Yes, after completion of the training each participant receives a personalised certificate confirming their participation in the training.

Yes, it is even recommended. 😊 When conducting our training, we do not want it to be an ex cathedra lecture. We favour a workshop-based approach to prepare our trainees as best as possible for the challenges posed by personal data protection.

Due to the workshop format of our courses we endeavour to keep groups to no more than 12 participants.

If the training is financed at least 70% by public funds, this provides a basis for exemption from VAT. In such a case, in the registration form in the third step (Invoice) we ask you to select the option: "I declare that the training is financed at least 70% by public funds. Consequently, I request exemption from VAT".

In accordance with the regulations of our training courses, the selected service must be paid for no later than two days before the training.

Yes, in such a case please provide this information in the fourth step of our form, in the "Additional remarks" field.

This is not necessary. We conduct online training via the Microsoft Teams application, which also allows us to send a link that can be opened in a web browser.

This is not necessary; however, to facilitate asking questions and exchanging experiences, we recommend using a headset with a microphone.

Yes, in such a case please provide this information in the fourth step of our form, in the "Additional remarks" field.

In most cases we confirm the training course one week before the scheduled start date. We want to ensure that participants in our training courses have the opportunity to familiarise themselves with the materials in advance.

As soon as the training has concluded, the books will be sent by courier to the address provided in the registration.

We are aware that certain documents can sometimes present difficulties, so we will gladly help with completing them. In such cases, please contact our training coordinator.

Our training coordinator is available at the e-mail address: [email protected].

We also invite you to contact us by telephone at: 22 740 99 99 or +48 690 004 852

The first thing is certainly an IT audit: performing an analysis of the entire infrastructure, identifying and describing organisational and technical safeguards, and consequently indicating the areas where we should make changes. Risk analysis is the next stage, which will help us adapt documentation and systems to RODO. The risk analysis is one of the most important documents of the whole process, in which we assess the risk of vulnerabilities occurring for the resources present in our organisation. We conclude everything with a risk treatment plan and documentation compliant with RODO guidelines.

IT outsourcing is a good solution for organisations that do not have their own IT department; unfortunately, we cannot always count on full support in terms of RODO. At such times, entrusting the appropriate tasks to an external entity can help. It is the external entity that should identify any gaps – we can expect recommendations that improve the functioning of the entire organisation. Depending on the contract signed, we can expect additional benefits in the form of employee training, informational bulletins or support during the term of the agreement.

In accordance with the guidelines of RODO, the data controller is obliged to implement appropriate technical and organisational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate this. The selection of appropriate hardware depends on the size of the organisation. Regardless of size, the first line of defence should be securing the interface between the public network and the LAN by using appropriate equipment: router, firewall, switch. It is on this equipment that we should enable services such as: DLP, IPS/IDS, port rules. The next challenge is authentication, assigning permissions, and monitoring access rights to IT systems and the software used in daily work: 2FA, login rules via AD, and performing backups. Regardless of technical safeguards, we should also remember the physical security of our organisation: external access control, monitoring systems, alarm systems, fire protection.

The security of IT systems is one aspect of the protection of personal data that we should attend to in daily work, but not the only one. Building user awareness is another very important aspect of protecting personal data.

In addition to standard first-day training, we should also take care of the employee's development throughout their period of employment by:

• •implementation of an e-learning platform;
• •informational newsletters regarding formal-legal aspects and information security;
• •a circular concerning current threats originating from the Internet;
• •external training;
• •internal intranet – publishing current procedures and policies accessible to users.

This is not precluded, although it may give rise to a conflict of interest which the data controller is obliged to prevent. Typically, the main duties of the IT systems administrator include administering the servers within which personal data are processed, implementing appropriate IT system safeguards and identifying threats. Consequently, a person responsible for the ongoing processing of personal data and for the security of those data in IT systems would simultaneously supervise the lawfulness of their own actions. Such a situation may lead to an actual lack of oversight over the compliance of data processing with legal provisions and to a clear conflict of interest. According to UODO, in such situations the assessment of whether the above-mentioned conflict of interest does not occur in the case of a particular person and the tasks they perform should always be made individually, taking into account the specific circumstances.

RODO says a lot about cybersecurity, because it aims to protect personal data and ensure that they are processed securely. A few key points regarding cybersecurity in the context of RODO are:

• •Appropriate technical and organisational measures: RODO requires that entities processing personal data implement appropriate technical and organisational measures to ensure the security of data.

• •Risk assessment: The data controller must carry out a risk assessment related to the processing of personal data, covering potential threats to data security and ways of minimising them.

• •Processing by external entities: RODO requires monitoring of entities processing personal data, such as cloud service providers, to ensure that they meet appropriate data security requirements.

• •Understanding of technology: The Data Protection Officer (DPO) should have a general understanding of IT technologies and information systems used in the organisation, including knowledge of computer networks, databases, operating systems and cloud infrastructure.

• •Incident management skills: The Data Protection Officer (DPO) should be able to effectively manage data security incidents, including responding to data breaches, conducting investigations and taking remedial actions.

• •Awareness of threats and trends: The Data Protection Officer (DPO) should be aware of current threats to data security and trends in cybersecurity and data protection in order to be able to take appropriate preventive measures.

• •Auditing skills: The Data Protection Officer (DPO) should have the ability to carry out data security audits, including assessing compliance with legal and regulatory requirements and the effectiveness of the data protection measures applied.