icon icon

GDPR in practice: personal data security in the organization

icon

Training process

Training needs analysis

If you have specific requirements regarding the training programme, we will carry out a training needs analysis for you. This will guide us on which aspects of the programme should receive greater emphasis, so that the training programme meets your specific needs.

What will you gain?

icon

Confidence with GDPR terms - You will clarify key GDPR concepts and learn to distinguish personal data, the controller and the processor, so you can assess your responsibilities more accurately in everyday work.

icon

Correct data processing rules - You will learn how to apply lawfulness, purpose limitation, data minimization, integrity and confidentiality in practice, helping you reduce mistakes when collecting and using personal data.

icon

Efficient handling of data subject rights - You will learn how to manage requests for access, rectification, erasure, data portability and objection, so you can respond to data subjects faster and with greater accuracy.

icon

Stronger documentation and notices - You will practice drafting privacy notices, maintaining records of processing activities and applying consent rules, making it easier for you to organize GDPR-compliant documentation.

icon

Effective breach response - You will understand what qualifies as a personal data breach and how to respond step by step, from incident assessment to documentation and notification to the supervisory authority.

icon

Implementation tailored to your organization - You will review practical security policies and cross-industry case studies, making it easier for you to choose solutions that fit your processes, business context and actual risk areas.

icon

Ready-to-use document templates - You will gain practical guidance on privacy policies, information clauses and data processing agreements, helping you prepare or review the documents your organization relies on.

icon

Better audit readiness - You will learn how to use audit tools, checklists and work effectively with a Data Protection Officer, so you can assess compliance, spot gaps and plan corrective actions more confidently.

Training programme

1. Introduction to GDPR

  • genesis and objectives of the introduction of GDPR,
  • basic definitions and concepts: personal data, data controller, processor,
  • principles of personal data processing (lawfulness, purpose limitation, minimization, integrity and confidentiality),
  • roles and responsibilities regarding the protection of personal data in the organization.

2. Obligations of the organization resulting from the GDPR

  • information obligation towards persons whose data is being processed,
  • rules for obtaining consents for data processing,
  • record of processing activities – how to maintain it,
  • examples of implementing data security policies in the company.

3. Rights of data subjects

  • the right of access to data, rectification and erasure,
  • the right to data portability and to object to processing,
  • handling requests of natural persons – obligations and deadlines.

4. Incidents related to personal data

  • what is considered a personal data protection breach?
  • breach response procedures (incident analysis, documentation, notification to the supervisory authority),
  • financial penalties for GDPR breaches – analysis of the most important cases.

5. Practical aspects of implementing GDPR in the organisation

  • case studies: challenges in the field of GDPR compliance in various industries,
  • document templates: privacy policies, information clauses, data processing agreements,
  • GDPR compliance audit – tools and checklists,
  • cooperation with the Data Protection Officer (DPO).

What are the prerequisites for participating in the training?

icon

Basic document handling - You should be comfortable reading and reviewing simple company documents such as procedures, forms or policies, so you can work more easily with data protection provisions.

icon

Awareness of company processes - You should understand how information is collected, shared and stored in your organization, so you can connect GDPR requirements to real operational activities more easily.

icon

Basic administrative experience - You should have basic office or administrative experience, so you can relate topics such as consent, privacy notices and processing records to your everyday responsibilities.

icon

Readiness to analyze cases - You should be ready to discuss practical situations and draw conclusions from examples, because the training includes case studies, incidents and analysis of organizational actions.