GDPR Certification Lead Auditor and Consultant Training
Join CSA’s two-day Lead Auditor and Consultant Training for the CSA GDPR Certification and Code of Conduct course which will train lead auditors and consultants in the CSA GDPR Code of Conduct and the CSA GDPR Certification. Both these initiatives offer organizations a means to demonstrate their compliance and data protection transparency to GDPR.
The course trains lead auditors and consultants on both the CSA GDPR Code of Conduct Proposal as per Article 40 GDPR and the forthcoming CSA proposal for GDPR Certification as per Article 42 GDPR. The CSA GDPR Code of Conduct as per Article 40 GDPR is currently progressing under the review of the CNIL and the CSA GDPR Certification as per Article 42 GDPR will be submitted to the CNIL for its review in the coming months.
Course Preview
During day one, students will learn the controls covered in the CSA Code of Conduct, starting with the fundamentals of GDPR and the objectives, scope and methodology of the CSA Code of Conduct (CoC). Students will then go through each of the controls covered in the CoC:
• Controls 1-5: CSP declaration of compliance and accountability, CSP relevant contacts, ways in which data will be processed, recordkeeping and data transfer.
• Controls 6-10: data security, monitoring, personal data breach, data portability and migration, and restriction of processing.
• Controls 11-15: data retention, restitution and deletion, cooperation with the cloud customers, legally required disclosure, remedies for cloud customers and CSP insurance policy.
• Governance and Adherence Mechanisms
On day two, students will work through the practical application of the controls with two different case studies. Afterwards, students will review and receive feedback on the work performed in each of the case studies.
The CoC provides Cloud customers of any size with a tool to evaluate the level of personal data protection offered in connection with services provided by different CSPs (and thus to support informed decisions).
Who should take this course?
The CSA GDPR training is aimed towards professionals, wanting to learn how to guide organisations toward GDPR compliance, or audit cloud providers based on the requirements of the CSA Code of Practice for GDPR compliance.
Individual best suited to this course are:
• Auditors and consultants in IT security, privacy and cybersecurity
• Managers in emerging technology, risk and compliance
• Data Protection Officers (DPOs)
• In-house legal counsel, lawyers specializing in privacy, data protection and IT law
• Fintech consultants and specialists
In addition, this training is a requirement for any professional who wants to become a…
• CSA GDPR Certification Lead Auditor
• CSA GDPR Code of Practice Consultant
The CoC helps CSPs of any size and geographic location to comply with EU data protection legislation and to disclose, in a structured way, the level of personal data protection they offer to customers, in connection with their services.
Course Leadership
Paolo Balboni
Founding Partner of ICT Legal Consulting
Top-tier ICT, privacy & data protection lawyer. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity within the Maastricht University Faculty of Law. President of the European Privacy Association. Lead Auditor BS ISO/IEC 27001:2013.
Contact Details
Piet Heinkade 55 (11th floor) – 1019 GM – Amsterdam – The Netherlands
Phone: +31 (0)20 894 6338
Fax: +31 (0)20 808 5050
Do not hesitate to contact us for more information at info.int@ictlc.com
Download our brochure
Testimonials
“I am a senior consultant at eGovCD in Berlin and support small and medium-sized cloud providers to become compliant with the GDPR based on the CSA CoC. The training conducted by Paolo and his team helped me to gain additional insights into the CSA CoC and its overall background. In particular, the case-based approach of the training was enormously helpful to better understand how to apply the CSA CoC.”
“After attending the ICT Legal Consulting training on CSA’s CoC for GDPR, I have a deeper understanding of, and appreciation for, the effort that went into the CoC and the training. The training was comprehensive in nature and spoke to both the consulting side regarding implementation of the program as well as the auditing / assessment side of an already established program. The training was comprehensive in nature and included a detailed walkthrough of the requirements and a few case studies with different scenarios. As such, the training provided context behind the requirements along with real-world scenarios on how they could be applied. The active discussion and participation of the class, which included attendees from various industries and countries, allowed everyone to weigh multiple perspectives as we walked through the CoC requirements. I have no doubt that the CSA CoC will be a useful tool for the industry and that the training prepared and administered by ICT will guide professionals in the proper administration and oversight of the program.”
“I attended the training given by ICT Legal Consulting on the new CSA CoC for GDPR, and I must say that it was a great experience. It helped us to understand how Cloud Service Provider(s) can ensure compliance and deliver assurance to their clients. I can now assist clients in the CSP industry in Belgium for the implementation of the CoC, which I believe is fairly accurate and pragmatic. The training helped me understand the theoretical aspect of it together with some application through exercises. The expertise of the instructor and the presence of the CSA member in the room helped us understand better the background and reasoning behind some of the controls.”