Data Protection 27701 Lead Implementer – ISO 27001 training

Introdução

This course enables participants to develop the necessary expertise to support an organization in implementing and managing an Data Protection Management System (DPMS) as specified in REGULATION (EU) 2016/679 (GDPR).

Participants will gain a thorough understanding of best practices used to implement the DPMS based on the General Data Protection Regulation (GDPR) requirements through organizational context and incorporation of interested parties. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects).

The training course presents an holistic implementation approach based on a DPMS (or, PIMS) methodology, supported by the requirements of GDPR and ISO/IEC 27701, the European Data Protection Board (EDPB) guidelines, related privacy and data protection best practices from ENISA and NIST, and other recognized standards, practices and frameworks, such as ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 29100, BS 10012, among others.

This 5-day course prepares the participants for the Behaviour Data Protection Lead Implementer (DPLI) certification. This certification is aligned with ISO/IEC 17024 and therefore valid at international level.

Because it is a course with a very relevant practical impact, participants are invited to implement a Data Protection Management System, in the classroom, during training, based on a case study. This practice supports the necessary theoretical part of the training and establishes a clear link between theory, regulation and how to do it. In this way, participants are able to transfer the knowledge of training to the job and acquire a greater critical sense about the requirements and their applicability in the organization.

Metodologia

The DP27701LI training course is based on both theory and practice sessions with:

• Lectures illustrated with examples based on real cases
• Practical exercises based on a full case study including oral presentations
• Review exercises that assist in preparation to the certification exam.

To benefit from the practical exercises, the number of training participants is limited.

Destinatários

• Project managers, information security professionals, consultants, and designated DPO’s for public organizations or by private companies wanting to prepare and to support an organization in the implementation of a Data Protection Management Systems (DPMS) based on GDPR
• Privacy and data protection consultants and/or auditors involved or supporting organizations on the compliance with EU data protection requirements
• Auditors who wish to fully understand the GDPR implementation process using a Data Protection Management Systems (DPMS) approach
• CxO and Senior Managers responsible for the governance of an enterprise and the management of its data protection risks
• Members of information security and/or data protection teams
• Expert advisors in privacy, data protection and information security
• Technical experts wanting to prepare for a data protection or information security function or for a DSMS project management function.
• Any professional wanting to acquire the necessary skills to implement an EU GDPR based Data Protection Management System (DPMS), supported by the requirements of ISO/IEC 27701 (PMIS)

Pré-Requisitos

Participants should understand English as the course documentation is in this language.

Duração (dias)

5 days

Objectivos Gerais

At the end of the course students should be able to:

• identify and know how to apply the main privacy and data protection concepts and terminology
• understand the main privacy and data protection frameworks, including the details of EU GDPR regulation, ISO/IEC 27701 and the foundations of related data protection frameworks
• understand the roles and responsibilities of the several stakeholders, including the DPO, on the compliance of the GDPR and their involvement on the implementation and operation of a Data Protection Management System based on GDPR, supported by ISO/IEC 27701
• acquire necessary expertise in understanding the business context of an organization when implementing the GDPR framework
• know how to implement a Data Protection Management System to comply with the requirements of GDPR, supported by ISO/IEC 27701
• understand the importance of other related interested parties (shareholders, authorities, clients, partners, etc.) and their role in the DPMS (or, PMIS)
• gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Data Protection Management System based on GDPR, supported by ISO/IEC 27701
• understand the relationship between the components integrated into organizational context, including risk management, related interconnections with data protection impact assessments (DPIA), controls, measures and compliance with the requirements of different stakeholders of the organization
• develop knowledge and skills required to advise organizations on best practices in the management of privacy and data protection, including on the implementation of related information security measures
• know how to draft and implement the needed data protection and information security measures and controls based on the latest international best practices, including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27701, ISO/IEC 29100 family standards, and other recognized international recognized practices
• know how to implement a personal data breach management process based on the requirements of GDPR, supported by ISO/IEC 27701 and the EDPB guidelines, and understand its integration with an information security incident management process based on ISO/IEC 27035
• improve the capacity for analysis and decision making in the context of privacy and data protection management
• acquire the needed expertise to support an organization on the preparation for a certification audit under the GDPR requirements, supported by ISO/IEC 27701
• acquire the knowledge needed to succeed on the BEHAVIOUR DPLI exam and become a Certified Data Protection Lead Implementer (DPLI) professional

Programa

1. Day 1: Introduction to GDPR and privacy and data protection concepts and principles; Initiation of a DPMS
   • Course objectives and structure
   • Fundamental concepts and principles of privacy and data protection
   • Privacy and data protection in EU and related frameworks
   • Mapping the GDPR and ISO/IEC 27701 requirements to a DPMS approach
   • Initiating the implementation of a DPMS based on GDPR, supported by ISO/IEC 27701
   • Context of an organization and data protection objectives
   • Preliminary analysis and establishment of the level of the maturity of the existing management system
   
   
2. Day 2: Planning the implementation of a DPMS
   • Leadership and DPMS project approval
   • Defining the DPMS scope
   • Development of data protection policies
   • Risk management based on ISO 31000
   • Implementing an DPIA integrated approach as part of the ERM
   • Definition of the organizational structure for data protection
   
   
3. Day 3: Implementing a DPMS
   • Implementation of a document management process
   • Identification of mandatory documentation
   • Design of data protection measures, related controls and writing procedures
   • Implementation of data protection measures, related controls and procedures
   • Data protection training, awareness, communication and knowledge management
   • Incident management based on ISO/IEC 27035
   • Personal data breaches management using an integrated approach
   • Operations management of a DPMS based on GDPR, supported by ISO/IEC 27701
   
   
4. Day 4: Measuring and improvement a DPMS; Preparation for a GDPR compliant certification audit, supported by ISO/IEC 27701
   • Monitoring, measurement, analysis and evaluation based on ISO/IEC 27004
   • Internal audit
   • Management review of the DPMS
   • Managing non-conformities and applying corrective actions
   • Continual improvement
   • Preparing for the certification audit under the GDPR, supported by ISO/IEC 27701
   
   
5. Day 5: Data Protection Lead Implementer (DPLI) exam

Exame

The “Data Protection 27701 Lead Implementer” exam fully covers the following competence domains:

• Domain 1: Concepts and principles of privacy and data protection
• Domain 2: EU GDPR and related data protection frameworks
• Domain 3: Planning the implementation of a DPMS
• Domain 4: Implementing and management of a DPMS
• Domain 5: Performance evaluation, auditing and reviewing a DPMS
• Domain 6: Improving a DPMS
• Domain 7: Preparing for the certification audit of a DPMS

The “Data Protection 27701 Lead Implementer” exam is available in English language. Duration: 3,5 hours, passing score 70%. This is a two parts exam, with part one being a 40 multiple choice questions (1 hour, closed book) and part two with 10 essay questions (2,5 hours, open book, i.e. the participants can use all the documentation provided during the course). The exam result is sent via email to the candidate within two months after the examination, being the exam result graduated in qualitative note: “Pass or Fail”. In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade.
If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Certificação

Data Protection 27701 Lead Implementer (DPI27701LI)

After successfully completing the exam, participants can apply for the credentials: "Data Protection 27701 Provisional Implementer", "Data Protection 27701 Implementer" or "Data Protection 27701 Lead Implementer", depending on their level of experience.
These credentials are available for internal and external auditors.
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Data Protection Lead Auditor is a certification program aligned with ISO/IEC 17024 standard.

Requirements for “Lead Implementer” certification:

Certification	Exam	Professional Experience	Privacy and Data Protection Audit Experience	Privacy and Data Protection Project Experience
Data Protection 27701 Associate Implementer	DP27701LI Exam	None	None	None
Data Protection 27701 Implementer	DP27701LI	2 years 1 year of privacy or data protection work experience	None	Project activities totalling 200 hours
Data Protection 27701 Lead Implementer	DP27701LI	5 years 2 year of privacy or data protection work experience	None	Project activities totalling 200 hours

Formador

Our experts are consultants and auditors, with several years of experience in the areas of implementation, auditing and training in various international standards and recognized worldwide best practices.

Informações Gerais

CLASSROOM TRAINING

• Training in Portuguese or English language.
• Training material in English.
• Implementation methodology.
• Behaviour Participation Certificate with 32 CPD (Continuing Professional Development) credits.
• Certification exam in Portuguese and English language.
• Certification Diploma after successful examination and formal process registration. This process has no associated cost.
• Coffee break in the morning and afternoon.
• If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

LIVE ONLINE TRAINING

• Training English language.
• Online training material in English, with online access.
• Methodology for implementing a data protection program.
• Digital Behaviour Participation Certificate of 31 CPD/CPE credits.
• Certification Exam English, available online proctoring. The exam can be taken up to 3 months after completing of the course.
• Digital Certification Diploma and digital certification badge after successful examination and formal process registration. This process has no associated cost.
• If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Benefícios

• GDPR is a requirement for all organizations that process personal data


• GDPR allows certification and international recognition of an organization. Allows access to new markets and optimization of operations. Allows improvement of quality, increase productivity, competitive advantage, customer satisfaction and sales.


• Organization’s data protection management systems (based on GDPR) can now be certified in data protection accredited schemes provided by accredited certification bodies under Article 43 of the General Data Protection Regulation (2016/679).


• This certification can be used as an evidence and support organizations in the demonstration of compliance with GDPR under Article 42.
• Organizations can use this certification for their international recognition and thus stand out from their peers.


• Behaviour Data Protection Lead Auditor (DPLI) course bases its pedagogical model in a certification program aligned in ISO/IEC 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.


• Data Protection Lead Implementer (DPLI) course is geared towards to the implementation of the GDPR, through a step-by-step implementation process. Thus, throughout the course, in addition to the basic concepts of GDPR, related legislation and other international recognized best practices, are presented the steps needed to prepare and start the Data Protection Management System (DPMS) (based on GDPR) implementation project which includes the selection of the approach, the implementation methodology, among other activities needed to implement the DPMS, based on the methodology presented, including DPMS operation and therefore the control, monitoring and continuous measurement.


• One of the strengths of the Data Protection Lead Implementer (DPLI) course, in addition to inclusion of implementation methodology, is that it allows prepare professionals for the audit of an GDPR certification and the registration in an accredited certifying body under GDPR Article 43. Addresses itself to this end, the recommendations of ISO 19011, ISO/IEC 17065 and ISO/IEC 17021 - requirements for certification bodies, and the guidelines of European Protection Data Board (EDPB).


• Certification exam is monitored by an official Behaviour administrator.


• Data Protection Lead Implementer (DPLI) certification exam is conducted at the end of the course, on the last day of training, divided in two parts, part 1 and 2. This process allows the certifying entity to measure, more effectively, the knowledge of the candidates.


• Upon success on the exam, the professional will achieve one of the Data Protection Lead Implementer (DPLI) certifications levels. In case of failure, the professional may repeat the exam with no additional cost (one free retake), within 1 year after the date of the 1st examination.


• Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.


• Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Datas e Preço

Programa Datas Garantidas

(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other locations the events are subject to a minimum number of participants.
On Behaviour all courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the course.

Descontos de Volume

For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to training@behaviour-group.com or contact us via chat.

Hotéis e Informações Úteis

Know where you can stay in Lisbon, near Behaviour. For more information please see >> Booking <<