DSM Avocats à la Cour offers data protection training through presenting the GDPR requirements. The training sessions are in French, English or German. We propose training sessions open to the public or internal and tailor made for your business, the goal of which is to reinforce your skills on these constantly changing topics.

The training sessions are adapted to both the operational needs of enterprises as well as national and European legal developments.

All of the proposed training modules can be tailor made and delivered on-site to businesses, by videoconference, or for public training sessions, take place at DSM Avocats à la Cour’s offices or in a dedicated conference room, which are equipped with the necessary teaching tools for hosting interactive sessions (projection screen, access to parking, Wi-Fi, etc.).

Our training sessions take place in a small group setting to allow each participant to interact and ask  questions. The sessions are as practical as possible.

Our rates include a training tool (incorporating the presentation, the texts and jurisprudence, as well as case studies), and depending on the training session, breakfast and/or lunch.

The week following the training session, each participant can ask questions of the lawyer conducting the session by email to clarify or give specifics on a point covered during the training session (one question per participant).

The modules presented below may be modified and personalised depending on the needs and specificities of the participating businesses:

Module 1 – Introduction to the GDPR

  • Context / What is at stake with data protection
  • Revision of the legal framework applicable to data protection
  • Guidelines and opinions from authorities
  • GDPR’s scope of application
  • Role and mission of the monitoring authority, the CNPD
    • 1 hour

Module 2 – Key concepts

  • Identify whether one’s organisation is subject to the GDPR
  • Absorbing the new GDPR concepts
  • Personal data, sensitive data, data processing
  • GDPR principles
  • Identification of data subjects
    • 1 hour

Module 3 – Consent and the GDPR

  • Various lawful bases
  • Choosing the lawful basis to use
  • The different requirements for the lawful bases
    • 1 hour

Module 4 – Organise compliance

  • Realising a gap analysis (or an audit)
  • Maintaining a processing activity register
  • Establishment of other documents required by the GDPR
  • Data subject information
  • Defining relationships with third parties: subcontractors, joint data processors
  • Ensuring the legality of data transfers outside of the EU
  • Reacting in case of a data breach
    • 2 hours

Module 5 – Sustaining compliance

  • Establising a GDPR compliance mechanism for one’s organisation
  • Retaining proof of measures taken
  • Ensuring the perpetuation of compliance
  • Preparing for CNPD monitoring, review of points regularly tested by the CNPD
    • 2 hours

Module 6 – Subcontracting data processing

  • Selecting and determining whether the subcontractor provides the necessary guarantees
  • Identifying and putting into place the missions and requirements for processing (DPA)
  • Maintaining processing activity and subcontractor registers
    • 1 hour

Module 7 – Performing a Data Protection Impact Assessment (DPIA)

  • Identify the processing subject to a DPIA
  • Determine the contents of a DPIA
    • 1 hour

Module 8 – Appointing a DPO

  • Identify whether the appointment is required
  • Determine who can be appointed as Data Protection Officer
  • Establish the DPO’s missions
    • 1 hour

Develop your data protection skills.

Request a proposal by sending an email to mcuche@dsm.legal