Below is a list of Tacita's core training modules. These modules are appropriate for employee self-study GDPR training. All of these modules are included in Tacita's Premium Package. Alternatively, please contact us to purchase a tailored training pack.
1. Introduction to GDPR - A presentation on GDPR basics. It introduces: what the GDPR is, why it is important, what personal data is, what special category data is, the data life cycle, the GDPR's individual rights, and the GDPR's fundamental principles.
2. 12 Steps to GDPR Compliance - A presentation for your organisations senior management on Tacita's recommended 12 steps to achieving GDPR compliance.
3. GDPR Common Terminology - A presentation that defines the most common GDPR terminology.
4. Fundamental Rights and Principles - A presentation providing a detailed look at the GDPR's 7 fundamental principles and 8 individual rights.
5. GDPR Data Life Cycle - A presentation on the data life cycle of personal data.
6a. Legal Bases & Consent - A presentation on the legal bases of data processing, including an overview of the GDPR's legal requirements surrounding consent.
6c. Record of Consent Template - An excel file of a record of consent template containing all legally required categories of data alongside additional categories that will help with ongoing GDPR compliance. Tacita recommends that you use this as a basis for creating an automated record of consent database.
7. Privacy Policies - A presentation on privacy policies giving: an overview of how to write policies, a list of recommended data protection policies, and full examples of these data protection policies.
8a. Privacy Notices - A presentation on privacy notices describing: why they are needed, where they must be presented, what information is legally required, and general guidance on creating privacy notices.
8b. Privacy Notices Guide - A document giving detailed information on the legal requirements of a privacy notice.
8c. Privacy Notices Template - Tacita's privacy notice template that can be adapted your organisation's needs.
9a. Data Protection Impact Assessments (DPIAs) - A presentation on DPIAs describing: what they are, when they are required, what information is legally required in a DPIA and practical approaches to DPIAs.
9b. DPIA Template - Tacita's DPIA template, including all legally required categories of information, additional categories of information that are useful for overall GDPR compliance and guidance on how to fill out the template.
10. Data Mapping - A presentation on data mapping, giving an overview of what data mapping is, why it is needed, how it links to your record of processing document and how you should be performing a data mapping exercise.
11a. Records of Processing (RoP) - A presentation on RoP documents, covering: when an RoP is legally required, what information you must include, how to create an RoP document, and other useful categories of information that you should include in your RoP.
11b. Records of Processing Guide - A detailed document on the benefits of an RoP and the requirements surrounding them.
11c. Records of Processing Template - Tacita's RoP template, containing the legally required categories of information and additional categories of information that are useful for maintaining overall GDPR compliance.
11d. Records of Processing Quality Assurance Guide - Organisations with large amounts of data processing will often have multiple employees maintaining sections of the RoP. This quality assurance guide is for the use of your organisation's privacy manager/data protection officer. This document is a guide to performing a quality assurance procedure on an RoP which has multiple authors.
11e. Records of Processing Quality Assurance Template - Tacita's RoP quality assurance template.
12a. Subject Access Requests (SARs) - A presentation on SARs giving an overview of: what a SAR is, what the scope of a SAR should be, exemptions to SARs, legal requirements of SARs, guidance on performing a SAR, and advice for making your SAR process easier.
12b. Subject Access Request Guide - Tacita's recommended procedure for responding to a subject access request.
13. Data Breaches - A presentation on data breaches, defining what they are, how they can occur, what the legal requirements are if a breach occurs, and how to report the breach to a supervisory authority.
13b. Data Breach Procedure - A document describing how your organisation should manage data breaches, including detailed information on reporting a data breach
13c. Register of Data Breaches Template - Tacita's template for a register of data breaches.
14. Transferring Personal Data - A presentation on transferring personal data between two organisations within the European Economic Area, highlighting: what information is needed in a contract, what a data processing agreement is and what a data sharing agreement is.
15a. Technical and Organisational Measures - A presentation on technical and organisational security measures, covering: what they are, where they are needed, relevant GDPR legislative text, and different categories of security measures.
15b. Implementing Technical and Organisational Measures - A document giving a detailed description of recommended technical and organisational measures.
16. International Transfers - A presentation on transferring personal data from within the European Economic Area (EEA) to outside the EEA. The presentation gives an overview of: binding corporate rules, privacy shield, adequacy countries, restrictive transfers and standard contractual clauses.
17a. Internal GDPR Auditing - A presentation on how to conduct an internal GDPR audit, giving guidance on: the benefits of an internal audit, planning an internal audit, practical approaches to audits, and methods of continuous audits.
17b. Internal GDPR Auditing Procedure - A document detailing the areas that should be covered in an internal audit and suggestions on how to perform a continuous audit.
17c. Internal GDPR Auditing Schedule - A schedule for an internal continuous audit.