General Data Protection Regulation (GDPR)

|, Public Courses|General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) course is a course that is intended to bring attendees up to speed with the new regulation that will come into effect on the 25th of May 2018. This regulation is important and is attracting a lot of attention not only because it significantly changes what is legally doable within the data acquisition, processing and retention space, but also because of the penalties that it sets out. Indeed, penalties for GDPR breaches may go up to 20 million euro or 4% of worldwide turnover, whichever is the highest. This means that anyone who handles any sort of personal data, including but not limited to employment data, subscriptions data, client data and data collected automatically through a website that allows the identification of the data subject is subject to GDPR provisions and needs to ensure compliance to avoid punitive fines that may easily drive a firm out of business. The course is designed to set the GDPR in context and to give attendees practical tools for ensuring compliance and avoiding the debilitating fines that non-compliance will entail.

Countdown to GDPR compliance deadline

2018/05/25 00:00:00

General Data Protection Regulation (GDPR) Programme Summary

More than two decades ago, the European Community (now the European Union) felt the need to align data protection standards within their Member States in order to facilitate and enable cross-border data transfers. Back then, national data protection laws provided inconsistent and at times incompatible levels of protection. They offered neither legal certainty for individuals nor for data controllers and processors. As a result, with the intent of promoting and fostering the single European market, in 1995, the European Community adopted Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (referred to in short as the Data Protection Directive).  This Directive was aimed at harmonising the protection of individuals’ fundamental rights in terms of data processing activities and to ensure the possibility of a free flow of personal data between EU Member States under a legal framework that was clear and certain.

As European Directives are not directly applicable in EU Member States but have to be transposed into national law, they made up for implementation differences that hindered the original objective of the Data Protection Directive to harmonise the level of data protection within the EU. The result was that data processing activities deemed legal in one EU Member State could be unlawful in another.

Fast forward to 2016, and the result of the Data Protection Directive’s failures have, after a series of tough rounds of negotiation, culminated in the General Data Protection Regulation (GDPR) which supplants the former. As a regulation, it is directly applicable to EU Member States and does not require transposition that could introduce distortions in implementation. The compliance burden of the new regulation is very considerable as data protection duties have proliferated, but the applicable non-compliance fines, that have been drastically increased scarcely leaves room for error. Indeed, under GDPR, organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater. As a result, all organisations that process any form of personal data should carefully reorganise their internal data protection procedures in order to reach compliance with the GDPR by the time it enters into force. This will happen on the 25th of May, 2018.

Organisations in the USA have been preparing for this change since 2016, but their EU counterparts are very late and are now scrambling to ensure compliance. This course has been designed to provide a general overview of the regulation, as well as practical hands-on tips and checklists designed to ease the burden of complying with the Regulation. Some areas of the Regulation are still ambiguous and will remain so until legally tested and until case law in the area builds up. Most other areas are however crystal-clear. This course aims to identify both clear and ambiguous areas and argues for a cautious approach given the daunting level of the fines. It is composed of the following modules:

  • Introduction to Data Protection and the GDPR
  • GDPR in Detail
  • How to Comply: Organizational Requirements
  • The Nuts & Bolts: Technical Aspects of GDPR Compliance
  • GDPR in Context: Examples and Special Processing Activities
  • Conclusions

GDPR Course Objectives

The high-level objectives of this course include:

  • understanding the history, the context and the aim behind the GDPR and data protection legislation;
  • understanding what the GDPR adds to and changes from previous legislation;
  • gaining an appreciation of how to define and deal with personal and sensitive data;
  • getting up to speed with the 6 principles of data processing;
  • understanding when data can be processed legitimately;
  • understanding when data can be transferred abroad and under what conditions;
  • gaining an appreciation of individual rights;
  • understanding what data controllers’ and processors’ obligations are;
  • formulating an implementation path to GDPR compliance:
    • the technical measures necessary to ensure compliance with the GDPR
    • breach consequences
    • the processing of data in context

GDPR Course Fees

The Fee for the Course is as follows:

  • Registration Fee (Non-Refundable): EUR 35; and
  • Course Fee including: Lecture, Course Notes, Certificate of Attendance, Refreshments (Please see our Terms & Conditions on changes, rejections & cancellations): EUR 265.

By registering for the course, you are agreeing to be bound by all the terms and conditions including payment terms. Upon Registration, an invoice will be issued for payment which includes the Registration Fee and  the Course Fee (which you will not be required to pay in terms of rejection but for which you are agreeing to pay in case of acceptance in line with our Terms and Conditions). The invoice is to be paid in its entirety within 15 days from the day of issuance. However, should you not meet the Eligibility Criteria for the selected course, the Course Fee will either not be levied or will be refunded if it has already been paid. the Registration Fee will remain non-refundable. Should you wish to check about your Eligibility or clarify any other issues prior to Registering, kindly contact us on:

Jobs+ Training Funds

The course qualifies for the Jobsplus “Investing In Skills” scheme, where a grant equivalent to 50%, 60% or 70% of the direct training cost and a compensation for staff time (exact sum to be determined on an ad hoc basis through a Jobs+ dynamic spreadsheet) can be availed of. For more information and links to the application forms, please click on the button below.

GDPR Course Date

This course is planned to take place over one full day and the next intake is scheduled for 26 October 2018.

Given that we are currently very busy delivering this course on an in-house basis, should you require the course to be delivered earlier, please get in touch so that we can see whether we are able to provide you with alternative arrangements.

National Commission for Higher Education Accredited

Equinox Academy is licensed as a Higher Education Institution (License number 2015-005) by the National Commission for Further and Higher Education.

Microsoft Education Institution Partner

Equinox Academy is registered as a Microsoft Partner Network Member as an Education Institution.


Detailed GDPR Course Programme

Tutor:    Jackie Mallia Scerri

Time:     09:00 – 10:00

  • Privacy and Data Protection: Why Protect Individuals’ Data? and
  • Previous Data Protection Legislation: What’s New under GDPR?

Tutor:    Jackie Mallia Scerri

Time:     10:00 – 12:30

  • Scope and Applicability of GDPR: When, Where and to Who it applies;
  • GDPR in Essence: the 8 Basic Principles Explained;
  • Lawfulness: Legal Justifications for Data Processing; and
  • Cross-border Data Transfers.

Tutor:    Jackie Mallia Scerri

Time:     13:00 – 14:00

  • Data Subject’s Rights;
  • Obligations of Data Processors; and
  • Enforcement & Fines.

Tutor:    Jackie Mallia Scerri

Time:     14:00 – 15:00

  • General Obligations;
  • Technical and Organisational Measures;
  • Recording Your Processing Activity;
  • Data Protection Impact Assessment;
  • Data Protection Officer;
  • Privacy by Default and Privacy by Design; and
  • Dealing with Personal Data Breaches.

Tutor:    Bernard Mallia

Time:     15:00 – 16:00

  • Data Protection Officer Tools;
  • Assessing the Data Sources;
  • Tools and Access Rights;
  • Records and Documentation Issues;
  • Engaging Processors;
  • Tools and Data Protection by Design and by Default;
  • Security and Data Breach Tools;
  • Data Protection Impact Assessment Tools;
  • Instances of Data Breach; and
  • Changes required to IT Systems to Ease Compliance Burdens.

Tutor:    Jackie Mallia Scerri

Time:     16:00 – 16:40

  • Big Data;
  • Cloud Computing;
  • Internet of Things; and
  • Handling Employee and Prospective Employee Data.

Tutor:    Jackie Mallia Scerri

Time:     16:40 – 17:00

  • Session Wrap Up; and
  • Questions & Answers.

GDPR Course Trainers

Jackie Mallia Scerri

Dr. Jackie Mallia Scerri is the main trainer for this course. She has been working in the fields of privacy and data protection for over 15 years, has followed the GDPR developments very closely and has extensive hands-on experiences with several of her private sector clients’ endeavours to become GDPR-compliant. Jackie can safely be relied on to answer most of the queries that attendees to this course might have, however complex such queries happen to be.

Jackie obtained a Doctorate of Laws at the University of Malta in 1999 and commenced her career as a litigation lawyer, gaining experience in civil, commercial, constitutional and insurance litigation. Eventually, she proceeded to pursue her studies at Queen Mary, University of London, in the areas of Internet Law, Data Protection, Communications Law, Computer Law and Competition Law.

Jackie is the Managing Director of Equinox Legal, and the President of the Mediterranean Institute of Innovation, Communications and Technology (MIICT), a Non-Governmental Organisation set up for the carrying out of projects relating to Innovation, Communications and Technology. She is also a certified Data Protection Practitioner.

Bernard Mallia

Bernard is an experienced business professional with strong ICT and business advisory competences. He is the person with whom our clients share practical real-life scenarios and difficulties with the intent of learning how to exploit an ensemble of logic and software platforms to solve them. Bernard brings to the table not only his expertise in ICT but also his considerable knowledge of data modelling, processing, rule-based data retention on several platforms and the implications of GDPR and contributes to the delivery of this course through his insights on practical implementation details in the ICT space.

Bernard is an experienced consultant and adviser in the fields of Economics, Project Management, and ICT . He has a polymathic background and was awarded his first degree in Commerce with a specialisation in Public Policy and Economics, as well as an honours degree in Public and Private Sector Management from the University of Malta. He pursued post-graduate studies at the University of Edinburgh, where he read for a M.Sc. in Economics, and at the European University where he read for a M.Sc. in Information Systems. He has also been the recipient of diplomas in Computerised Bookkeeping (IAB), Project Management (CIC), and Advertising and Public Relations (CIC). Bernard is a certified MS Office Specialist Expert (Certiport) and a SQL Server 2005 Microsoft Certified Professional.

He is currently the CEO of Equinox Group, the President of IRISS and the Vice-President of the MIICT.

Other Equinox Academy Courses

Location where the Training will be Held

Equinox Academy Ltd.

36, Archbishop Street
Valletta VLT 1447
Phone: +35621376242

Parking Arrangements

Given the time in which this course will take place, it would be best to park at the MCP or the Floriana Park & Ride facility just before 8 AM. For those who would like to park within Valletta, there is a CVA charge of €6.52 that you will be billed for. A prepayment discount is available for those who prepay the charge on the online CVA system. Parking on the Valletta ring road (5 minutes away on foot from the training venue) does not incur a CVA charge.

Registration Terms and Conditions apply.

5 reviews for General Data Protection Regulation (GDPR)

  1. Joaquin Reyes

    Hands down the best GDPR training I’ve been to and thoroughly recommended to anyone. Could, from a selfish perspective, have been more detailed in some areas (IT) and less in others (HR), but I’m sure that everyone has a different preference angle in this regard and the trainers did a brilliant job in making it palatable to all the different functions that the course was done for. Maybe from the point of view of someone attending an in-house course, it might have been good to have this course extended over two full days rather than one day, as the trainers’ knowledge is clearly very vast and it would have been great to be able to pick their minds on several different aspects that a course targeting HR, IT, Finance and Admin can never give you the opportunity to do. All in all, a great job though. Definitely the best GDPR training I’ve been to so far. You deserve a big thank you!

  2. Charmaine Borg

    A great course, delivered by very knowledgeable subject-matter experts who clearly have hands-on exposure to the Regulation. My company has been preparing for the wide-ranging consequences of GDPR for over a year, and I’ve been to over 6 courses on GDPR. Some have been related to the current Data Protection Act (rather than on GDPR as advertised), some others have been very theoretical with little practical value, and others yet have been just a brazen sales pitch from companies trying to sell their consultancy services or their software to attendees. This was the first truly comprehensive course on the subject of GDPR and without any doubt the best training I have attended on the matter. I just wish I knew about this course over a year ago, when we had started working on GDPR compliance. A heartfelt thank you not only for a course well delivered, but also for answering the questions that no one else managed to give me an answer for.

  3. Rui Costa Meira

    I found Equinox Academy GDPR Training to be a great asset in order to understand the broader scope on both theoretical and pratical scenarios.
    The fact the presentation went above the simple GDPR ruleset was also great and gave good context. Recommended.

  4. Jonathan Calleja

    The best 1-day GDPR course around. GDPR is a broad topic and tackling it from a legal and a technical perspective, as Equinox Academy did, brought out the true extent of the complexity of the regulation, as well as the grey areas that still exist pending the publication of the Working Party on Article 29 Guidelines and the building up of case law. The course, which lasted one whole long-day might benefit from being split over 2 half days, but was definitely top-notch and not really comparable to other GDPR courses on the Island. I would recommend it over any other courses being given in Malta at the moment to anyone looking to learn the ins and outs of GDPR at a detailed level without hesitation.

  5. Josette Aquilina

    This is the fourth GDPR course I’ve been to, and I can without hesitation or reservation say that it beats the other courses I’ve been to hands down. Thank you for a well-designed, well-delivered and well-explained course on such a difficult and otherwise airy-fairy topic.

Only logged in customers who have purchased this product may leave a review.