TRAINING
Privacy
Privacy training, including:
Changemanagement
Change training, including:
Riskmanagement
Risk Management training:
These training courses can also be provided “in-house,” or as part of a broader training program.
For information on the content of these training courses, select the relevant training course(s).
PR1 – Setting up a Privacy organization and Privacy governance
Privacy training
Who is this training for
You are a Data Protection Officer (FG) or Chief Privacy Officer (CPO) responsible for setting up and managing a privacy organization. You want to take a structured approach to get in control and set the right priorities.
What will I learn
After this training you will have tools to determine where your organization stands, how to determine and arrive at an objective, in order to create a plan to realize that objective.
Duration
This training will take one day.
Here’s what we’ll do
During this training we will discuss the following topics:
- What is privacy governance? We define the concept of privacy governance and discuss its importance to organizations.
- Legal and ethical frameworks: We cover the legal requirements and ethical considerations underlying privacy governance.
- Developing a governance structure: We discuss how to establish a solid governance model, including roles, responsibilities and reporting lines.
- Role of the board and senior management: We discuss the involvement of top management in privacy governance.
- Creating policy documents: We learn how to create and implement guidelines, standards and policy documents.
- Privacy risks and mitigation strategies: We cover identifying privacy risks and creating strategies to manage them.
- Conducting a baseline privacy maturity assessment: We discuss how to conduct a baseline assessment, understanding the strengths and weaknesses of the current governance structure.
- Follow up and integrate findings into governance: We discuss how to translate the findings of the baseline measurement into points of improvement within the governance structure and how to implement these.
- Monitoring and reporting: We discuss how to monitor and report on privacy compliance to internal and external stakeholders.
- Audit and oversight: We teach how to conduct periodic audits to evaluate compliance and governance processes.
- Integration with other governance areas: We discuss how privacy governance connects to broader governance topics such as IT, risk and compliance governance.
- Culture and accountability: We cover how to create a culture of accountability and transparency within the organization.
- Evaluating and improving privacy governance: We discuss methods to continuously optimize and adapt the governance structure to changing requirements.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
PR2 – Create and manage a processing register
Privacy training
Who is this training for
You are responsible for establishing and maintaining a processing register. You want to comply with legal requirements, but also You want to take a structured approach to get in control and prioritise appropriately.
What will I learn
After this training, you will be able to make a conscious choice on how to set up the processing register and the tooling in which to set up the register. You will also be able to set up an adequate process for entering and updating processing operations and for periodic monitoring of the register and the processing operations it contains.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- What is a processing and what is a processing register? We cover the definition and purpose of a processing, and the processing register under the AVG.
- The legal obligation and exceptions: We discuss when keeping a processing register is mandatory and for whom exceptions apply.
- The structure of a processing register: We go through the main elements that should be included in a processing register.
- How to set up a good processing register. We cover the knowledge, skills and tools needed to establish a complete and accurate register.
- The process of maintaining and updating: We discuss a step-by-step process for establishing and maintaining a processing register.
- Inventorying processing operations: We’ll learn how to create an inventory of all processing operations within an organization.
- Data categories and data subjects: We identify the different categories of data and data subjects to include in a processing register.
- The role of processors: We discuss how to include data processing operations by external processors in the register.
- Use of privacy tooling: We review what tools can be used to support the creation and management of a processing register.
- Relationship to other documentation obligations: We make the link between the processing register and other obligations such as processor agreements and DPIAs.
- Audits and compliance: We discuss how the processing register can be used in internal audits and how it helps demonstrate compliance with the AVG.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
PR3 – Perform DPIAs and LIAs
Privacy training
Who is this training for
You own processing operations and are therefore responsible for their AVG/GDPR compliancy, or you assist and advise as (Chief) Privacy officer in conducting DPIAs and LIAs.
What will I learn
After this training, you will be able to identify when a DPIA or an LIA is required and be able to carry it out.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- What is a DPIA? We cover the definition and purpose of a Data Protection Impact Assessment (DPIA).
- The pre-DPIA: We discuss when a DPIA is mandatory and how to conduct an initial assessment.
- The topics in a DPIA: We go through the various elements that should be included in a DPIA.
- What is required to conduct a proper DPIA? We discuss the knowledge, skills and tools needed.
- The process for preparing a DPIA: We cover a step-by-step process for conducting a DPIA.
- Approach to assessing risks: We learn how to identify and assess privacy risks.
- The scope of a DPIA: We determine the scope of the DPIA and which processing operations are included.
- The form of a DPIA: We discuss the different ways a DPIA can be documented.
- Use of privacy tooling: We review what tools can be used to support the DPIA.
- Relationship to the LIA and how to conduct it: We make the link to the Legitimate Interest Assessment (LIA) and how to conduct it.
- Decision-making and follow-up actions: We discuss how the results of the DPIA are used for decision-making and taking appropriate actions.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
PR4 – Processors and the Data Processor Agreement (DPA)
Privacy training
Who is this training for
You are the owner of processing operations and therefore responsible for their AVG/GDPR compliancy, or you are involved as (Chief) Privacy officer, corporate counsel or procurement officer in establishing processor agreements.
What will I learn
After this training, you will be able to determine when a processor agreement is needed. You will know which version to use in which situation and oversee the relationship with the DPIA, DTIA and Information Security Risk Assessment (ISRA).
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Concepts of processor and controller: We define the roles and responsibilities of the processor and the controller.
- Structure of the data processor agreement: We analyze the structure and essential elements of a processor agreement.
- Variants of the data processor agreement: We discuss the different models and standards for data processor agreements.
- The relationship with the DTIA, IBB and LIA: We make the connections with the Data Transfer Impact Assessment (DTIA), the Information Security Assessment (IBB) and the LIA.
- Engaging sub-processors: We discuss the rules and conditions for engaging sub-processors.
- The process of drafting and agreeing on a processor agreement: We go through the steps for drafting and agreeing on a processor agreement.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
PR5 – Transfer of personal data to third countries and performing DTIAs
Privacy training
Who is this training for
You are involved in the compliant transfer of personal data to third countries as a Data Protection Officer (FG), Chief Privacy Officer (CPO) or project manager.
What will I learn
After this training, you will know the requirements for the compliant transfer of personal data to third countries and be able to implement a process for conducting transfer assessments at your organisation.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- The legal/historical perspective: We outline the legal frameworks and the evolution of data transfer rules to third countries.
- The safeguards for appropriate transfers: We discuss the various mechanisms to ensure adequate protection of personal data when transfers are made.
- When is there a transfer (to third countries)? We define the term transfer and determine when it exists.
- What/who is the data exporter? We identify the role and responsibilities of the data exporter.
- Sub-processors: We discuss the role of sub-processors in data transfers to third countries.
- The transfer assessment: We introduce the concept of a transfer assessment and its purpose.
- The transfer assessment approach: We cover a roadmap for conducting a transfer assessment.
- The importer-dependent approach: We discuss how the assessment can vary depending on the data importer.
- Decision making and risk acceptance: We discuss the factors involved in the decision to transfer data and how risk can be mitigated.
- Issues of concern: We discuss the key concerns when transferring data to third countries.
________________________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
PR6 – Introduction AI and Privacy
Privacy training
Who is this training for
You are a Data Protection Officer (DPO), Chief Privacy Officer (CPO), Compliance Officer, Project Manager, or IT professional involved in the development, implementation, or management of AI systems within your organization. You want to understand how the AI Act and the AVG apply to AI and how to develop and implement responsible AI systems.
What will I learn
After this training, you will understand the basics of AI and the terminology used in the AI Act, be familiar with the key requirements of the AI Act and its interfaces with the AVG.
You will be able to identify the different risk categories of AI systems and apply the associated obligations, know how to conduct a risk assessment and fundamental rights impact assessment (FRIA) for AI systems, and be able to identify and apply the ethical aspects of AI in practice.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Introduction to AI and the AI Act: We discuss the basic concepts of AI, the goals of the AI Act and the scope of the legislation.
- Interfaces between the AI Act and the AVG: We analyze the similarities and differences between the two laws and how they complement each other in regulating AI systems.
- Risk categories and requirements: We cover the different risk categories of AI systems, from unacceptable to minimal risk, and the specific requirements the AI Act places on high-risk systems.
- Data protection in the context of AI: We discuss how the principles of the AVG, such as legality, purpose limitation, data minimization and transparency, apply to the processing of personal data by AI systems.
- Ethics of AI: We cover the ethical challenges posed by AI, such as discrimination, bias and accountability, and how they can be addressed.
- Codes of Conduct and best practices: We discuss the role of codes of conduct and voluntary measures in promoting responsible AI.
- Oversight and Enforcement: We cover the role of regulators and the enforcement mechanisms of the AI Act.
- Practical applications and case studies: We illustrate the theory with concrete examples of AI systems and how the AI Act and the AVG apply to them.
________________________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
CM1 – Drafting a project or program plan
Changemanagement training
Who is this training for
You are responsible for change as a project manager or as a client and are looking for guidance on how to draw up or test a change plan.
What will I learn
As a project manager, you are able to draw up an adequate change plan. As the client, you are able to give the right input to the plan, and to ‘chalenge’ it properly, so that this enables both you and the change manager to steer properly.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Pre-plan preparation: We discuss the necessary analyses and preparations that are essential before creating a project or program plan.
- The objective: We learn how to formulate clear, measurable and achievable objectives for the project or program.
- A project versus a program: We cover the differences between projects and programs, and how they affect the approach and execution.
- The influence of organizational culture: We discuss how organizational culture plays a role in planning and implementing change.
- The different roles: We identify the key roles in project and program management, and the different stakeholders.
- The governance: We cover setting up a clear governance structure, including decision-making processes and reporting lines.
- The components of the plan: We go through the essential components that should be included in a project or program plan.
- Waterfall and Agile change organizations: We discuss the differences between waterfall and Agile methodologies and how to apply them to change projects.
- The business case and benefit mapping: We learn how to build a strong business case and how to map and monitor expected benefits.
- Pragmatics in creating the plan: We cover how to create a realistic and executable plan that meets the needs of the organization.
- Interim evaluations and adjustments: We discuss the importance of regular evaluations and how to adjust the plan as needed to continue to achieve goals.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
CM2 – Change in an environment with both MSP/Prince2 and scrum/agile change teams
Changemanagement training
Who is this training for
You are an operational line manager and want to get a better grip on the changes you have a role in.
What will I learn
After this training, you will be familiar with different change structures and their roles. You will be able to fill the role you have.
You will be able to properly delegate the changes you are responsible for to a change team or project.
.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Project versus program: We cover the differences in approach and focus between projects and programs within change programs.
- Waterfall versus Agile Scrum: We discuss the fundamental differences between the traditional waterfall methodology and the Agile Scrum way of working, including points of interest in specific situations.
- Explanation Waterfall: We delve into the structure and phases of the waterfall approach and how it fits predictable and linear projects.
- Explaining Scrum: We discuss the core principles, roles, and ceremonies of Scrum, and how they contribute to agile and iterative work.
- From simple Agile change with one team to SAFe: We cover how to apply Agile in small teams and how to scale up to frameworks like SAFe for large-scale change.
- The business case and benefit mapping: We learn how to build a strong business case and how to map and monitor expected benefits within both waterfall and Agile projects.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
CM3 – Stakeholder management in a project or program
Changemanagement training
Who is this training for
As a change manager, you are responsible for a project or programme and want to effectively shape stakeholder management in it.
What will I learn
After this training, you will be able to identify your stakeholders and their interests in a structured way.
Based on this, you will be able to effectively involve these stakeholders in or with your project.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Identify stakeholders and their importance: We cover how to identify all relevant stakeholders and analyze their influence and importance.
- Importance from the project perspective: We discuss how to prioritize stakeholders based on their impact on the success of the project.
- From importance to method of engagement (a practical method): We learn how to effectively shape stakeholder engagement using a practical and structured approach. In doing so, we discuss tools such as a stakeholder matrix and how to use them effectively.
- Formal roles/project governance: We cover how the formal roles of stakeholders fit within the governance structure and how to deal with them.
- Stakeholder involvement in decision-making: We discuss how to actively involve stakeholders in important decisions without impeding the progress of the project.
- The communication plan: We discuss how to create a communication plan tailored to stakeholders’ needs and expectations.
- Dealing with stakeholder resistance: We cover strategies for identifying and addressing stakeholder resistance during a project.
- Dynamics of stakeholder relationships: We learn how to identify and manage stakeholder relationships and their mutual influence.
- Cultural and organizational factors: We discuss how culture and organizational context influence stakeholder interaction.
- Monitoring and adjusting stakeholder strategies: We cover how to regularly evaluate and adjust stakeholder engagement to changing circumstances.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
RM1 – Risk and issue management in a project or program
Riskmanagement training
Who is this training for
You are a project or programme manager looking for guidance on how to manage project risks and issues.
What will I learn
After this training, you will be able to effectively manage the risks and issues for your project.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Risks and issues: We cover the distinction between risks (potential future problems) and issues (problems that have already occurred) and how you manage them.
- Gross and net risk: We discuss the difference between gross risk (before mitigation) and net risk (after mitigation) and how you assess it.
- Types of mitigation measures: We learn how to apply different types of measures, such as avoiding, reducing, transferring or accepting risk.
- The risk appetite: We discuss how to determine an organization’s risk appetite and how this affects risk management.
- The types of risk: We cover different categories of risk, such as strategic, operational, financial and compliance risks.
- The roles within risk management: We discuss the responsibilities of key roles, such as risk managers, project leaders and team members, within the risk management process.
- A practical outline: We learn how to apply a risk management process in practice, including tools such as a risk register and risk matrix.
- Identifying and analyzing risks: We discuss techniques such as brainstorming, SWOT analysis and interviews to identify and analyze risks.
- Prioritizing risks: We cover how to rank risks based on their likelihood and impact.
- Monitoring and reviewing risks: We learn how to set up a continuous process to monitor risks and adjust action plans in response to new developments.
- Scenario analysis and contingency planning: We discuss how to develop scenarios and plan for unexpected situations.
- Culture around risk management: We cover how to create a risk-aware culture within a project or program team.
- Linkage to project or program success: We discuss how effective risk management contributes to achieving project or program objectives.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
RM2 – Application of risk-based prioritization methods and risk appetite policy
Riskmanagement training
Who is this training for
As a line manager, you are responsible for a process, department or business unit and are looking for methods to prioritise activities based on risk.
What will I learn
After this training, you will have knowledge and tools that will enable you to solve prioritisation issues, based on risk-based consideration.
Duration
This training takes one half-day session.
Here’s what we’ll do
During this training we will discuss the following topics:
- Roles within risk management: We cover the responsibilities and involvement of key people in identifying and prioritizing risks.
- Risk appetite: We discuss how to determine an organization’s risk appetite and how this guides prioritization and decision-making.
- In control and compliant: We cover how to balance risk management with regulatory compliance.
- Risk taxonomy: We discuss how to categorize risks to understand their nature and interrelationships.
- Probability and Impact: We learn how to assess risks based on probability and impact and how to use these insights for prioritization.
- The Simple Risk-Based Prioritization: We cover a practical method for setting priorities based on a simple risk-impact analysis.
- Weighted Shortest Job First (WSJF): We discuss the WSJF method, in which prioritization is determined by the economic value of speed relative to the effort required.
- Sequencing based on dependencies: We learn how to consider dependencies between activities and risks when setting priorities.
- Linking risk management to strategic objectives: We discuss how to align risk management with the organization’s broader goals.
- Scenario analysis for prioritization: We learn how to use scenarios to prioritize multiple complex risks.
- Stakeholder perspective in prioritization: We cover how to consider stakeholders’ interests and perceptions in the prioritization process.
- Evaluation and adjustment of priorities: We cover how to keep priorities flexible and adapt to changing circumstances and emerging risks.
__________________________________
After discussing a topic, there is an opportunity to ask questions about the theory covered or about related practical situations.
About the training courses
How are the training courses provided
It is possible to purchase the training courses separately, or to combine several training courses into a broader training programme. It is also possible to combine the training courses with an advice/guidance assignment. This enables you to apply the knowledge you have acquired effectively in your organisation.
Training sessions can also be provided as part of a conference or external training programme, possibly in a shortened or adapted format.
We may use other professionals associated with Privacy & Change in these training sessions.
Where are the training courses provided
We use training locations in Utrecht and Zutphen.
Do you prefer a tailor-made training course for your organisation? In that case, the training can be provided at your company location, or at an external training location to be determined in consultation.
It is also possible to take the training course or workshop as part of a conference and have it helt at the conference location.
What are the costs of the training courses
Your investment for the training courses is € 375,- excluding VAT per half-day session per participant.
If you register several participants, purchase multiple training courses or if the training courses are combined with other services, a separate quotation will be drawn up.