Autoplay
Autocomplete
Previous Lesson
Complete and Continue
All In One Privacy MasterClass
PART 1 - Section 1 - Introduction
Welcome to the Program (3:10)
How to use this Program and achieve your goals (11:27)
Administrative Aspects + Course Templates (6:41)
PART 1 - Section 2 - Privacy & Security, General Statements
Why Privacy and Security will never die (4:14)
Privacy vs Security (3:49)
Privacy Risks Expand (4:10)
CyberAttacks and what makes them possible (5:49)
Confidentiality, Integrity and Availability (CIA) & Privacy Implications (6:07)
Principles for Building & Operating Systems to be More Secure (6:21)
Why does an organisation need a Privacy Program (2:51)
Section Quiz
Part 1 - Section 3 - European Data Protection Law and Regulation - GDPR
GDPR Short Intro (4:34)
GDPR Format & Definitions (4:20)
GDPR Principles (3:49)
Lawfulness (3:49)
Data Protection Concepts (5:44)
EU Institutions (5:59)
Data Subject Rights (10:53)
Processors under GDPR (3:40)
Processor - Controller Agreement (3:03)
Processor, Controller, SubProcessor - Deep Dive with Examples (6:11)
Sanctions under GDPR (3:21)
Territorial and Material Scope of GDPR with examples (7:54)
Legal Basis for Processing (6:50)
Consent (5:20)
Legal Basis for processing - Sensitive Data (1:37)
Security & Breach (6:25)
Legitimate Interests - Deep Dive (12:13)
Data Processing Obligations (7:39)
Automated Decision Making & Profiling Deep Dive (9:29)
The right to data Portability Deep Dive (8:58)
The right to be forgoten in search engine cases - part 1 (11:40)
The right to be forgoten in search engine cases - part 2 (4:43)
Other obligations (4:42)
Other statutes (4:17)
Internal Audits (3:27)
Codes of Conduct and Certification (5:03)
Role of the Lead Supervisory Authority (7:56)
Multi Controller Situations and Joint Controllers (7:53)
International Transfers - general lesson (3:31)
GDPR vs ePrivacy Directive (4:15)
Brexit & GDPR (3:41)
Outsourcing and GDPR - General Requirements (3:46)
Section Quiz
PART 1 - Section 4 - Understanding the need for privacy in the IT environment (CIPT)
Evolving compliance requirements (4:21)
Major risks to a company's IT framework (6:15)
Application related RISKS (4:58)
Network related RISKS (4:59)
Storage related RISKS (6:55)
Stakeholder expectations for privacy (5:07)
IT Governance vs Data Governance (1:58)
The role of the IT professional & other stakeholders in preserving privacy (5:38)
Section Quiz
PART 1 - Section 5 - Core Privacy Concepts (CIPT)
Privacy Foundational elements - Organizational Privacy Notice (5:54)
Privacy Foundational elements - Organizational Privacy Policy (6:30)
Example - A great organizational privacy policy
Privacy Foundational elements - Organizational Security Policies (7:01)
Incident Response - Security and Privacy Perspectives (1:53)
System Development Lifecycle and Enterprise Architecture (3:25)
Privacy Impact Assessments (PIA) (6:12)
Common Privacy Principles (5:42)
Data Retention Concepts and Best Practices in GDPR context (7:20)
Section Quiz
PART 1 - Section 6 - Privacy considerations in the information lifecycle
The Collection Process - Notice (4:38)
The Collection Process - Choice, Control & Consent (4:40)
Other topics related to Collection (4:22)
Use (5:23)
Security Practices and Limitations on Use (4:43)
Disclosure (7:19)
Retention - Records, Limitations, Access (5:47)
Retention - Security Considerations (6:02)
Destruction (7:16)
Section Quiz
PART 1 - Section 7 - Introduction to the DPO role
Mandatory and Voluntary DPO (4:32)
GDPR requirements for DPOs (8:43)
DPO_Brief summary - needed skills (4:03)
DPO Certification (3:33)
DPO_Professions (7:52)
DPO_Hiring Errors (4:54)
Section Quiz
PART 1 - Section 8 - Initiating the DPO role
Defining the role_Scope (8:32)
DPO Resources (3:21)
Outsourcing DPO (6:17)
Contracting_DPO contract considerations (8:29)
First Tasks of the DPO (6:42)
Data Protection Policy (6:49)
Data and Processing Inventory (7:33)
Section Quiz
Part 1 - Section 9 - The first 100 days of a DPO
General statements (2:38)
Prepare Phase (5:43)
Assess Phase (2:55)
Plan Phase (2:56)
Act Phase (3:16)
Measure Phase (3:20)
PART 1 - Section 10 - DPO Tasks - Risk and DPIAs
Risk (4:02)
ISO 27005 general statements (2:44)
Risk Identification (8:44)
Risk treatment (7:07)
Risk Analysis (5:30)
Risk Evaluation (1:59)
DPIA's requirements under GDPR (7:34)
Risk in GDPR (3:55)
PIA vs DPIA and Best Practices around them (4:10)
Section Quiz
PART 1 - Section 11 - DPO Tasks - Outside the EU
International Transfers with examples (9:02)
Adequacy Decisions (6:03)
Safeguards (11:42)
Exceptions (15:05)
Controllers and DPOs not in the EU (7:01)
Representatives vs DPOs (10:31)
Americas Privacy Laws (3:59)
Asia Pacific privacy rules (4:18)
Other Privacy Laws (3:06)
Data Sovereignty vs Data Residency vs Data Localization (7:25)
What is Schrems II? General Statements (3:21)
Compliance with Schrems II (6:30)
EU US Data Privacy Framework part 1 (6:47)
EU US Data Privacy Framework part 2 (6:12)
Section Quiz
PART 1 - Section 12 - DPO Tasks - Technical Assessments
Technical Assessments (3:06)
ISO 27001 (5:51)
ISO controls (7:50)
NIST (4:23)
Anonymization (5:13)
Data Breaches (4:42)
Determining Breach Severity (4:09)
Breach Response (4:04)
Breach Response within CSPs (8:34)
Section Quiz
PART 1 - Section 13 - GDPR implementation - short intro Guide
Gap Assessment Tool (7:33)
Management Commitment (3:02)
Preparation Project Plan (2:54)
GDPR_Roles (4:13)
How to capture Personal Data in a Form (3:33)
GDPR Privacy Data Protection Policy (3:57)
Data Subject Request Procedure (2:34)
Data Protection Impact Assessment (DPIA) (3:28)
Data Breach and Incident Response Procedure (IRP) (3:15)
ISO and GDPR (2:15)
Privacy by design (5:24)
Course Challenge - Q&A
Challenge 1
PART 1 - Section 14 - Step by Step Customer GDPR Assessment
Customer scenario description (3:39)
Personal Data Analysis Form (3:51)
Personal Data Flow Mapping (1:57)
Personal Data Asset Inventory
3rd party processing providers form (2:18)
GDPR assessment report
GDPR implementation project plan (1:56)
PART 1 - Section 15 - From Small & Medium Enterprise (SME) to Multinational examples (GDPR perspective)
LUL example part 1 (8:00)
LUL example part 2 (7:37)
LUL example part 3 (7:48)
LUL example part 4 (5:40)
EEI example part 1 (6:39)
EEI example part 2 (9:47)
EEI example part 3 (3:18)
EEI example part 4 (11:00)
EEI example part 5 (5:42)
Google Chrome case study (7:36)
Hotel's Online Businesses (10:44)
A guide for SMEs (4:41)
How to make a website GDPR compliant (4:28)
Outsourcing your DPO_real life scenarios (10:00)
Legal response (9:37)
Children's Consent. Is it Legal (9:16)
GDPR Right to Erasure and Backup Systems (8:05)
Section Quiz
Challenge 2
PART 1 - Section 16 - Privacy in Systems and Applications (CIPT)
Identity and Access Management (IAM) (5:23)
Limitations of Access Mgmt & Least Privilege principle (3:49)
UBAC & RBAC (4:07)
Context of Authority (5:10)
Cross Site Authentication & Authorization Models (3:31)
Credit card information & Processing (4:28)
PCI-DSS & PA-DSS (4:52)
Remote Access & BYOD - Privacy & Security Considerations (3:54)
Remote Access & BYOD - Access to Computers & Architecture controls (2:38)
Data Encryption - Design Considerations (3:51)
Application, Record and Field Encryption (3:18)
File & Disk Encryption (3:52)
Encryption Regulation & Crypto Standards (3:39)
Other Privacy enhancing Technologies (6:35)
Software Notifications and Agreements (4:17)
Section Quiz
Course Challenge - Company Description
PART 1 - Section 17 - Online Privacy Issues (GDPR perspective)
Organizational Privacy Strategy for Social Media (7:14)
Consumer Expectations (5:58)
Children's Online Privacy (3:12)
Social media - personal information collected (9:14)
Social media - personal information shared and ownership (4:30)
E-commerce personalization (3:27)
Online Advertising (3:28)
Key considerations when posting ADs on your website (2:37)
Understanding cookies, beacons and other tracking technologies (6:03)
Web Browser Privacy and Security Features (7:29)
Cookies - Deep Dive (2:56)
Section Quiz
Challenge 3
PART 1 - Section 18 - Direct Marketing (GDPR perspective)
Data Protection & Direct Marketing (3:08)
The concept of Direct marketing (4:32)
The right to opt-out (3:54)
Marketing Requirements under e-Privacy Directive (2:16)
Postal Marketing (3:08)
Telephone Marketing (5:28)
Electronic Marketing (7:11)
Location Based Marketing (5:12)
Online Behavioral Advertising (OBA) and GDPR (4:36)
Section Quiz
PART 1 - Section 19 - Subject Access Requests (SAR) - Code of Practice (GDPR perspective)
Overview of SAR (4:04)
How to recognize a valid SAR? (8:53)
Responding to a SAR (6:37)
Dealing with SARs involving other people information- part 1 (4:43)
Dealing with SARs involving other people information- part 2 (4:47)
Supplying information to the requester (5:44)
Dealing with repeated or unreasonable requests (3:23)
Exemptions - part 1 (4:08)
Exemptions - part 2 (3:28)
Exemptions - part 3 (2:32)
Section Quiz
Challenge 4
PART 1 - Section 20 - Lawful processing of HR data (GDPR perspective)
Consent, no longer an option for HR? (3:00)
Data Protection Policy (HR perspective) (6:40)
GDPR Terms and How they Relate to Recruiting (5:37)
Ensure you job application process complies with GDPR (4:26)
Sourcing and Attracting Candidates with GDPR in mind (6:14)
Ensure your software vendors are compliant (3:16)
The intersection between GDPR and Employment Contracts (6:18)
GDPR and Employee Monitoring (6:33)
GDPR and HR Analytics (9:09)
Section Quiz
PART 1 - Section 21 - Technologies with Privacy Considerations
Wireless Technology - RFID (5:54)
Wireless Technology - NFC, Bluetooth & WiFi (4:51)
Location Based Services (LBS) - generalities (5:15)
Location Based Services (LBS) - GPS (5:19)
Location Based Services (LBS) - GIS (4:04)
Surveillance of Individuals (3:35)
Data surveillance & Biometric recognition (6:26)
Video Surveillance Deep Dive (part 1) (8:37)
Video Surveillance Deep Dive (part 2) (7:48)
Section Quiz
Challenge 5
Answers to the 5 challenges
PART 2 - Section 1 - Introduction to Privacy Management, Governance & Engineering
Vision, Mission Statement and Program Scope (5:26)
Privacy Governance (9:00)
Develop a Privacy Strategy (6:48)
Privacy Risk Management Framework part 1 (8:20)
Privacy Risk Management Framework part 2 (5:50)
Engineering - High Level Design (12:19)
Engineering - Low Level Design (9:26)
Testing, Validation & Verification (12:22)
SDLC and the Culture of Privacy (4:29)
Privacy Governance Success (4:23)
Privacy Standards - ISO 27018, ISO 27701, ISO 29100 (7:56)
How to Structure the Privacy Team (6:43)
Section Quiz
PART 2 - Section 2 - Let's make privacy operational
Records of Data Processing (4:17)
Assessing Vendors and 3rd party suppliers (5:16)
Mergers and Acquisitions - Privacy Checkpoints (4:32)
Interfacing and Communicating with an Organization (7:01)
Privacy Policy & other types of Policies (5:47)
Measuring Privacy Program Maturity (8:22)
Privacy Metrics (4:28)
Monitoring & Audits (7:42)
Privacy Training & Awareness (6:15)
NIST CSF (4:38)
NIST Privacy Framework (3:39)
Part 2 - Section 3 - Incident Response
Risk, Exposure, Incidents and Breaches (5:05)
Incident Response Plan (8:03)
Incident Handling (6:28)
Investigation (8:46)
Reporting Obligations (10:41)
Recovering (9:21)
How malware works? (4:12)
Ransomware and the implications on privacy (4:23)
What is Lateral Movement and how it works? (4:26)
PART 2 - Section 4 - What is Privacy by Design?
Generalities (3:38)
Short history of adoption (3:30)
Principle 1 - Proactive not Reactive (2:18)
Principle 2 - Privacy as the Default Setting (3:15)
Principle 3_Privacy Embedded into Design (2:51)
Principle 4 - Full Functionality (3:47)
Principles 5, 6 and 7 (4:14)
Challenges of the Principles (2:11)
Why its important to Build in Privacy (9:54)
PART 2 - Section 5 - Privacy Model - Overview
What is this section about? (1:32)
Individuals (5:26)
Domain:Threat Actors (6:50)
Relationships (3:10)
Example 1 (2:11)
Example 2 (1:05)
Example 3 (2:47)
Violations - generalities (4:44)
Violations - Information collection (6:56)
Violations - Information processing (part 1) (10:34)
Violations - Information processing (part 2) (10:33)
Violations - Information dissemination (part 1) (12:42)
Violations - Information dissemination (part 2) (9:15)
Invasions (8:23)
Controls_System Architecture_Centralization (3:56)
Controls_System Architecture_Identifiability (7:27)
PART 2 - Section 6 - Privacy Model - Data Oriented Strategies
Privacy Data-Oriented Strategies - SEPARATE (5:46)
Privacy Data-Oriented Strategies - MINIMIZE (part 1) (5:40)
Privacy Data-Oriented Strategies - MINIMIZE (part 2) (5:35)
Privacy Data-Oriented Strategies - HIDE (6:44)
Privacy Data-Oriented Strategies - ABSTRACT (4:14)
Privacy Process-Oriented Strategies - ENFORCE (7:44)
Privacy Process-Oriented Strategies - DEMONSTRATE (5:44)
Privacy Process-Oriented Strategies - INFORM (6:35)
Privacy Process-Oriented Strategies - CONTROL (1:43)
Privacy Process-Oriented Strategies - Architecture Redux (6:04)
Information Flow (10:30)
Domains and Sub-Domains (3:28)
Example - The city pothole app (3:03)
Exercises
PART 2 - Section 7 - Privacy Analysis
Risk Analysis (4:16)
A FaIR method for privacy risk (7:08)
Frequency (8:46)
Vulnerability (3:39)
Magnitude (10:15)
Applying controls (part 1) (4:53)
Applying controls (part 2) (4:53)
Organizational Risk (4:19)
Quantifying Risk - example 1 (part 1) (8:25)
Quantifying Risk - example 1 (part 2) (5:15)
Pothole App Example (10:20)
Exercises
PART 2 - Section 8 - Privacy Methodology
Identify the Purpose (5:24)
Understand Quality Attributes (3:13)
Identify Information Needs (4:02)
Imposing Controls - ARCHITECT & SECURE (4:44)
Imposing Controls - Supervise & Balance (5:25)
Online Behavioral Advertising & Mobile Phone monitoring (5:15)
Integrating privacy by design into the business (5:39)
How the methodology meets the principles (11:57)
The pothole App under the methodology (3:41)
Exercises
PART 3 - Section 1 - My Experience & Story on your table
How I started my career (6:01)
My Full Career in One Lesson (8:40)
Money Heist (6:38)
You are what your brain thinks about you (6:06)
Why companies will choose you? It's a BATTLE! (6:11)
How important is your resume (5:12)
Be diverse! (6:48)
The Luck Role in your Career (11:34)
How much time you should spend in a company before moving out (6:56)
What takes you down in a company (5:29)
Certifications (3:25)
PART 3 - Section 2 - Transitioning into PRIVACY
Where to get started (7:04)
Learning and Background (3:18)
Transitioning into Privacy (20:18)
Available Privacy Jobs & roles on the market (5:37)
What certifications will make an impact (6:52)
Technologies related to data protection & privacy (7:05)
Data Classification, DLP and RMS (9:17)
Database Activity Monitoring - DAM (6:57)
Encryption, HSMs, Cloud relationship (9:46)
Consent and Cookie Management Tools (3:55)
PART 3 - Section 3 - Passing IAPP exams: CIPP/E, CIPM, CIPT
CIPP/E part 1 (13:16)
CIPP/E part 2 (6:15)
CIPP/E part 3 (10:28)
For passing CIPP/E you need to read Chapter 1 & 2 from this book
CIPM part 1 (6:02)
CIPM part 2 (7:37)
CIPM part 3 (8:26)
Read this short review before going for CIPM exam
CIPT part 1 (4:45)
CIPT part 2 (5:29)
CIPT part 3 (5:16)
PART 3 - Section 4 - Let's Build your Value under the Resume
The Elevator Pitch (8:18)
My resume explained - Director role - part 1 (12:14)
My resume explained - Director role - part 2 (11:18)
DPO role CV writing exercise (8:09)
Privacy Consultant role - CV writing exercise (3:26)
Privacy Manager role - CV writing exercise (3:55)
Privacy Engineer role - CV writing exercise (4:32)
How to edit the resume templates
What exactly do you want? (5:59)
Barriers of thinking big (4:49)
How to acquire a higher role or salary increase (7:26)
The interview Process (5:09)
How to do the follow up (2:36)
How to create the counter-offer (6:28)
Linkedin (2:20)
Big Corporations - Traps and What to do (3:25)
HR is important - what you need to know? (5:59)
PART 4 - Section 1 - California Consumer Privacy Act (CCPA) Overview
General Statements (6:03)
Who and What Data to protect (2:04)
Who must comply (5:27)
How to comply & exceptions (7:10)
Compliance Strategies (6:37)
How to comply - HR Processes (5:53)
Penalties and Enforcement Mechanisms (8:00)
Not all records count? (4:30)
PART 4 - Section 2 - Drafting a Privacy Policy under CCPA
CCPA Privacy Notices (7:12)
CCPA Collectors of Personal information (4:14)
CCPA Transfers to 3rd party (2:18)
CCPA Ambiguities and Takeaways (2:48)
PART 4 - Section 3 - CCPA: How to respond to Consumer's Access Request
Verifiable requests (2:35)
Substantive Response (2:09)
Categories of personal information, response timing and methods (5:17)
PART 4 - Section 4 - CCPA: What are the Consumer Rights?
CCPA Right of Erasure (3:05)
CCPA Objection to Sale & The "Do not Sell" Button (4:12)
CCPA: Non-discrimination (2:31)
CCPA: Deidentification, Pseudonymisation & Aggregation (8:18)
PART 4 - Section 5 - CCPA: How to Notify on Data Security Breaches
Statutory Damages for Data Security Breaches (3:52)
Elements of a Claim, Sanctions and Remedies (2:03)
CCPA Impact on Companies (5:31)
Data Security Requirements for Manufacturers (3:03)
PART 4 - Section 6 - GDPR and CCPA - differences and similarities
General thoughts (3:40)
Personal Scope (4:25)
Territorial Scope (2:39)
Material Scope (8:17)
Personal data - GDPR vs CCPA (8:40)
Pseudonymisation (2:50)
Controllers and Processors (6:23)
Children (3:21)
Research (6:01)
Right to erasure (6:37)
Right to be informed (3:53)
Right to object (right to opt out) (3:57)
Right of access (5:16)
Right not be subject to discrimination for the exercise of rights (2:05)
Right to data portability (3:23)
Monetary penalties (1:41)
Supervisory Authority (2:32)
Civil remedies for individuals (2:37)
PART 4 - Section 7 - CCPA Real World Scenarios
CCPA and Advertising Technology (5:12)
CCPA and Retail (5:54)
CCPA and Financial institutions (5:11)
GLBA and FCRA exemptions (5:38)
CCPA and the medical industry (part 1) (4:45)
CCPA and the medical industry (part 2) (4:18)
CCPA and IoT (6:51)
Use Case Scenario - Connected vehicles (part 1) (4:27)
Use Case Scenario - Connected vehicles (part 2) (5:07)
Use Case Scenario - Connected vehicles (part 3) (4:21)
CCPA in business 2 business (B2B) context (6:55)
PART 4 - Section 8 - CCPA Amendments
Short review with some real examples (8:21)
What to disclose and Where to disclose it
Amendments from October 2019 (part 1) (6:44)
Amendments from October 2019 (part 2) (6:15)
GDPR assessment report
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock