This training is taught in English.
The privacy by design training takes a generic concept in legislation and turns it into something tangible and practical. Starting from a solid risk management and threat modeling framework (LINDDUN), the privacy by design training will take you through the steps of implementing privacy by design in real world examples and case studies. This will allow you to apply the knowledge in your own projects or applications to better protect client, employee, or user data and work with other people involved in privacy to carry out DPIA’s or other assessments and GDPR requirements.
The examples you work on during the training are based on the experience of two trainers that have been active in the world or privacy and data protection for over a decade. During multiple case studies the training will teach you to apply the privacy by design principles and document your efforts accordingly to fulfill the accountability principle in GDPR.
Technology is an important part of the training. Not because this is an IT training but because the processing of personal data increasingly has a technological component which can result in challenges to protect data or can help to enhance privacy.
Why take this course?
- You want to learn how to apply privacy by design in your organization or product
- You want to apply privacy in your system design in a structured and reproducible way
- You want to be able to verify whether a process or product is applying privacy by design
- You want to have the knowledge to assist people in your organization regarding DPIA’s or other GDPR requirements.
People who have an affinity for privacy and are involved on the more technical / operational side of processing personal data, for example within companies that make software, or are involved with governments and other organizations that have developed complex software that processes personal data.
Examples of roles:
- DPO / privacy officer
- CISO / security officer
- CDO / data officers
- Data scientist
- Senior developers
- Project managers
- Software architects
- Product owners / managers
- Functional Analyst
Educational approach of this course
This training takes place in a training room in a hotel
This training is provided by instructors who are top experts in their field. The instructor presents the subject matter using a presentation.
During the explanation, there is interaction with the group including remote students. Typically, the group for this course is about 20 students (minimum 8, maximum 24 students).
During the training, students will work in groups (depending on training model, physical or remote) to solve practical use cases.
Each student receives a printed version of the training material with space for taking notes. In addition, the information is made available in a digital learning environment. For all knowledge items, the instructor refers to examples from practice.
This course does not include an exam. However, a knowledge test is available on the learning platform. Students receive a certificate of attendance after the training.
In addition, participants will have the opportunity to book a session with DPI at a later date to discuss a project or example of privacy by design and receive feedback.
How to prepare yourself
A short introductory chapter on privacy and data protection is included in the training, but prior knowledge via any type of GDPR training course or knowledge regarding the basic principles and requirements of data protection is beneficial.
A basic understanding of the software development (i.e. the development lifecycle) is also a plus.
There is no specific preparation expected.
It is possible to forward questions in advance regarding privacy by design challenges you would like to see discussed (to the extent possible and in line with the scope of the training).
Introduction GDPR (incl. basic principles)
Introduction to Privacy by Design
- Privacy by design vs. data protection by design
- Privacy definitions and properties
- Privacy by design principles
- Guidelines and frameworks on privacy by design
Privacy threat modeling – Introduction
- Threat modeling basics
- LINDDUN foundation
Model the system
- Architectural models for threat modeling
- Data flow diagrams
- Case study
Analyze privacy threats
- LINDDUN threat categories
- LINDDUN threat knowledge
- Privacy threat elicitation
- Case study
Manage privacy threats
- Threat prioritization
- Mitigation strategies
- Privacy enhancing solutions
- Case study
LINDDUN – Resources & future
During day two you will work a full project case study created for this training: Fittest. Fittest is an organization that creates a fitness tracker and accompanying app which includes many features that will test your newly acquired privacy by design knowledge. The Fittest case study simulates a project from its early design to final delivery having applied privacy by design throughout the project lifecycle.
Examples of concepts and technologies:
- Anonymization and pseudonymization
- Transparency & Fairness
- Data subject rights & control
- Location data
- Test data
We are recognized by:
Registration number KMO portefeuille: DV.O213013
Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 45% or 35% subsidy for cybersecurity from the Flemish Government on the cost of registration.
Acknowledgement by Chèque-Formation
The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.