GDPR Data Privacy Technologist (in recording)
The training course on the information security of personal data and data protection by design and by default.
DESCRIPTION
This course offers the main aspects of ensuring data privacy in IT products and IT services.
The course does not rely on a specific standard or legal document. It aims to build processes for the active provision of privacy by observing the basic principles of ensuring data privacy in the development and use of modern technologies and services.
The course examines the basic requirements for privacy by the competent authorities of different countries, the principles and problems of ensuring privacy in the most popular technologies and services.
The course prepares specialists responsible for the technical support of data privacy in companies during the development and operation of software and other services or technologies.
After the course you can answer the following questions
- What is privacy in technologies and why do you need it?
- What is Privacy by Design?
- What are proactive approach and embedded privacy in practice?
- What principles and techniques you can use to incorporate privacy in technologies?
- How does privacy in technologies can help you comply with the GDPR?
- How to provide privacy in dealing with contractors and partners?
Trainer
Program
Connection between information privacy and security
What is information security
Assessing information security risks
What is privacy
Assessing privacy risks (Taxonomy of Privacy)
Privacy vs. security incidents
Privacy and infosec differences
Brief introduction into history of European privacy legislation
Technical data protection requirements under GDPR
Technical privacy requirements under ePrivacy Directive
Privacy protection in the USA
Data protection in other regions
Data protection trends
Physical environment (Ethernet, Wi-Fi, Bluetooth etc)
TCP/IP
Major network protocols
Databases and SQL-servers
Active Directory and Single Sign-On
SSO, SAML and AD federation services
Symmetric and asymmetric cryptography. Secure protocols
Cloud systems and services
Information infrastructure of organization: local systems, local and global networks, cloud systems
Risks to information systems (SQL-injections, XSS-attacks, OWASP etc)
How to protect information systems
Risks to local networks (network attacks, viruses, botnets etc)
How to protect local networks
Risks to global networks (traffic interception, loss of mobile devices etc)
How to protect global networks
Cloud system risks
How to protect cloud systems
Architecture of secure systems (examples)
Organization components (departments, clients, remote users, vendors, subcontractors)
Production related risks on the case of software development
Risks at sales and marketing departments
Risks at recruitment departments
Risks at HR departments
Other departments risks (finance, legal, IT etc)
Risks related to remote users and entities (inc. BYOD)
Risks related to contractors and vendors
Collection
Use
Disclosure
Retention
Destruction
Privacy by Design
Data protection by Design and by Default
What is State of the Art
State of the Art in practice
Privacy enhancing technologies (PETs)
OWASP Top 10 Privacy Risks 2015
Demonstrating GDPR compliance to clients
Nymity Privacy Management Accountability Framework
ISO/IEC 27001:2013 Standard
ISO/IEC 27701:2019 Standard
Choosing right framework
Cookies and tracking
Online Ads
Social networks button
Microtargeting
IoT devices
Wi-Fi, NFS, Bluetooth, RFID
Biometrics
CCTV and facial recognition
