Introduction

There has been a tectonic shift in the importance of data protection and privacy since the pandemic. 

The remote workforce trend, coupled with penetration of broadband, the internet of things and the data revolution has led to a massive increase in internet-connected devices, and correspondingly, data leaks and cybercrime across the world.  
 
2020 brought in not just the COVID pandemic, but a cyber pandemic as well, as per a website called Government Technology. 

Cyber-attacks have increased manifold - by way of example, the World Health Organization witnessed a 5x increase in cyber attacks. 

Cybercrime will cost the world 10.5 trillion dollars by 2025.

Data leaks have been faced by virtually every famous company and growing startup - whether it is Microsoft, Twitter, Zoom, Zynga, Dubsmash, Digital Ocean, Mercato, WhiteHat Jr, Unacademy, etc.   

A virtual/ remote work environment has increased the number of devices logged into the internet through open networks (not company intranets), leaving open vulnerabilities. 
 
Further, a survey by Ernst & Young and IAPP revealed that the sudden need to shift to work from home to survive in the pandemic had led organizations to accelerate or skip privacy checks of various software, thus exacerbating the effect.
 
Countries across the globe have responded strongly by enacting data privacy legislations despite the pandemic so that organizations take measures to protect and secure the data that they collect, and that is leading to an explosion of careers in the data protection and privacy space. 

Here are some trends: 

• Global corporations which collect or process data of EU residents or have a presence in the EU, or sell software to EU-based businesses are required to comply with GDPR.    
• Over 2020 and 2021, there has been a wave of data protection legislation around the world either being brought into existence or being revamped or amended, with many coming into force in 2021. For example, Canada is considering a new Digital Charter Implementation Act to replace its privacy law. California and Virginia have passed state-level privacy laws and several other states have prepared draft privacy legislation or introduced privacy bills. Brazil passed a data protection law in September 2020, Australia plans to review its privacy legislation, China and India are planning to introduce privacy legislation.
• Customer awareness around data protection has increased - platforms run the risk of losing customers due to reputational damage if they do not strictly observe the law, or are not fair and transparent about how they deal with data. For example, the change of policies by Whatsapp saw a mass exodus of users. This is going to increase available legal work in this area.  
• The frequency and amount of fines being imposed by Data Protection Authorities are increasing, and owing to high cost and reputational impact, organisations are deploying highly trained professionals to prevent the risk of such fines being imposed. 

Earlier this year, in January, a State Data Protection Commissioner in Germany fined a company a staggering amount of EUR 10.4 million because the company had video-monitored all its employees for a period of two years and stored the recordings for more than 60 days without any legal basis. These instances only increase the concern of the industry to get appropriate advice and implement proper data protection and privacy measures.

On top of that, the law is constantly changing, requiring businesses to keep on their toes about ensuring compliance.

This situation has created the need for organisations to build in-house privacy teams and engage trained professionals in various in-house and external roles, such as a Data Protection Officer, a Privacy Associate, Chief Privacy Officer, etc. 

This work can entirely be performed remotely - freelancing platforms such as Upwork have hundreds of projects listed for GDPR implementation and advice, drafting data processing agreements, conducting impact assessments, and drafting privacy policies and terms of service compliant with data protection laws of multiple countries.

There is a huge opportunity for young lawyers, accountants and company secretaries to assist organisations with data protection and privacy-related issues.

Due to their prior training in interpreting rules, or in following specific processes, or in compliance, lawyers, accountants and company secretaries are very well suited to perform this work.   
 
How can a young lawyer, accountant or company secretary build a career in this area? 

There is the absence of intensive training which teaches how to perform multijurisdictional data protection and privacy work. 

Some of the key tasks that learners must learn how to perform are implementation of principles such as privacy-by-design, drafting of privacy notices, privacy policies, binding corporate rules,  implementation of various legal requirements, drafting contractual clauses for technical controls and data processing, performing audit and impact assessment work, and implementing a global privacy program for an organization. 

Those who can perform this work can work in-house legal and compliance, policy or privacy team as privacy associates, privacy lead, Chief Privacy Officer, or as Data Protection Officer (DPO).  

Many of these roles can be performed in a full-time remote environment post-pandemic, and responsibilities such as DPO can be performed on a freelance basis, without requiring you to obtain a visa or completing an LLB degree or qualifying to practice in a specific foreign jurisdiction.  

Those who are planning to look for the highest paying jobs and most challenging projects in the market will find this training helpful in making proposals or performing client projects and in cracking job interviews. 

You will also be able to set yourself apart in the market from those who have a certification based on an objective MCQ-based test such as the CIPP (Certified Information Privacy Professional), which is MCQ-based and jurisdiction-specific - through this training, you will learn practical real-life work, build a portfolio of samples, publish articles across more than 5 important privacy jurisdictions. If you have already cracked the exam, you will benefit by learning how to handle real client work, and not need to depend on entry-level jobs for the basic experience. 

Who should take this course?

• Young lawyers who want to shift from traditional areas of legal practice to technology laws and work with fast-growing startups, law firms or in the privacy teams of companies  
• In-house counsels who want to assist their organisations in addressing data protection and privacy work at a global level 
• Chartered Accountants and Company Secretaries who want to provide unique and high-value services to their clients, especially related to technology 
• Law students who are interested in building a career in technology laws, working in the technology or privacy practice of law firms or in the data protection and privacy teams of companies

What will you learn from this course?

• You will learn about the different types of data i.e. personal, sensitive or otherwise, the relevance of data protection and privacy;
• You will learn about the sectors which deal with large amounts of data and which can therefore be potential employers;
• You will learn about the concerns organisations have around the collection and transfer of data, especially when it comes to cross-border transfers;
• You will learn about data protection agreements and how to draft them;
• You will learn about how to review agreements with different parties to ensure compliance with data protection and privacy laws;
• You will learn about data protection and privacy concerns in healthcare, BFSI and Technology and how agreements are impacted on account of these concerns;
• You will learn about compliance and governance-related work in the field of data protection such as creating compliance programs, developing appropriate internal policies, liaising with regulators and product teams to develop appropriate processes
• You will learn about the disputes and litigation that can arise in data protection and privacy laws and how to deal with them;
• You will learn about what work is done in the domain of risk management in data protection such as conducting data protection impact assessments and how this work is done;
• You will learn about data protection laws around the world, including EU-GDPR and laws of other European countries
• You will learn about data protection laws in the US, Canada, Singapore, Hongkong, Philippines, Malaysia, Thailand, UAE and India

Who will be your potential employers or clients?

• Large multinationals which have a privacy and data protection department, looking to hire employees who have a greater understanding of multi-jurisdictional data protection laws;
• Startup entities looking to expand to multiple countries which become subject to global data protection regulations but cannot afford to hire large teams to ensure compliance;
• Tech law firms around the world which are small or medium-sized, looking to build their capacity at lower cost by outsourcing paralegal work remotely
• Small businesses around the world, looking for guidance on compliance with data protection laws for their websites and agreements; 
• Consumer associations looking to take on large companies for data breaches by using class action lawsuits - such as in January this year, British Airways faced the largest privacy class action lawsuit in UK history over its 2018 data breach.

What is unique about this course?

• This course aims to arm the participants with not only the requisite legal knowledge but also the knowledge about the processes, as is required to succeed in data protection and privacy management role. 
• It covers an introduction to data protection legislation for France, Germany, Switzerland, Ireland, US, UK, Canada, Singapore, Hongkong, Philippines, UAE and India and guidance on how you can keep a tab over the developments in the legislation.
• The course is tough and intensive, you will not be awarded the certificate unless you complete the required number of assignments. You will have to invest 5-6 hours per week in developing your skills, in addition to the classes on this course.
• You will have interactive classes with high-quality discussions which will be taken by the experts of this course. You can get all the doubts resolved in the classes or even outside the classes through course groups and email.
• You will get personal attention and coaching from our trainers who will be assigned to you, and have access to a dedicated course anchor who will help you with submissions or any guidance or issues you may have as you progress through the course.
• You will receive in-line feedback for the assignments you submit, which will improve your performance to a significant extent. 
• You will have access to other doubt clearing mechanisms also, in addition to the online classes such as a discussion forum where queries are responded to within a period of 48 hours, a WhatsApp group that will include your peers and batchmates as well as the course anchor, evaluator and support team from LawSikho. 
• You will be trained in writing six writing assignments during the term of the course and if these are of publishable quality, these shall be published on the iPleaders blog which sees a footfall of more than a million visitors a month.

Specific learning objectives

• Learn how the privacy team of a global corporation or a fast-growing startup works 
• Learn about the services provided by various internal and external consultants in privacy - such as Chief Privacy Officer, in-house and external Data Protection Officer, Privacy Associate, etc. 
• Learn how to engage as a remote and external DPO with a foreign startup/ international organization and how to prepare for work as an in-house privacy officer in the legal/ compliance/policy/ privacy team 
• Learn how Data Privacy Impact Assessments and Audits are carried out
• Learn about the applicability of the General Data Protection Regulation (GDPR) to EU-based and foreign companies
• Learn how the consent mechanism works under the GDPR
• Learn about the rights of the data subject under the GDPR
• Learn who processors and controllers are and how processing works under the GDPR
• Learn how to implement changes to business functions such as product, marketing, sales, compliance etc. in order to ensure compliance with the GDPR
• Learn about the adoption of GDPR by and independent data protection laws in France, Germany, Switzerland and Ireland
• Learn about data protection laws in UK, US, Canada, Singapore, Philippines, Hongkong, UAE and India
• Learn about the methods of collecting data for companies and issues and work around international data transfers
• Learn about what a data graveyard is and how to manage one
• Learn about the consequences of violation of Data Protection Laws
• Learn how to draft and review Data Protection Agreements and Addendums
• Learn how to draft and review terms and conditions of use for a website in line with applicable data protection regulation
• Learn how to review and create templates in line with applicable data protection regulations
• Learn about what the concerns are for data protection in healthcare and how to review agreements to take care of these
• Learn about what the concerns are relating to data protection in the BFSI sector and learn how to review agreements in line with these
• Learn about the data protection concerns and agreements in the technology sector
• Learn about how to keep updated about the data protection laws in different countries
• Learn step by step about how to build a privacy governance framework
• Learn step by step how to build a data protection compliance program
• Learn how to develop and amend your internal policies and escalation mechanisms in line with applicable data protection laws
• Learn how to liaise with regulatory authorities and the business and product teams in order to ensure compliance with data protection laws
• Learn how to file a complaint with a Data Protection Authority and how to respond to a complaint filed before a Data Protection Authority against your business
• Learn if and how you can claim damages for violation of your privacy rights
• Learn if and how collective actions can be initiated for large data breaches
• Learn how to conduct a privacy due diligence
• Learn step by step when and how to conduct a data protection impact assessment
• Learn how investigations are carried out into data breaches

What kind of assignments will you get?

Here are some of the assignments that you will get to work on, in this course:

• MarketNums Ireland is an Ireland based marketing consultancy subsidiary of an Indian company MarketAll India. MarketAll provides training programmes in Marketing to numerous students. However, the students enrol in the website run by the MarketNums and their data is then provided to MarketAll who conducts the training programmes. There is a service agreement between the MarketNums and MarketAll for the provision of training services. Identify if GDPR is applicable and to which entity? Is it applicable for the transfer of data between MarketNums and MarketAll? Who is the processor and who is the controller in this scenario? 
• Technocures LLC is a California based healthcare services provider. The company is now looking to start another business of providing telemedicine since it believes that it can use its existing network of doctors - general practitioners and specialists to increase this business. The management is, however, unsure of the applicability of the Health Insurance Portability and Accountability Act, 1996 (HIPAA) to telemedicine business and the compliance required under it. Create a report on the requirements that Technocures would need to take care of, under the HIPAA.
• UpAds is a Finland based marketing services aggregator that provides a comparison of costs of advertisements on different social media platforms. For this purpose, they often use user names to pull out additional details from platforms like Facebook and LinkedIn. They also have a mobile app providing this service. They want a privacy policy written for this app. Create a GDPR compliant privacy policy for them.
• Neverland Finance is a recently set up UK based fintech company providing finance as well as tech tools in the domain of employee lending, deduction from payroll, interest and taxation calculations and payments etc. to companies with a large number of employees. However, in order to provide these services, it often enters into agreements with software developers who customise the tools based on the client’s requirements and also provide the requisite maintenance. This exposes the client’s data to the developers. Create a plan/checklist for Neverland on what care it needs to take while entering into contracts with the software developers.
• Flinch is a Swedish company providing PaaS (Programming as a Service) API services for texts, calls and engagement platforms. The provision of the services will involve the transfer of data from Sweden to other EU / EEA countries. Draft the clauses of the Data Protection Agreement relating to the international transfer of data.
• Convertt is a Netherlands based service provider which develops high-quality checkout pages for clients. They are now looking to explore clients in France and are unsure about the applicability of GDPR and the French Data Protection laws to them. Advise them on the applicability of GDPR and country-specific data protection laws for a Netherlands based company providing online services to customers based in France.
• Travellogue is a company arranging vacations for single Indians in exotic locations in India. Its customers are now demanding vacations in Europe and it has also reached out to various NRI associations at different locations in Europe to have single NRIs join its tours. However, the management is concerned that it will now become subject to the GDPR. Create a GDPR impact assessment report for Travellogue.
• Meditree, an Indian company selling different types of Indian plants which may be used as herbs or to create herbal products is now looking to sell these plants as well as other types of air-purifying plants through e-commerce in addition to selling these offline through nurseries. On the e-commerce platform, in addition to the sale of plants, there will also be a recommendation service based on medical condition informed by customers. Meditree has a decent customer base in the EU on account of prior distribution agreements. Draft an appropriate GDPR compliant Privacy Policy and Privacy Notice for Meditree.
• Amity is a California based website providing support to aged people. It collects details of volunteers who wish to spend time with aged people and support them for their day to day requirements. It then allocates different aged people to the volunteers who are supposed to meet them during specific hours at some public places near their homes. Volunteers can continue to do this work for as long as they wish or until the aged person dies. Draft a Data Retention Policy for Amity. Also, draft a paragraph informing the volunteers about how long their data will be retained by the company and their rights to request erasure.
• KidGenius is a website based in Ireland guiding parents of above-average or ‘gifted’ kids on what to take care of in relation to the upbringing and training of such children. Depending upon the age and the capabilities of the child, the website can provide counselling and guidance. Such guidance is provided until the child is 16 years of age. Draft a parental consent form for this website to collect the data of the children in accordance with GDPR. Also, draft a form for withdrawal of parental consent. Guide the client on where they should place this form on the KidGenius website.
• Jonathan has newly joined the legal department of VidShare, a website providing mechanisms for securely sharing videos without getting their quality impacted. VidShare is based in Belgium but is popular across the EU among YouTubers, Redditers and Discordians for sharing videos that are long. For marketing its services, the company engages top YouTubers as influencers and also collects data from YouTube, Reddit and Discord. Draft a Supplier Data Processing Agreement on behalf of VidShare.
• Versatile Education GmbH, a company based in Frankfurt is running educational institutions for children from kindergarten to 10th standard. If any parent inquires with an educational institution in the group for the admission of their children, the school follows a very different approach. The parents are required to fill out all the details of the child as well as their own details. This includes medical conditions, blood groups, education etc. At this point of time, there is no decision from the school as to whether it will admit the child, but irrespective of that, they collect all of this information from the parents. Some of the parents are now looking to complain against this practice as they consider it unnecessary for the school to collect this data if they were not admitting the child. Even upon admission, they consider it unnecessary for the child to collect data about the medical conditions of parents. Guide them as to where they can complain against this practice and how.
• AbleMatch, a website based in Toronto provides matchmaking services for high profile executives. They collect the data and preferences of the executives and advise them on appropriate matches. The membership is subscription-based and in order to stay a member, you need to pay a hefty sum quarterly. However, being a member of the website is considered to be a status symbol. The members of the website are not only based in Toronto, but also at multiple places around the world, and sometimes, the matches are made across countries. This is achieved through the websites of relationship experts based in the respective areas. Create a record or inventory of data processing activities for AbleMatch.
• SolvId, a company based in Berlin and permitting students to post their maths and science queries and providing solutions in the form of 3-minute videos requires your help to draft a cookie policy that is compliant with GDPR. Draft the cookie policy for them.
• SuperFin is a UK based investment advisory firm that prides itself on magnificent returns to its clients. Its employees include investment analysts who guide clients on their investment portfolio and timings for entry and exit on various scrips. SuperFin collects personal data of their employees as any company would, however, in terms of their client-facing employees, they also collect information on the employees own investment habits, given the possible conflict between advice and their own investment. Create an employee privacy notice for SuperFin.

Training Methodology

Online 24/7 access

Access to basic study material through an online learning management system, Android and iOS app

Hard Copy Study Material

Hard copy study material modules to be couriered to your address

Practical Exercises

2 practical exercises every week, followed by written feedback

Live Online Classes to Teach Paralegal Assignments Specific Work

There will be a live video-based online class to teach you specific US contract drafting work performed by paralegals. You can ask questions, share your screen, get personal feedback in this class. Every week there will be approx. 1-1.5 hours of class to teach you the work and give you feedback. There will be recordings available in case you miss a class.

Convenient Class timings

Classes are held after regular work hours. Typically classes are kept on Sunday afternoon or 8-9 pm on other days.

Live Doubt Clearing

You can ask questions, get your doubt cleared live as well as through online forums

Certification

This course is recognized by the National Skill Development Corporation, a PPP under the Ministry of Skill Development and Entrepreneurship of the Government of India. You will receive a certificate cobranded by NSDC and Skill India on successful completion.

This is how the certificate from NSDC and Skill India will look as per the current applicable format (may change as per the approval authorities):

Money back guarantee

If you take this course, follow it diligently for a month, attend all classes and do all the exercises but still do not find value in it, or are not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Client Opportunities & Recruitment Support where required

Many employers, law firms and companies are happy to recruit our high performing students. If you do well in your exercises and classes, we can help you to get jobs, internships and assessment internships in good law firms, with renowned lawyers as well as in various companies.

Our team helps our students in building their profile on LinkedIn and freelancing platforms to increase their reach to potential recruiters or clients.

Our experts guide the students on how to crack any interview.

On-demand, we provide mock interviews for our students looking for jobs.

We share multiple internship/recruitment opportunities every week on our Whatsapp group.

We help our students to get internships not only at law firms and chambers but also with rising startups in diverse sectors.

Our mentorship helps students to avoid running in the rat race behind the regular job openings; rather we help them design their own path based on their personal interests.

We share multiple and diverse client opportunities with our pool of practicing advocates on a daily basis. Our references have helped several advocates really scale up their practice. The opportunities range from contract drafting to complex international taxation matters.