Course NT-GDPR Protection and processing of personal data on GDPR | nt.ua

Course NT-GDPR Protection and processing of personal data on GDPR

The course provides knowledge and skills to implement the General Data Protection Regulation (GDPR) in enterprises and organizations, which came into force on May 25, 2018. The rules for the collection, storage, transfer and any other processing of personal data by outsourcing IT companies, banks, medical institutions, event organizing companies, social networks, online stores, as well as applications and cloud solutions that work with European personal data are being studied.


After completing this course, students will be able to:
  • study the General Data Protection Regulation;
  • implement GDPR rules in organizations that work with EU resident companies or process personal data of EU citizens.
Audience Profile

The course is intended for engineers who plan, configure and operate systems and applications on the Docker platform, including fault-tolerant solutions. The course will be useful for DevOps architects and developers who want to gain solid knowledge about the platform.


Before attending this course, students must have:
  • experience in building systems or managing information security processes;
  • knowledge of ISO 27001/2/5, PCI-DSS standards.
  1. Legal regulation of personal data protection
    • The evolution of the legal regulation of personal data protection
    • Regulatory framework for the protection of personal data in the EU since May 25, 2018
    • Scope of the GDPR
  2. GDPR overview, roles, rights and obligations, cross-border data transfer
    • Consequences for companies located outside the EU, fines and enforcement of legal regulations
    • Comparison of legal regimes in Belarus, Ukraine and Russia with the rules in force in the EU
  3. GDPR terminology
    • Personal data and their processing. Personal data controller and processor
    • Personal data, concept and types. Special categories of personal data
    • Subject of personal data
    • Categories of data subjects
    • Personal data operator, processor and controller. Separation of responsibility
  4. Processing of personal data
    • Profiling
    • Pseudonymization and anonymization (depersonalization)
    • Principles for the processing of personal data
    • Legality, fairness and transparency of personal data processing
    • limited by purpose
    • Data minimization
    • Data Accuracy
    • Storage limit
    • Integrity and confidentiality
    • Accountability
  5. The rights of the subject and the corresponding obligations of the controller and processor of personal data
    • The procedure for exercising the rights of the data subject
    • Right to information about processing
    • Right to access personal data
    • Right to Correction
    • Right to restriction of processing
    • The right to be forgotten
    • Right to data portability
    • Right to object
    • The right not to be subject to an automated decision
    • Restrictions on the rights of data subjects
    • Obligations of the controller and processor in connection with the exercise of rights by data subjects
    • Case "Nightmare letter of the data subject"
  6. Data Protection Impact Assessment and other risk management measures
  7. GDPR Requirements for Data Protection Impact Assessment (DPIA)
  8. Description of processing operations, personal data and means of their processing
  9. Legal and risk treatment measures
    • Risk sources, events, threats and risks
    • Tools for conducting a personal data protection impact assessment
    • The risk-based approach and its implementation in the organization
  10. Confidentiality, integrity and other components of information security of personal data
  11. GDPR information security requirements
    • Notification of supervisory authorities and subjects about the leakage of personal data
    • Technical and organizational risk management measures in the field of information security
  12. Cross-border processing of personal data
    • GDPR rules regarding cross-border transfers of personal data
    • Documentation of cross-border transfer of personal data
  13. Binding corporate rules
  14. Standard contractual clauses
  15. Codes of Conduct and Certifications
  16. Deviations from the rules
  17. Protection of personal data, by design and by default
  18. The Seven Fundamental Principles of Information Privacy Anne Kawukian
  19. Privacy by default
  20. Full functionality with an overall positive result
  21. Protection throughout the entire life cycle

Sign up for the closest date

Course Code

NT-GDPR

Length, days (hours)

2 (16)

Closest dates

on request

Price, UAH