Course Description
This intermediate course discusses GDPR principles, requirements, and personal data specifics for software developers and technical architects. It examines the processes for getting consent for personal data collection, how personal data should be accessed and shared, and provides an in-depth view on data subject access requests (DSARs) and international data transfers (IDTs). This course requires basic familiarity with the GDPR, and students are advised to complete “Introduction to GDPR” before taking this course.
Learning Objectives
- Explain the principle of data protection by default and by design and how it applies to software development
- Discuss privacy requirements and classify what data is personal data, including the special categories of personal data
- Know the processes for sharing personal data with law enforcement
- Explain data portability and deletion, as well as access control and logging in the context of the GDPR
- Define data subject access requests and know how to prepare for and respond to such requests
- Define international data transfers and explain the proper handling of data transfers to third parties
Details
Delivery Format: eLearning
Duration: 2 Hours
Level: Intermediate
Intended Audience:
- Architects
- Back-End Developers
- Enterprise Developers
Prerequisites: Introduction to GDPR
Course Outline
Principle of Data Protection by Design and by Default
- Article 25: Data Protection by Design and by Default
- Processing Only Personal Data Necessary
- Privacy an Integral Part of the Design Phase
- Introduce a Privacy Page
- Privacy Policies and Data Protection Controls
Privacy Requirements
- From Principle to Privacy Requirements
- Categories for Privacy Requirements
- Data Collection Requirements
- Data Processing Requirements
- Data Storage and Deletion Requirements
Personal Data
- Definition and Examples of Personal Data
- IP Addresses and Location Data
- Cookies and Similar Identifiers
- Examples of Data not Considered in Scope of GDPR
- Special Categories
- Indirectly Revealing Personal Data
- Deceased Persons
Getting Consent
- Requirements for End User Consent
- Getting Consent
- Consent Life Cycle
- Consent Withdrawal
- When Is Consent Valid?
- GDPR Fines Related to Consent
Personal Data Collection and Processing
- Lawfulness, Fairness and Transparency
- Purpose Limitation and Data Minimization
- Accuracy
- Right to Restrict Data Processing
- Storage Limitation
- Data Profiling
Collecting Personal Data of Children
- GDPR Mandate
- Requirements
- Reasonable Effort to Verify a User's Age
- Conducting a Data Protection Impact Assessment (DPIA)
Accessing Personal Data
- Right of Access
- Providing Copies of Personal Data and Other Relevant Information
- Right to Edit and Correct
- Data Retention
Sharing Personal Data with Law Enforcement
- Lawful Basis
- Share Only What Is Necessary
- Informing Data Subjects about Law Enforcement Requests
Data Portability and Deletion
- Exporting Data
- Deleting Data
Anonymization and Encryption
- Encrypting Data
- Encrypting Data in Motion
- Encrypting Data at Rest
- Integrity Protection
- Anonymization and Pseudoanonymization
- Anonymization and Pseudoanonymization Techniques
Data Subject Access Requests (DSARs)
- How to Prepare
- How to Receive
- How to Respond
International Data Transfers (IDTs)
- International Transfers of Personal Data
- Handling Data Transferred to Third Parties
- Map your Flows of International Data
Access Control and Logging
- Requirements for Access Control
- Keeping Audit Trails and Logs