Autoplay
Autocomplete
Previous Lesson
Complete and Continue
CIPP/E - Preparation
Start Here!
Course Orientation (4:25)
Your Path to Certification
Note on September 2024 Updates
Disclaimer
Need Help?
Course Material
Study Plan
Lecture Handout
GDPR Overview
1. History of European Protection Law - Summary & Flashcards
2. The European Union's Institutions - Summary & Flashcards
3. Legislative Framework - Summary & Flashcards
4. Data Protection Concepts - Summary & Guidelines Summary & Flashcards
5. Territorial and Material Scope of the GDPR - Summary & Guidelines Summary & Flashcards
6. Data Processing Principles - Summary
7.1. - Lawful Processing Criteria - All Personal Data - Summary & Flashcards
7.2. - Lawful Processing Criteria - Special Categories of Personal Data - Summary & Flashcards
8. Information Provision Obligations - Summary & Flashcards
9. Data Subjects' Rights - Summary & Guidelines Summary & Flashcards
10. Security of Personal Data - Summary & Guidelines Summary & Flashcards
11. Accountability Requirements - Summary
12. International Transfers - Summary & Guidelines Summary & Flashcards
13. Supervision and Enforcement - Summary & Guidelines Summary & Flashcards
14. Consequences of GDPR Violations - Summary & Flashcards
15. Employment Relationships - Summary & Flashcards
16. Surveillance Activities - Summary & Guidelines Summary & Flashcards
17. Direct Marketing - Summary & Guidelines Summary & Flashcards
18. Internet Technology and Communications - Summary & Guidelines Summary & Flashcards
Bonus - Children and the GDPR
Mock Exam
1. History of European Data Protection Law
Terminology (6:39)
1a) Purpose (1:11)
1b) Instruments giving an impetus to data protection laws (1:04)
1c) Timeline of Data Protection Laws (3:03)
1d) Data Protection Directive vs GDPR (2:04)
1e) Related Legislation (2:01)
1f) Brexit (1:04)
1g) Convention 108+ (5:27)
2. The European Union's Institutions
2a) Overview (0:33)
2b) European Parliament (3:13)
2c) European Council (0:21)
2d) Council of the European Union (1:22)
2e) European Commission (1:11)
2f) Court of Justice of the European Union (2:04)
2g) European Court of Human Rights (1:08)
2h) Bird's Eye View (1:33)
3. Legislative Framework
3a) Overview (1:20)
3b) Council of Europe Convention (Convention 108) (2:52)
3c) Data Protection Directive (3:50)
3d) General Data Protection Regulation (4:15)
3d)(i) GDPR Relationship with other laws (Payment Services Directive 2, Data Governance Act, Regulation (EU) 2018/1725)) (8:12)
3e) Law Enforcement Data Protection Directive (1:25)
3f) Privacy and Electronic Communications Directive ("ePrivacy Directive") (2:00)
3g) EU Directive on Electronic Commerce ("eCommerce Directive") (1:35)
3h) NIS Directive (2016) / NIS 2 Directive (2022) - Updated (2:50)
3i) Data Retention Directive
3j) EU Artificial Intelligence Act 2021 (4:32)
3k) EU Data Act (3:22)
4. Data Protection Concepts
4a) Personal Data (6:01)
4b) Sensitive Personal Data (1:11)
4c) Processing (1:07)
4d) Controller (2:58)
4e) Processor (4:07)
4f) Data Subject (0:39)
5. Territorial and Material Application of the GDPR
5a) Territorial Application (4:51)
5b) Material Application (1:38)
6. Data Processing Principles
6a) Introduction (1:08)
6b) Principle 1 - Lawfulness, Fairness and Transparency (5:14)
6c) Principle 2 - Purpose Limitation (0:43)
6d) Principle 3 - Data Minimisation (1:36)
6e) Principle 4 - Accuracy (0:25)
6f) Principle 5 - Storage Limitation (0:58)
6g) Principle 6 - Integrity and Confidentiality (0:44)
7.1. - Lawful Processing Criteria - All Personal Data
7.1a) Introduction (1:22)
7.1b) Consent (4:15)
7.1c) Contractual Necessity (1:31)
7.1d) Legal Obligation (1:09)
7.1e) Vital Interests (1:00)
7.1f) Public Interests (0:42)
7.1g) Legitimate Interests (1:41)
7.2. - Lawful Processing Criteria - Special Categories of Personal Data
7.2a) Introduction (2:26)
7.2b) Explicit Consent (1:47)
7.2c-k) Other Bases for Special Category Personal Data Processing (5:51)
8. Information Provision Obligations
8a) Introduction (1:21)
8b) Article 13 - Information to be provided (2:46)
8c) Article 14 - Information to be provided (1:08)
8d) When additional Information required (2:51)
8e) When and how (1:52)
8f) Fair Processing Notices (3:07)
8g) Exemptions (1:54)
9. Data Subjects' Rights
9a) Introduction (2:42)
9b) Article 15 - Right of Access (2:05)
9c) Article 16 - Right to Rectification (1:09)
9d) Article 17 - Right to Erasure (2:14)
9e) Article 18 - Right to Restriction of Processing (1:55)
9f) Article 19 - Notification Obligation (0:34)
9g) Article 20 - Right to Data Portability (0:57)
9h) Article 21 - Right to Object (1:20)
9i) Article 22 - Right to not be subject to automated decision-making (1:19)
10. Security of Personal Data
10a) Introduction (3:29)
10b) Appropriate technical and organisational measures (10:27)
10c) Breach Notification (6:35)
10d) Vendor Management (2:48)
10e) Data sharing (2:24)
11. Accountability Requirements
11a) Introduction (0:56)
11b) Responsibility of controllers (5:41)
11c) Art. 25 - Data protection by design and default (5:59)
11d) Record keeping and co-operation with regulators (2:45)
11e) Art. 35 - Data protection impact assessment (DPIA) (3:12)
11f) Data protection officer (3:45)
11g) Auditing of privacy programs (4:12)
12. International Data Transfers
12a) Introduction (2:36)
12b) What is a transfer? (1:25)
12c) Adequacy Decisions (1:44)
12d) Adequate Safeguards (5:45)
12e) Derogations (3:51)
12f) Transfers to the US (7:29)
12g) Transfer Impact Assessments (TIAs) (5:00)
13. Supervision and Enforcement
13a) Introduction (2:11)
13b) Self-Regulation (3:54)
13c) Data Subject Rights (1:58)
13d) Regulator Supervision (7:24)
13e) International Cooperation (5:26)
14. Consequences of GDPR Violations
14a) Introduction (2:07)
14b) Process and procedures (2:37)
14c) Fines (3:16)
14d) Data subject compensation (2:47)
14e) Class actions (4:45)
15. Employment Relationships
15a) Introduction (2:16)
15b) Legal basis for processing of employee data (2:44)
15c) Storage of personnel records (0:52)
15d) Workplace Monitoring (5:21)
15e) Works councils (2:28)
15f) Whistleblowing systems (2:42)
15g) Bring your own device programs (2:30)
15h) Risks involved in employee data (e.g., social media and AI) (3:06)
16. Surveillance Activities
16a) Introduction (1:48)
16b) Regulation of surveillance (2:58)
16c) Communications Surveillance (3:18)
16d) Video Surveillance (1:49)
16e) Biometric data/facial recognition (1:11)
16f) Location data (1:59)
17. Direct Marketing
17a) Introduction (1:43)
17b) Regulation of direct marketing (4:04)
17c) i. Specific types of marketing - Overview (0:27)
17c) ii. Specific types of marketing - Postal marketing (1:08)
17c) iii. Specific types of direct marketing - Telephone marketing (1:42)
17c) iv. Specific types of marketing - Electronic marketing (1:42)
17c) v. Specific types of marketing - Fax marketing (0:44)
17c) vi. Specific types of marketing - Location-based marketing (1:31)
17c) vii. Specific types of marketing - Online behavioural advertising (1:16)
18. Internet Technologies and Communications
18a) Introduction (1:08)
18b) i. Cloud Computing - Definition (5:43)
18b) ii. Cloud Computing - GDPR Issues (7:46)
18c) Cookies (3:17)
18d) Search engines (0:52)
18e) Social Networking Services (2:33)
18e)(i) Dark Patterns (6:04)
18f) Artificial Intelligence (3:54)
Archive
Note
3h) Directive on Security of Network and Information Systems and 3i) Data Retention Directive (1:28)
10. Security of Personal Data (15:19)
Finished? Let me know your feedback!
Provide feedback
Teach online with
10b) Appropriate technical and organisational measures
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock