PROJECT NUMBER: 1711501
Advanced Training Course: Data Protection Compliance in the EU
20-22/Feb/2017 • Maastricht *
This course has been specifically designed to give professionals responsible for data protection issues within their organisations the key resources and practical information they need in their daily work. This is an advanced training course where participants will further develop the professional skills necessary to be a top-performing data protection professional. Numerous practical examples, combined with a high level of interactivity, provide participants with all they need to know about data protection compliance in theory and practice, as well as an insight into how to handle the myriad issues that arise in the workplace on a daily basis in such a challenging and quickly developing working area.
How will it help you?
By following this advanced training course participants, will further develop the professional skills necessary to be a top-performing data protection professional. The programme has a practice-oriented focus, providing participants with in-depth knowledge of the current issues relating to data protection compliance in theory and practice.
The objective is to enable participants to deepen their working knowledge of data protection and to qualify them as data protection specialists. All participants will receive a certificate of attendance after completing the training course.
Who will most benefit?
This advanced course is designed for anyone whose work relates to the processing of personal data. It is aimed, among other people, at data protection officers, privacy officers, compliance officers, information officers, information security officers, ICT employees, record managers, lawyers, human resources officers, and any other data protection professionals.
EIPA DPO Professional Certification & Examination
The certification is offered in cooperation with the network of DPOs and for the EPSO Competition for Administrators in the Field of Data Protection it is considered an asset by the European Union.1. Individuals wishing to obtain EIPA’s professional certificate must:
a. Study the course materials.
b. Complete 2,5 days of face-to-face training (to be held in Maastricht in 20-23 February 2017).
c. Pass the examination (held in Maastricht twice every year).
The examination consists of a multiple-choice test and open questions covering a broad range of relevant knowledge and topics that are not, or only partially, dealt with in this advanced training course.
To pass the exam candidates must have basic knowledge and good understanding of data protection. To this end EIPA will provide access to the course materials. Candidates must prepare for the exams in advance.
Topics covered in the examination:
Current EU legal framework including European Convention and OECD Guidelines Directive 95/46/EC and national legislation in practice; Regulation 45/2001 in practice; The existing regimes in the former third pillar area; Data protection principles and main concepts; Actors and roles; Data subject rights; Transfers of personal data, contractual clauses, BCRs, etc.; Case law on personal data protection from ECHR and ECJ; Data protection supervisory authorities; Access to documents and data protection; Big data, cloud computing, analytics, the internet of things; Data security; Cybersecurity; Privacy by design; Privacy impact assessment; Data protection audit.
2. Participants in this course wishing to obtain the professional certificate must:
1. Register for the optional workshop ‘DPO Certification: Preparing for the exam’.
2. Study the course materials and prepare. To this end EIPA will provide access to the course materials in advance after payment of the fee.
3. Pass the examination on Thursday 23 February 2017.
The preparatory workshop will give participants ample opportunity to ask questions or discuss certain issues.
3. Individuals who are already EIPA-certified and who already obtained their certificate can use this course to update their knowledge and maintain the validity of their certificate. They do not need to pass the examination again; participation in the advanced course extends the validity of the certification with one year.
Check here the Data Protection Certification Policy
MONDAY 20 FEBRUARY 2017
Registration of participants
Welcome: purpose and organisation of the seminar
Cristiana Turchetti, Head of Unit, Project Leader, EIPA, Maastricht
Taking data protection into the 21st century: The current EU legal framework and the ongoing EU data protection reforms
This session will explain the current legal framework, the key changes of the proposed EU Data Protection reform package and the likely timescales for completion and implementation.
Karolina Mojzesowicz, Deput Head of Unit, Data Protection Unit, DG Justice, European Commission, Brussels (BE)
Data controller/data processor relationship
There is frequently uncertainty about the roles and responsibilities of those processing personal data. It can often be a challenge to make the distinction between a data controller and a data processor. This session will address the ramifications of the controller/processor relationship and how the new Regulation will change things.
Carmen López Ruiz, Data Protection Officer of the EU Council, Brussels (BE)
Supervising data protection compliance: The role of data protection authorities
Verónica Perez Asinari, Head of Supervision and Enforcement, EDPS
Udo Olen, Head of the Dutch Data Protection Authority (DPA) (invited)
Cross-border data transfers – options and solutions.
How to ensure adequacy?
This presentation will be most useful to those who are new to ‘international transfers’.
Diana Alonso Blas, Data Protection Officer and Head of Data Protection Service, Eurojust
End of first day
Dinner at a restaurant in town
TUESDAY 21 FEBRUARY 2017
Data protection audits
Diana Alonso Blas
Case study on International Transfers
Diana Alonso Blas and Verónica Perez Asinari
The jurisprudence of the ECHR and ECJ
The session will explain the key case law on personal data protection and the interaction with other fundamental rights including access to documents
Christopher Docksey, Director at the EDPS
Reform of the e-privacy directive
The e-Privacy Directive complements the Data Protection Directive by, among others, setting-up specific rules concerning the processing of personal data in the electronic communication sector. In April 2016 the European Commission launched a Public Consultation on the Evaluation and Review of the e-Privacy Directive. The Consultation has been closed in July 2016 and the Summary report is now published. The session will present the main findings of the consultation and the major steps of the reform process.
Fenneke Buskermolen, Head of Unit Digital Privacy and Data Protection, European Commission, Brussels (BE)
Security issues and interoperability: The implications for personal data portability
Cyber-crime is increasing exponentially and threatening European citizens, businesses, and public administration bodies. This session will map out cyber-criminal activities, trends, intelligence activities, and the main privacy and data protection implications. The speaker will also address another important matter – the interoperability of systems/platforms – and will discuss implications for personal data portability.
Brian Honan, Director, BH Consulting, Dublin (IE)
End of day two
WEDNESDAY 22 FEBRUARY 2017
Big data, cloud computing, analytics, the internet of things: privacy, regulatory & governance issues
Cloud computing, big data, analytics, and the internet of things are not just buzzwords but actual phenomena with both high potential for the European Union economy and strong personal data protection implications; they need to be accurately analysed and dealt with in a practical manner in order to strike the right balance between sometimes opposing interests. The speaker will elaborate on the personal data protection implications of such phenomena from a business law perspective.
Fernando Silva, DPO of EU-LISA
Workshop: Privacy by design and privacy by default
This workshop explains the concept of privacy by design and privacy impact assessment and how to proactively embed privacy into the design of information technologies, communication networks, and governance/operational practices.
Philippe Renaudière, Data Protection Officer at the European Commission, Brussels (BE)
End of the seminar
THURSDAY 23 FEBRUARY 2017
DPO certification - Preparing for the exam
Workshop: EU data protection
Essential knowledge and the role of the DPO
Cristiana Turchetti & Paul Breitbarth
Group exercises: Written essays and MCQ examples
Cristiana Turchetti & Paul Breitbarth
End of the module
14.00 - 16.00 Certification exam (first-time candidate)
16.30 - 18.30 Certification exam (resit)
The training course consists of two parts. Participants can register for either the:
• 2.5-day advanced training course: 20-22 February 2017, or
• The full package: 2.5-day training course plus the Certification preparatory workshop and examination: 20-23 February 2017.
The advanced training course starts on 20 February at 09.00.
European Institute of Public Administration
O.L. Vrouweplein 22
6211 HE Maastricht
Tel.: +31 43 32 96 222
The course will be conducted in English.
|EIPA Certified |
|Advanced training (2.5 days) ||€1416 ||€1275*||€1060**|
|DPO certification |
Preparing for the exam
The participation fee includes documentation, access to the e-Campus, certificate, lunches, one dinner, and refreshments. Accommodation and travel costs are at the expense of the participants or their organisations.
* EIPA offers its members a reduction of 10% off the registration fee. This is available to all civil servants working for one of EIPA’s member countries (i.e. AT, BE, BG, CY, CZ, DE, DK, ES, FI, FR, GR, HU, IE, IT, LT, LU, MT, NL, NO, PL, PT, SE, UK), and civil servants working for an EU institution, body or agency.
** EIPA offers participants who already hold the EIPA professional DPO certification a discounted fee of €1050.
If you are eligible for a discount, please tick the box on the registration form. Reductions cannot be accumulated. More information.
The European Institute of Public Administration has special price arrangements with a number of hotels selected by us. All hotels are within 10 minutes’ walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel on checking out. At the time of booking, please mention in the requested field the EIPA project number 1711501.
• Townhouse Hotel
• Hotel Derlon
• Designhotel Maastricht – Hampshire Eden
• Bastion Hotel
Lunches and dinner will be served at a restaurant in the city. Should you require a special menu (e.g. vegetarian, diabetic), please inform the Programme Organiser so that this can be arranged.
Kindly complete the registration before 1 February 2016. Your name and address will be part of EIPA’s database for our mailing purpose only. If you do not want to be included in our mailing database, please tick the box on the registration form.
Confirmation of registration will be forwarded to participants on receipt of the completed registration form.
Prior payment is a condition for participation. Please indicate the method of payment on the registration form. In any case, the participant or his/her administration will receive an invoice for the payment of the registration fee. For cancellations received after the closing date of registration we will have to charge an administration fee of €150 unless a replacement participant is found.
EIPA reserves the right to cancel the seminar up to two weeks before the starting date. EIPA accepts no responsibility for any costs incurred (travel, hotel, etc.). More information.