Performing Data Privacy Audits

Performing Data Privacy Audits is a training course where you will obtain the knowledge and skills to plan and carry out audits to assess your Organization’s readiness and compliance to the Data Privacy Act of 2012 (RA10173). Using practical exercises, you will be able to acquire knowledge on the protection of privacy in the context of processing personal information (PI) and sensitive personal information (SPI), as well as learn audit techniques and become competent to manage an audit program, audit team, establish communication with customers and resolve potential conflicts.

You will be able to learn how to evaluate the organization’s degree of compliance and help situate your organization in the compliance spectrum. The training teaches adopting a process-centric approach that analyzes business methods across the organization to map out the collection and processing of personal information and shows you how to examine the organization’s rules, policies, processes, and third-party contracts with data privacy implications.

At the end of this course, participants should be able to

• Understand how to audit your Organization’s established Privacy Management Program
• Acquire the competencies of the auditor’s role in planning, leading, and following up on a management system audit
• Learn how to interpret the requirements of the DPA of 2012 in the context of a compliance readiness check/audit.

Course Duration

• 2 days, online 4-hour sessions

Course Outline

Day 1

• Introduction to the Data Privacy Act of 2012
• Principles, Rights of the Data Subject and Security Measures
• 5 Pillars plus 1
•            Privacy Management Program (PMP)
• Audit principles, preparation, and launching of an audit
• Fundamental audit concepts and principles
• Evidence-based auditing
• Risk-based auditing
• Initiation of the audit process
• Communication during the audit

Day 2

• Audit procedures
• Creating audit test plans
• Closing the audit
• Drafting audit findings and nonconformity reports
• Audit documentation and quality review
• Evaluation of action plans by the auditor
• Managing an internal audit program
• Conclusions
• Closing of the training course

Delivery Methodologies

• Online Lecture and Discussion
• Individual Assignments
• This course is recommended for
• Information Assurance Managers
• Data Protection / Information Governance Managers
• Corporate Governance Managers, Business Managers
• Record Managers / Database Administrators / Internal Auditors
• Legal, Regulatory and Compliance Practitioners / HR Professionals
• People who deal with Customer Queries and Administer Personal Data
• IT and other staff, including, HR, Legal, and Business Users
• Any individual who wishes to become aware of their own legal rights