPD, communication to data subjects, breach register, response protocol and sanctions for non-notification.
Transfers outside the EEA, standard contractual clauses, adequacy decisions, Schrems II, when to appoint a DPO, DPO functions and external vs internal DPO.