Privacy and Data Protection

BS 10012 is a British standard that summarizes the Personal Information Management System (PIMS) specifications. It was developed to help organizations comply with the data protection requirements imposed by the laws of the European Union, such as the GDPR (General Data Protection Regulation).

The Personal Information Management System (PIMS), supported by BS 10012, supports the GDPR principles and provides assurance to stakeholders that personal data is managed in line with best practice.

Benefits of this Standard:

• Shows your compliance with GDPR and other data protection laws,
• Improves the structure and focus of data privacy management,
• Adds personal data management to the culture of your organization,
• Help you adopt a risk-based approach to data privacy management,
• It encourages continuous improvement to adapt to changes within and outside the organization,

BS 10012: 2017 provides a framework for the Personal Information Management System (PIMS). It will help you maintain and improve compliance with data protection legislation in your organization and provide assurance to your stakeholders.

All parties involved in the planning, implementation and maintenance of BS 10012: 2017 Personal Information Management System

• What is PIMS, why is it important, and how can it benefit your organization?
• Key terms and definitions used,
• Basic requirements of BS 10012: 2017,
• Basic concepts and structure of BS 10012: 2017
• Identifying and managing risks for personal information, § Legal compliance with data protection legislation,
• Data belonging to the organization? Is it personal data?

To provide a framework for the implementation of a personal information management system (PIMS) based on BS 10012: 2017 + A1: 2018. BS 10012: 2017 is the British Standard that specifies the requirements for PIMS, which provides the framework for maintaining and improving compliance with data protection requirements and good practices.

The 2017 edition of BS 10012 is written under the General Data Protection Regulation (GDPR) and is closely aligned with the Regulation. As a result of the entry into force of the UK Data Protection Act in 2018, some minor changes were made and became Standard BS: 10012: 2017 + A1: 2018.

This training includes these changes. By participating in this two-day training, we will explain how to implement a BS 10012: 2017 based PIMS, how to develop the implementation plan, how to carry out the necessary implementation activities and how to develop the necessary documentation.

All parties involved in the planning, implementation and maintenance of BS 10012: 2017 Personal Information Management System

• Continuous improvement principle to implement BS 10012: 2017,
• Interpreting the basic concepts and requirements of BS 10012: 2017 from an application perspective,
• Preparation for third party certification,
• Implementation of the core requirements of BS 10012: 2017,
• Establishing and supporting the implementation of an action plan,
• How BS 10012: 2017 helps manage and reduce risks around personal information,
• Develop review skills and develop an implementation plan based on its current compliance with BS 10012:2017.
• How BS 10012: 2017 complies with the core privacy principles of the GDPR,
• The roles of employees and senior management in PIMS,

BS 10012: 2017 + A1: 2018 Personal Information Management System (PIMS) is designed to help organizations better understand, manage and reduce risks around personal information.

After an organization has implemented BS 10012: 2017 + A1: 2018, it is necessary to assess effectiveness by conducting an internal audit to better understand what works well and where things can be improved. By participating in this one-day training, you will understand why measuring and analyzing system implementation is so important and what areas internal audit should focus on to ensure its effectiveness.

This training will provide you and your organization with enough information about auditing the implementation of BS 10012: 2017 + A1: 2018 to enable you and your organization to understand, detect, correct and monitor the effectiveness of the system. You will improve your internal control skills.

All parties involved in the planning, implementation and maintenance of BS 10012: 2017 Personal Information Management System

• Practical techniques and methods to effectively monitor and maintain BS 10012: 2017 + A1: 2018 system,
• Basic operational requirements of BS 10012: 2017 + A1: 2018,
• What and who should be monitored and why,
• Common pitfalls that organizations fall into while implementing BS 10012: 2017 + A1: 2018,
• Improving your internal audit skills,
• Problems encountered during the internal audit, § Special requirements of the standard,
• Audit planning,
• Preparing an examination question list,
• Inspection application principles,
• Audit reporting and follow-up,
• Auditor examination and evaluation,

This standard establishes widely accepted control objectives, controls and guidelines for the implementation of measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the Cloud computing environment.

The protection of PII from both internal and external threats is a major concern for every organization, irrespective of size or market sector. Furthermore, if that PII information is held in the Cloud, information security risks can increase and the requirement to have effective and specific cloud security controls in place is critical.

This course is aimed at both cloud service providers and customers who are engaging with a cloud service provider.

The purpose of ISO/IEC 27018, when used in conjunction with the information security objectives and controls in ISO/IEC 27002, is to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor. The Standard does not replace applicable legislation and regulations, (e.g. EU GDPR, KVKK and HIPAA), but provides a common compliance framework for public cloud service providers, in particular those that operate in a multinational market.

• Personnel responsible for the implementation and management of the ISO/IEC 27001: 2013 information security management system,
• Information security consultants,
• Employees in IT departments,
• Employees in the field of computer technologies, management information systems, software systems and software development technologies.

• Cloud and PII specific concepts
• What is the cloud and how does it relate to PII?
• Cloud deployment models
• ISO / IEC 27018: 2019 – Cloud industry-specific issues
• Standards and definitions
• Structure of the standard
• ISO / IEC 27001: 2013 framework
• ISO / IEC 27001: 2013 and controls
• Control categories
• Typical application approach
• Application framework
• Application of ISO / IEC 27018: 2019
• Duties and Responsibilities
• ISO / IEC 27002 controls with industry-specific guidance

The ISO/IEC 27701 standard was published in August 2019 and is the first international standard to deal with privacy information management. The standard will help organizations to establish, maintain and continuously develop a Privacy Information Management System (PIMS) by improving the existing ISMS based on the ISO/IEC 27001 requirements and the guidance of ISO/IEC 27002.

The exponential increase in the collection of personal information and the increase in data processing has led to privacy concerns. Therefore, implementing a Privacy Information Management System (PIMS) in line with ISO/IEC 27701 requirements and guidance will enable organizations to assess, treat and mitigate risks associated with the collection, maintenance and processing of personal information.

This standard is important for the person and organization responsible for Personally Identifiable Information (PII) because it provides requirements for the management and processing of data and protection of privacy. It enriches an already implemented ISMS to properly address privacy concerns by helping organizations understand the practical approaches involved in implementing effective management of PII.

ISO/IEC 27701 is designed to identify requirements and provide guidance for the establishment, implementation, maintenance and continual improvement of a PIMS as an extension of ISO / IEC 27001 and ISO / IEC 27002 for privacy management in the context of your organization. A PIMS framework will help you run and maintain processes for your organization while providing confidence to your stakeholders.

This one-day course will help you understand the principles of ISO/IEC 27701 and the changes needed to expand your ISMS. It will help you understand how the ISO/IEC 27701 requirements provide the foundations for an effective PIMS and provide guidance on how to PII controllers and/or PII processors.

You will learn about ISO/IEC 27701 common terms and definitions, as well as basic concepts and requirements.

• PII controllers and PII processors,
• Anyone interested in the planning, implementation and maintenance of ISO/IEC 27701 PIMS.

• ISO/IEC 27701 terms and alternative terms,
• Background and intended result of ISO/IEC 27701,
• Special requirements in ISO/IEC 27701,
• Basic concepts and structure of ISO/IEC 27701,
• Understanding how to improve your PII process
• Determining the PIMS activity of an organization by application,
• PIMS specific requirements for ISO 27002,
• Security in supplier contracts,
• Contracts with Personal Data Processors,
• Data subject access request (SAR) flow chart,
• Privacy Impact Assessment (PIA),
• Understanding how the standard matches the privacy framework and principles of other ISO / IEC standards (such as 29100, 27018 and 29151) and the EU General Data Protection Regulation (GDPR),

ISO/IEC 27701: 2019 sets requirements and provides guidance for the implementation of a privacy information management system (PIMS) in the context of your organization, in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management.

By attending our two-day course, you will understand how to apply ISO/IEC 27701: 2019 principles and the changes needed to expand your ISMS. It will help you understand how the requirements of the standard provide the foundations for an effective PIMS and provide guidance for personally identifiable information (PII) controllers and/or PII processing processors.

You will learn how to apply the core concepts and requirements as well as the common terms and definitions of ISO/IEC 27701: 2019.

• Managers and consultants participating in privacy and data management,
• Responsible persons for Personally Identifiable Information (PII) in organizations,
• Persons responsible for ensuring compliance with data privacy policies and legal requirements, § PIMS team members

• Basic requirements and guidance of ISO/IEC 27701 from § both the PII controller and the processor application perspective,
• Identifying the benefits of an ISO/IEC 27701 PIMS implementation organization,
• Performing a gap analysis of compliance with ISO/IEC 27701 requirements,
• Implementing the basic requirements and guidance of  ISO/IEC 27701,
• General project management process and connection with PDCA,

ISO/IEC 27701: 2019 is designed to help organizations better understand, manage and reduce their risks around personal information. ISO/IEC 27701: 2019 is designed to identify requirements and provide guidance for the creation, implementation, maintenance and continual improvement of a PIMS in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management in the context of your organization.

By participating in this one-day training, you will understand why measuring and analyzing framework implementation is so important and what areas internal audit should focus on to ensure its effectiveness.

This training will provide enough knowledge in auditing your implementation of ISO/IEC 27701: 2019 to enable you and your organization to understand, detect, correct and monitor the effectiveness of the framework. There will be a series of practical exercises and class discussions to improve your internal audit skills.

• Managers and consultants participating in privacy and data management,
• Responsible persons for Personally Identifiable Information (PII) in organizations,
• Persons responsible for ensuring compliance with data privacy policies and legal requirements, § PIMS team members

• Conducting audit activities
• Creation of audit findings,
• Actions addressing risks and opportunities,
• Awareness – PIMS and privacy,
• Risk assessment and treatment,
• What is the PIMS auditor looking for?
• Requirements and laws,
• Examination training,
• Audit planning,
• Preparing an examination question list,
• Inspection application principles,
• Audit reporting and follow-up,
• Auditor examination and evaluation

This training is accredited by the CPD in line with the European Union GDPR Directive. Data Protection Officer Training enables you to develop the knowledge, skills and competence required to effectively implement and manage a compliance framework for Personal data protection.

• Project managers and consultants who want to comply and prepare for the Personal Data Protection Law,
• Managers of an institution responsible for the protection of Personal Data Protection and management of risks,
• Privacy managers,
• Risk and compliance managers,
• Information security, event management and business continuity team members,
• Expert consultants on the security of personal data,
• Technical experts and compliance experts who want to prepare for the Data Protection Officer job,
• Individuals who are not familiar with the matter but want to enter a data protection area with professional qualifications

This training course includes the following topics, is a combination of group exercises:

• What is Personal Data?
• Protection of personal data
• Data Controllers Registry and Inventory
• Retention and Destruction Policy
• Introduction to GDPR and initiation of planning
• Completion of planning & implementation of GDPR
• Data Protection Impact Analysis, Data protection controls & Violation incident management
• Monitoring and improvement of compliance & Final exam