Implementing Data Privacy in your Organization (Batch 191)

Learn what you need to know about the Data Privacy Act and ensure that your organization is compliant to avoid penalties, jail time for accountable officers and other consequences. Privacy has become a very relevant theme of our times and we all have common interest in it mainly because, we are ALL owners of personal information that we want to be protected.This two-day course guides you to knowing how to implement Data Privacy in your organization by giving you a practical approach on the implementation of the Data Privacy Act.

At the end of this course, the participant should be able to:

  • Describe the basic privacy principles, concepts and background
  • Illustrate why privacy is important in enforcement activity, incident management and laws and regulations
  • Describe one’s obligations when processing Personal Information under your control
  • Develop a privacy compliance program for your company to ensure compliance with laws and regulations.

Course Outline

  • Introduction to Privacy
    • Evolution of Privacy
    • Definition of Personal Information
    • Types of Personal Information
    • Privacy as a Process
    • Privacy Principles
    • Relationship of Information Security with Data Privacy
    • Influence on Data Privacy
    Privacy Legal Framework
    • Development of Legal Mandates
    • Different Approaches to Privacy Laws Across the Global
    • Understanding your Organization’s Legal Requirements
    • Gramm-Leach Bliley Act
    • Health Insurance Portability and Accountability Act (HIPAA)
    • Children’s Online Privacy Protection Act
    • Fair Credit Reporting Act
    • CAN-SPAM
    • Introduction to General Data Protection Regulation (GDPR)
    • Introduction to Philippine Data Privacy Act
    • Evolution of Privacy
    Define Organization’s Mission Statement, Objectives and Strategies
    • Develop a privacy mission statement and strategies
    • Develop Goals and Objectives
    • Define metrics to measure success
    • Prioritizing work based on risk
    Assemble your Privacy Team
    • Determine the most effective structure
    • Create the right combination of experts
    • Offering career paths to your privacy team
    • Obtaining Professional Certification
    Building a Policy Framework
    • Mapping data across the organization
    • Locating data about employees
    • Identifying customer data
    • Identifying client-owned data
    • Defining co-owned data
    • Establishing responsibility for data
    • Classifying data
    • Create your Privacy Statement or Policy
    • Keeping the Privacy Statement or Policy current
    Training and Communication
    • Building the case for Education and Training
    • Developing Training
    • Delivering the Training
    • Extending training through Communications
    • Measuring and Communicating Training Results
    • Educating the Enterprise
    • Non-disclosure Agreements and Confidentiality Notices reinforce Privacy Training
    • Training for Global Management of Privacy
    Operate the Privacy Compliance Program
    • Making It Happen: A Three-Step Cycle
    • Step 1: Assessing Current Privacy-Related Environment
    • Step 2: Addressing the Gaps and Improving the Program
    • Step 3: Monitoring and Compliance Auditing for Continued Success
    • Typical Task of a Privacy Office
    • Conducting Privacy Risk Assessments
    • Privacy Impact Assessments
    • Assessing Risks in Using Third Parties
    • Privacy-Related Legal Requirements for Third Parties
    • Managing Privacy Complaints
    • Developing an Incident Response Plan
    • Handling Data Breach Notification Process
    Test and Improve the Privacy Compliance Program
    • Leveraging Internal Audits in Privacy Governance
    • Forging Relationships with Internal Auditors
    • Enabling Privacy Self-Assessments
    • Providing Compliance checklists for Self-Assessments
    • Conducting Business Unit Privacy Risk Assessments
    Specific Provisions in accordance with Philippine Data Privacy Act (R.A. 10173)
    • Appointment of Data Protection Officer
    • Registration of Data Processing Systems
    • Data Breach Notification Requirements
    Seminar Conclusion
    • Plan for Action

Who should attend

  • Information Assurance Managers
  • Data Protection/Information Governance Managers
  • Corporate Governance Managers
  • Business Managers
  • Record Managers and Database Administrators
  • Legal, Regulatory and Compliance Practitioners
  • HR Professionals
  • People Who Deal with Customer Queries and Administer Personal Data
  • IT and Other Staff, Including HR, Legal and Business Users
  • Any Individual Who Wishes to Become Aware of their own legal rights
  • Internal Auditors

Course Fee is inclusive of AM/PM snacks, lunch, access to the xworks learning management system, digital course materials, and course certificates.