Autoplay
Autocomplete
Previous Lesson
Complete and Continue
CIPP/E - Preparation
Start Here!
Course Orientation (4:25)
Your Path to Certification
Note on September 2024 Updates
Disclaimer
Need Help?
Course Material
Study Plan
Lecture Handout
GDPR Overview
1. History of European Protection Law - Summary & Flashcards
2. The European Union's Institutions - Summary & Flashcards
3. Legislative Framework - Summary & Flashcards
4. Data Protection Concepts - Summary & Guidelines Summary & Flashcards
5. Territorial and Material Scope of the GDPR - Summary & Guidelines Summary & Flashcards
6. Data Processing Principles - Summary
7.1. - Lawful Processing Criteria - All Personal Data - Summary & Flashcards
7.2. - Lawful Processing Criteria - Special Categories of Personal Data - Summary & Flashcards
8. Information Provision Obligations - Summary & Flashcards
9. Data Subjects' Rights - Summary & Guidelines Summary & Flashcards
10. Security of Personal Data - Summary & Guidelines Summary & Flashcards
11. Accountability Requirements - Summary
12. International Transfers - Summary & Guidelines Summary & Flashcards
13. Supervision and Enforcement - Summary & Guidelines Summary & Flashcards
14. Consequences of GDPR Violations - Summary & Flashcards
15. Employment Relationships - Summary & Flashcards
16. Surveillance Activities - Summary & Guidelines Summary & Flashcards
17. Direct Marketing - Summary & Guidelines Summary & Flashcards
18. Internet Technology and Communications - Summary & Guidelines Summary & Flashcards
Bonus - Children and the GDPR
Mock Exam
1. History of European Data Protection Law
Terminology (6:39)
1a) Purpose (1:11)
1b) Instruments giving an impetus to data protection laws (1:04)
1c) Timeline of Data Protection Laws (3:03)
1d) Data Protection Directive vs GDPR (2:04)
1e) Related Legislation (2:01)
1f) Brexit (1:04)
1g) Convention 108+ (5:27)
2. The European Union's Institutions
2a) Overview (0:33)
2b) European Parliament (3:13)
2c) European Council (0:21)
2d) Council of the European Union (1:22)
2e) European Commission (1:11)
2f) Court of Justice of the European Union (2:04)
2g) European Court of Human Rights (1:08)
2h) Bird's Eye View (1:33)
3. Legislative Framework
3a) Overview (1:20)
3b) Council of Europe Convention (Convention 108) (2:52)
3c) Data Protection Directive (3:50)
3d) General Data Protection Regulation (4:15)
3d)(i) GDPR Relationship with other laws (Payment Services Directive 2, Data Governance Act, Regulation (EU) 2018/1725)) (8:12)
3e) Law Enforcement Data Protection Directive (1:25)
3f) Privacy and Electronic Communications Directive ("ePrivacy Directive") (2:00)
3g) EU Directive on Electronic Commerce ("eCommerce Directive") (1:35)
3h) NIS Directive (2016) / NIS 2 Directive (2022) - Updated (2:50)
3i) Data Retention Directive
3j) EU Artificial Intelligence Act 2021 (4:32)
3k) EU Data Act (3:22)
4. Data Protection Concepts
4a) Personal Data (6:01)
4b) Sensitive Personal Data (1:11)
4c) Processing (1:07)
4d) Controller (2:58)
4e) Processor (4:07)
4f) Data Subject (0:39)
5. Territorial and Material Application of the GDPR
5a) Territorial Application (4:51)
5b) Material Application (1:38)
6. Data Processing Principles
6a) Introduction (1:08)
6b) Principle 1 - Lawfulness, Fairness and Transparency (5:14)
6c) Principle 2 - Purpose Limitation (0:43)
6d) Principle 3 - Data Minimisation (1:36)
6e) Principle 4 - Accuracy (0:25)
6f) Principle 5 - Storage Limitation (0:58)
6g) Principle 6 - Integrity and Confidentiality (0:44)
7.1. - Lawful Processing Criteria - All Personal Data
7.1a) Introduction (1:22)
7.1b) Consent (4:15)
7.1c) Contractual Necessity (1:31)
7.1d) Legal Obligation (1:09)
7.1e) Vital Interests (1:00)
7.1f) Public Interests (0:42)
7.1g) Legitimate Interests (1:41)
7.2. - Lawful Processing Criteria - Special Categories of Personal Data
7.2a) Introduction (2:26)
7.2b) Explicit Consent (1:47)
7.2c-k) Other Bases for Special Category Personal Data Processing (5:51)
8. Information Provision Obligations
8a) Introduction (1:21)
8b) Article 13 - Information to be provided (2:46)
8c) Article 14 - Information to be provided (1:08)
8d) When additional Information required (2:51)
8e) When and how (1:52)
8f) Fair Processing Notices (3:07)
8g) Exemptions (1:54)
9. Data Subjects' Rights
9a) Introduction (2:42)
9b) Article 15 - Right of Access (2:05)
9c) Article 16 - Right to Rectification (1:09)
9d) Article 17 - Right to Erasure (2:14)
9e) Article 18 - Right to Restriction of Processing (1:55)
9f) Article 19 - Notification Obligation (0:34)
9g) Article 20 - Right to Data Portability (0:57)
9h) Article 21 - Right to Object (1:20)
9i) Article 22 - Right to not be subject to automated decision-making (1:19)
10. Security of Personal Data
10a) Introduction (3:29)
10b) Appropriate technical and organisational measures (10:27)
10c) Breach Notification (6:35)
10d) Vendor Management (2:48)
10e) Data sharing (2:24)
11. Accountability Requirements
11a) Introduction (0:56)
11b) Responsibility of controllers (5:41)
11c) Art. 25 - Data protection by design and default (5:59)
11d) Record keeping and co-operation with regulators (2:45)
11e) Art. 35 - Data protection impact assessment (DPIA) (3:12)
11f) Data protection officer (3:45)
11g) Auditing of privacy programs (4:12)
12. International Data Transfers
12a) Introduction (2:36)
12b) What is a transfer? (1:25)
12c) Adequacy Decisions (1:44)
12d) Adequate Safeguards (5:45)
12e) Derogations (3:51)
12f) Transfers to the US (7:29)
12g) Transfer Impact Assessments (TIAs) (5:00)
13. Supervision and Enforcement
13a) Introduction (2:11)
13b) Self-Regulation (3:54)
13c) Data Subject Rights (1:58)
13d) Regulator Supervision (7:24)
13e) International Cooperation (5:26)
14. Consequences of GDPR Violations
14a) Introduction (2:07)
14b) Process and procedures (2:37)
14c) Fines (3:16)
14d) Data subject compensation (2:47)
14e) Class actions (4:45)
15. Employment Relationships
15a) Introduction (2:16)
15b) Legal basis for processing of employee data (2:44)
15c) Storage of personnel records (0:52)
15d) Workplace Monitoring (5:21)
15e) Works councils (2:28)
15f) Whistleblowing systems (2:42)
15g) Bring your own device programs (2:30)
15h) Risks involved in employee data (e.g., social media and AI) (3:06)
16. Surveillance Activities
16a) Introduction (1:48)
16b) Regulation of surveillance (2:58)
16c) Communications Surveillance (3:18)
16d) Video Surveillance (1:49)
16e) Biometric data/facial recognition (1:11)
16f) Location data (1:59)
17. Direct Marketing
17a) Introduction (1:43)
17b) Regulation of direct marketing (4:04)
17c) i. Specific types of marketing - Overview (0:27)
17c) ii. Specific types of marketing - Postal marketing (1:08)
17c) iii. Specific types of direct marketing - Telephone marketing (1:42)
17c) iv. Specific types of marketing - Electronic marketing (1:42)
17c) v. Specific types of marketing - Fax marketing (0:44)
17c) vi. Specific types of marketing - Location-based marketing (1:31)
17c) vii. Specific types of marketing - Online behavioural advertising (1:16)
18. Internet Technologies and Communications
18a) Introduction (1:08)
18b) i. Cloud Computing - Definition (5:43)
18b) ii. Cloud Computing - GDPR Issues (7:46)
18c) Cookies (3:17)
18d) Search engines (0:52)
18e) Social Networking Services (2:33)
18e)(i) Dark Patterns (6:04)
18f) Artificial Intelligence (3:54)
Archive
Note
3h) Directive on Security of Network and Information Systems and 3i) Data Retention Directive (1:28)
10. Security of Personal Data (15:19)
Finished? Let me know your feedback!
Provide feedback
Teach online with
15h) Risks involved in employee data (e.g., social media and AI)
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock