Diploma in International Data Protection and Privacy Laws

Introduction

There has been a tectonic shift in the importance of data protection and privacy since the pandemic.

The remote workforce trend, coupled with penetration of broadband, the internet of things and the data revolution has led to a massive increase in internet-connected devices, and correspondingly, data leaks and cybercrime across the world.

2020 brought in not just the COVID pandemic, but a cyber pandemic as well, as per a website called Government Technology.

Cyber-attacks have increased manifold - by way of example, the World Health Organization witnessed a 5x increase in cyber attacks.

Cybercrime will cost the world 10.5 trillion dollars by 2025.

Data leaks have been faced by virtually every famous company and growing startup - whether it is Microsoft, Twitter, Zoom, Zynga, Dubsmash, Digital Ocean, Mercato, WhiteHat Jr, Unacademy, etc.

A virtual/ remote work environment has increased the number of devices logged into the internet through open networks (not company intranets), leaving open vulnerabilities.

Further, a survey by Ernst & Young and IAPP revealed that the sudden need to shift to work from home to survive in the pandemic had led organizations to accelerate or skip privacy checks of various software, thus exacerbating the effect.

Countries across the globe have responded strongly by enacting data privacy legislations despite the pandemic so that organizations take measures to protect and secure the data that they collect, and that is leading to an explosion of careers in the data protection and privacy space.

Here are some trends:

Global corporations which collect or process data of EU residents or have a presence in the EU, or sell software to EU-based businesses are required to comply with GDPR.
Over 2020 and 2021, there has been a wave of data protection legislation around the world either being brought into existence or being revamped or amended, with many coming into force in 2021. For example, Canada is considering a new Digital Charter Implementation Act to replace its privacy law. California and Virginia have passed state-level privacy laws and several other states have prepared draft privacy legislation or introduced privacy bills. Brazil passed a data protection law in September 2020, Australia plans to review its privacy legislation, China and India are planning to introduce privacy legislation.
Customer awareness around data protection has increased - platforms run the risk of losing customers due to reputational damage if they do not strictly observe the law, or are not fair and transparent about how they deal with data. For example, the change of policies by Whatsapp saw a mass exodus of users. This is going to increase available legal work in this area.
The frequency and amount of fines being imposed by Data Protection Authorities are increasing, and owing to high cost and reputational impact, organisations are deploying highly trained professionals to prevent the risk of such fines being imposed.

Earlier this year, in January, a State Data Protection Commissioner in Germany fined a company a staggering amount of EUR 10.4 million because the company had video-monitored all its employees for a period of two years and stored the recordings for more than 60 days without any legal basis. These instances only increase the concern of the industry to get appropriate advice and implement proper data protection and privacy measures.

On top of that, the law is constantly changing, requiring businesses to keep on their toes about ensuring compliance.

This situation has created the need for organisations to build in-house privacy teams and engage trained professionals in various in-house and external roles, such as a Data Protection Officer, a Privacy Associate, Chief Privacy Officer, etc.

This work can entirely be performed remotely - freelancing platforms such as Upwork have hundreds of projects listed for GDPR implementation and advice, drafting data processing agreements, conducting impact assessments, and drafting privacy policies and terms of service compliant with data protection laws of multiple countries.

There is a huge opportunity for young lawyers, accountants and company secretaries to assist organisations with data protection and privacy-related issues.

Due to their prior training in interpreting rules, or in following specific processes, or in compliance, lawyers, accountants and company secretaries are very well suited to perform this work.

How can a young lawyer, accountant or company secretary build a career in this area?

There is the absence of intensive training which teaches how to perform multijurisdictional data protection and privacy work.

Some of the key tasks that learners must learn how to perform are implementation of principles such as privacy-by-design, drafting of privacy notices, privacy policies, binding corporate rules, implementation of various legal requirements, drafting contractual clauses for technical controls and data processing, performing audit and impact assessment work, and implementing a global privacy program for an organization.

Those who can perform this work can work in-house legal and compliance, policy or privacy team as privacy associates, privacy lead, Chief Privacy Officer, or as Data Protection Officer (DPO).

Many of these roles can be performed in a full-time remote environment post-pandemic, and responsibilities such as DPO can be performed on a freelance basis, without requiring you to obtain a visa or completing an LLB degree or qualifying to practice in a specific foreign jurisdiction.

Those who are planning to look for the highest paying jobs and most challenging projects in the market will find this training helpful in making proposals or performing client projects and in cracking job interviews.

You will also be able to set yourself apart in the market from those who have a certification based on an objective MCQ-based test such as the CIPP (Certified Information Privacy Professional), which is MCQ-based and jurisdiction-specific - through this training, you will learn practical real-life work, build a portfolio of samples, publish articles across more than 5 important privacy jurisdictions. If you have already cracked the exam, you will benefit by learning how to handle real client work, and not need to depend on entry-level jobs for the basic experience.

Who should take this course?

Young lawyers who want to shift from traditional areas of legal practice to technology laws and work with fast-growing startups, law firms or in the privacy teams of companies
In-house counsels who want to assist their organisations in addressing data protection and privacy work at a global level
Chartered Accountants and Company Secretaries who want to provide unique and high-value services to their clients, especially related to technology
Law students who are interested in building a career in technology laws, working in the technology or privacy practice of law firms or in the data protection and privacy teams of companies

What will you learn from this course?

You will learn about the different types of data i.e. personal, sensitive or otherwise, the relevance of data protection and privacy;
You will learn about the sectors which deal with large amounts of data and which can therefore be potential employers;
You will learn about the concerns organisations have around the collection and transfer of data, especially when it comes to cross-border transfers;
You will learn about data protection agreements and how to draft them;
You will learn about how to review agreements with different parties to ensure compliance with data protection and privacy laws;
You will learn about data protection and privacy concerns in healthcare, BFSI and Technology and how agreements are impacted on account of these concerns;
You will learn about compliance and governance-related work in the field of data protection such as creating compliance programs, developing appropriate internal policies, liaising with regulators and product teams to develop appropriate processes
You will learn about the disputes and litigation that can arise in data protection and privacy laws and how to deal with them;
You will learn about what work is done in the domain of risk management in data protection such as conducting data protection impact assessments and how this work is done;
You will learn about data protection laws around the world, including EU-GDPR and laws of other European countries
You will learn about data protection laws in the US, Canada, Singapore, Hongkong, Philippines, Malaysia, Thailand, UAE and India

Who will be your potential employers or clients?

Large multinationals which have a privacy and data protection department, looking to hire employees who have a greater understanding of multi-jurisdictional data protection laws;
Startup entities looking to expand to multiple countries which become subject to global data protection regulations but cannot afford to hire large teams to ensure compliance;
Tech law firms around the world which are small or medium-sized, looking to build their capacity at lower cost by outsourcing paralegal work remotely
Small businesses around the world, looking for guidance on compliance with data protection laws for their websites and agreements;
Consumer associations looking to take on large companies for data breaches by using class action lawsuits - such as in January this year, British Airways faced the largest privacy class action lawsuit in UK history over its 2018 data breach.

What is unique about this course?

This course aims to arm the participants with not only the requisite legal knowledge but also the knowledge about the processes, as is required to succeed in data protection and privacy management role.
It covers an introduction to data protection legislation for France, Germany, Switzerland, Ireland, US, UK, Canada, Singapore, Hongkong, Philippines, UAE and India and guidance on how you can keep a tab over the developments in the legislation.
The course is tough and intensive, you will not be awarded the certificate unless you complete the required number of assignments. You will have to invest 5-6 hours per week in developing your skills, in addition to the classes on this course.
You will have interactive classes with high-quality discussions which will be taken by the experts of this course. You can get all the doubts resolved in the classes or even outside the classes through course groups and email.
You will get personal attention and coaching from our trainers who will be assigned to you, and have access to a dedicated course anchor who will help you with submissions or any guidance or issues you may have as you progress through the course.
You will receive in-line feedback for the assignments you submit, which will improve your performance to a significant extent.
You will have access to other doubt clearing mechanisms also, in addition to the online classes such as a discussion forum where queries are responded to within a period of 48 hours, a WhatsApp group that will include your peers and batchmates as well as the course anchor, evaluator and support team from LawSikho.
You will be trained in writing six writing assignments during the term of the course and if these are of publishable quality, these shall be published on the iPleaders blog which sees a footfall of more than a million visitors a month.

Specific learning objectives

Learn how the privacy team of a global corporation or a fast-growing startup works
Learn about the services provided by various internal and external consultants in privacy - such as Chief Privacy Officer, in-house and external Data Protection Officer, Privacy Associate, etc.
Learn how to engage as a remote and external DPO with a foreign startup/ international organization and how to prepare for work as an in-house privacy officer in the legal/ compliance/policy/ privacy team
Learn how Data Privacy Impact Assessments and Audits are carried out
Learn about the applicability of the General Data Protection Regulation (GDPR) to EU-based and foreign companies
Learn how the consent mechanism works under the GDPR
Learn about the rights of the data subject under the GDPR
Learn who processors and controllers are and how processing works under the GDPR
Learn how to implement changes to business functions such as product, marketing, sales, compliance etc. in order to ensure compliance with the GDPR
Learn about the adoption of GDPR by and independent data protection laws in France, Germany, Switzerland and Ireland
Learn about data protection laws in UK, US, Canada, Singapore, Philippines, Hongkong, UAE and India
Learn about the methods of collecting data for companies and issues and work around international data transfers
Learn about what a data graveyard is and how to manage one
Learn about the consequences of violation of Data Protection Laws
Learn how to draft and review Data Protection Agreements and Addendums
Learn how to draft and review terms and conditions of use for a website in line with applicable data protection regulation
Learn how to review and create templates in line with applicable data protection regulations
Learn about what the concerns are for data protection in healthcare and how to review agreements to take care of these
Learn about what the concerns are relating to data protection in the BFSI sector and learn how to review agreements in line with these
Learn about the data protection concerns and agreements in the technology sector
Learn about how to keep updated about the data protection laws in different countries
Learn step by step about how to build a privacy governance framework
Learn step by step how to build a data protection compliance program
Learn how to develop and amend your internal policies and escalation mechanisms in line with applicable data protection laws
Learn how to liaise with regulatory authorities and the business and product teams in order to ensure compliance with data protection laws
Learn how to file a complaint with a Data Protection Authority and how to respond to a complaint filed before a Data Protection Authority against your business
Learn if and how you can claim damages for violation of your privacy rights
Learn if and how collective actions can be initiated for large data breaches
Learn how to conduct a privacy due diligence
Learn step by step when and how to conduct a data protection impact assessment
Learn how investigations are carried out into data breaches

What kind of assignments will you get?

Here are some of the assignments that you will get to work on, in this course:

MarketNums Ireland is an Ireland based marketing consultancy subsidiary of an Indian company MarketAll India. MarketAll provides training programmes in Marketing to numerous students. However, the students enrol in the website run by the MarketNums and their data is then provided to MarketAll who conducts the training programmes. There is a service agreement between the MarketNums and MarketAll for the provision of training services. Identify if GDPR is applicable and to which entity? Is it applicable for the transfer of data between MarketNums and MarketAll? Who is the processor and who is the controller in this scenario?
Technocures LLC is a California based healthcare services provider. The company is now looking to start another business of providing telemedicine since it believes that it can use its existing network of doctors - general practitioners and specialists to increase this business. The management is, however, unsure of the applicability of the Health Insurance Portability and Accountability Act, 1996 (HIPAA) to telemedicine business and the compliance required under it. Create a report on the requirements that Technocures would need to take care of, under the HIPAA.
UpAds is a Finland based marketing services aggregator that provides a comparison of costs of advertisements on different social media platforms. For this purpose, they often use user names to pull out additional details from platforms like Facebook and LinkedIn. They also have a mobile app providing this service. They want a privacy policy written for this app. Create a GDPR compliant privacy policy for them.
Neverland Finance is a recently set up UK based fintech company providing finance as well as tech tools in the domain of employee lending, deduction from payroll, interest and taxation calculations and payments etc. to companies with a large number of employees. However, in order to provide these services, it often enters into agreements with software developers who customise the tools based on the client’s requirements and also provide the requisite maintenance. This exposes the client’s data to the developers. Create a plan/checklist for Neverland on what care it needs to take while entering into contracts with the software developers.
Flinch is a Swedish company providing PaaS (Programming as a Service) API services for texts, calls and engagement platforms. The provision of the services will involve the transfer of data from Sweden to other EU / EEA countries. Draft the clauses of the Data Protection Agreement relating to the international transfer of data.
Convertt is a Netherlands based service provider which develops high-quality checkout pages for clients. They are now looking to explore clients in France and are unsure about the applicability of GDPR and the French Data Protection laws to them. Advise them on the applicability of GDPR and country-specific data protection laws for a Netherlands based company providing online services to customers based in France.
Travellogue is a company arranging vacations for single Indians in exotic locations in India. Its customers are now demanding vacations in Europe and it has also reached out to various NRI associations at different locations in Europe to have single NRIs join its tours. However, the management is concerned that it will now become subject to the GDPR. Create a GDPR impact assessment report for Travellogue.
Meditree, an Indian company selling different types of Indian plants which may be used as herbs or to create herbal products is now looking to sell these plants as well as other types of air-purifying plants through e-commerce in addition to selling these offline through nurseries. On the e-commerce platform, in addition to the sale of plants, there will also be a recommendation service based on medical condition informed by customers. Meditree has a decent customer base in the EU on account of prior distribution agreements. Draft an appropriate GDPR compliant Privacy Policy and Privacy Notice for Meditree.
Amity is a California based website providing support to aged people. It collects details of volunteers who wish to spend time with aged people and support them for their day to day requirements. It then allocates different aged people to the volunteers who are supposed to meet them during specific hours at some public places near their homes. Volunteers can continue to do this work for as long as they wish or until the aged person dies. Draft a Data Retention Policy for Amity. Also, draft a paragraph informing the volunteers about how long their data will be retained by the company and their rights to request erasure.
KidGenius is a website based in Ireland guiding parents of above-average or ‘gifted’ kids on what to take care of in relation to the upbringing and training of such children. Depending upon the age and the capabilities of the child, the website can provide counselling and guidance. Such guidance is provided until the child is 16 years of age. Draft a parental consent form for this website to collect the data of the children in accordance with GDPR. Also, draft a form for withdrawal of parental consent. Guide the client on where they should place this form on the KidGenius website.
Jonathan has newly joined the legal department of VidShare, a website providing mechanisms for securely sharing videos without getting their quality impacted. VidShare is based in Belgium but is popular across the EU among YouTubers, Redditers and Discordians for sharing videos that are long. For marketing its services, the company engages top YouTubers as influencers and also collects data from YouTube, Reddit and Discord. Draft a Supplier Data Processing Agreement on behalf of VidShare.
Versatile Education GmbH, a company based in Frankfurt is running educational institutions for children from kindergarten to 10th standard. If any parent inquires with an educational institution in the group for the admission of their children, the school follows a very different approach. The parents are required to fill out all the details of the child as well as their own details. This includes medical conditions, blood groups, education etc. At this point of time, there is no decision from the school as to whether it will admit the child, but irrespective of that, they collect all of this information from the parents. Some of the parents are now looking to complain against this practice as they consider it unnecessary for the school to collect this data if they were not admitting the child. Even upon admission, they consider it unnecessary for the child to collect data about the medical conditions of parents. Guide them as to where they can complain against this practice and how.
AbleMatch, a website based in Toronto provides matchmaking services for high profile executives. They collect the data and preferences of the executives and advise them on appropriate matches. The membership is subscription-based and in order to stay a member, you need to pay a hefty sum quarterly. However, being a member of the website is considered to be a status symbol. The members of the website are not only based in Toronto, but also at multiple places around the world, and sometimes, the matches are made across countries. This is achieved through the websites of relationship experts based in the respective areas. Create a record or inventory of data processing activities for AbleMatch.
SolvId, a company based in Berlin and permitting students to post their maths and science queries and providing solutions in the form of 3-minute videos requires your help to draft a cookie policy that is compliant with GDPR. Draft the cookie policy for them.
SuperFin is a UK based investment advisory firm that prides itself on magnificent returns to its clients. Its employees include investment analysts who guide clients on their investment portfolio and timings for entry and exit on various scrips. SuperFin collects personal data of their employees as any company would, however, in terms of their client-facing employees, they also collect information on the employees own investment habits, given the possible conflict between advice and their own investment. Create an employee privacy notice for SuperFin.

Training Methodology

Online 24/7 access

Access to basic study material through an online learning management system, Android and iOS app

Hard Copy Study Material

Hard copy study material modules to be couriered to your address

Practical Exercises

2 practical exercises every week, followed by written feedback

Live Online Classes to Teach Paralegal Assignments Specific Work

There will be a live video-based online class to teach you specific US contract drafting work performed by paralegals. You can ask questions, share your screen, get personal feedback in this class. Every week there will be approx. 1-1.5 hours of class to teach you the work and give you feedback. There will be recordings available in case you miss a class.

Convenient Class timings

Classes are held after regular work hours. Typically classes are kept on Sunday afternoon or 8-9 pm on other days.

Live Doubt Clearing

You can ask questions, get your doubt cleared live as well as through online forums

Money back guarantee

If you take this course, follow it diligently for a month, attend all classes and do all the exercises but still do not find value in it, or are not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Client Opportunities & Recruitment Support where required

Many employers, law firms and companies are happy to recruit our high performing students. If you do well in your exercises and classes, we can help you to get jobs, internships and assessment internships in good law firms, with renowned lawyers as well as in various companies.

Our team helps our students in building their profile on LinkedIn and freelancing platforms to increase their reach to potential recruiters or clients.

Our experts guide the students on how to crack any interview.

On-demand, we provide mock interviews for our students looking for jobs.

We share multiple internship/recruitment opportunities every week on our Whatsapp group.

We help our students to get internships not only at law firms and chambers but also with rising startups in diverse sectors.

Our mentorship helps students to avoid running in the rat race behind the regular job openings; rather we help them design their own path based on their personal interests.

We share multiple and diverse client opportunities with our pool of practicing advocates on a daily basis. Our references have helped several advocates really scale up their practice. The opportunities range from contract drafting to complex international taxation matters.

Industry Academia Panel

Esha Shekhar

Independent Corporate Counsel | Corporate Advisory and Compliance | Trainer- POSH and gender laws

Here are some of our faculty members

Kabir Phadke

Associate at Rajaram Legal

Ratul Roshan

Blockchain | Fintech | Data Protection

Charitarth Bharti

Technology Law and Policy | Digital Rights| Li Ka Shing Scholar, NUS LKYSPP

Note: This is an indicative list of our guest faculty members and not an exhaustive list. We may change the faculty members at any point based on availability.

Syllabus

INTRODUCTION TO DATA COLLECTION, PROCESSING, PROTECTION AND TRANSFER

Why is data sought to be protected? Different types of data

Personal data and its subcategories
Transaction-related data and preferences
Business entity-related data
Economy related data
Sensitive and non-sensitive data
Anonymized data

Ownership and collection of data

How do businesses get access to data
Generating data v. collecting data
Controllers, processors and sub-processors
What rights do consumers have over data collected from them?
Role and principles for obtaining consent in data collection
What is data sovereignty and data localisation?
Can governments collect and control citizens’ data?
Open source databases and data in the public domain
Data commodification: under what conditions can you buy and sell data?

Case Study Managing data transfers

What is data localisation and what are issues with cross-border data transfers
How do multinational companies deal with cross-border data transfers
What are the laws governing data transfers in different countries
International agreements: EU-US Privacy Shield
Terrorist Financing Tracking Program (TFTP)
European Commission’s Standard Contractual Clauses(SCCs) for transfers between EU and non-EU countries

Case Study: Having your own internal data transfer network: Liink by JP Morgan Data retention and managing data graveyards What is big data and for whom is this relevant?

Anonymised, pseudonymised data and encrypted data
Data sets, data collection points and processes in specific industries: BFSI, Retail, E-Commerce, Healthcare, Education, Software, Consulting, Real estate, infrastructure and smart cities, Media and entertainment, Law and justice, Pharma, Advertising, Supply chain and logistics, Security and defence, Agritech, R&D

Consequences of data protection violations

Exorbitant Domestic and Cross border Fines
Third party indemnity claims
Reputational consequences
Inability to secure new business

DATA PROCESSING AGREEMENTS AND RELATED WORK

Requirements under GDPR and other laws to enter into legal contracts Common Data Protection Agreements and review work

Outsourcing (Controller-Processor) Agreements
How to review terms and conditions of use of websites
How to review privacy policies so they are compliant with data protection laws
Reviewing and updating templates
Addendums

Data protection concerns in Healthcare and review of processing agreements

Who are likely to be processors for different types of healthcare organisations
- Contract Research Organisation (CRO) Agreements
- Investigator Sponsored Trials (IST) Agreements
- Agreements with Healthcare Professionals / Healthcare Organisations (HCP/HCO)

What should you check in agreements with processors in healthcare organisations

Data protection concerns in the BFSI sector and review of agreements

Who are likely to be processors in the case of banking, financial services and insurance companies
- Secure Vendor and Third Party Service Providers Management and appropriate contractual clauses in Vendor Agreements
- Outsourced cloud computing
- Managed Security Service Providers

What should you check agreements with processors in banking, financial services and insurance companies

Data Protection concerns for SaaS companies, E-commerce companies and Social Media companies

Who are likely to be processors in the case of SaaS companies, E-commerce companies and Social Media companies
- Drafting Terms and Conditions of use and Data Protection Agreements for Saas, E-commerce and Social Media companies
- Drafting Privacy Policies and Privacy Notices for SaaS, E-commerce and Social Media Companies

Standard Contractual Clauses in EU

COMPLIANCE AND GOVERNANCE REQUIREMENTS

Assessing impact of new data protection regulations

How to keep tab of constant legislative changes
Drawing up impact assessment reports
Developing or amending compliance programs

Building a privacy governance framework

Choosing the right privacy governance model
Setting up Data Privacy / Information governance committees

How to update internal policies in compliance with data protection regulations Setting up escalation mechanisms What is a data protection compliance programme and how to implement itb

Identify and map the data and data flow
Analysing the applicable legal requirements
Create guidelines and playbooks for documenting and tracking obligations related to privacy controls for the program
Building the compliance roadmap
Developing appropriate internal policies

Liaising with regulators and product teams Reporting and record maintenance requirements in relation to data protection

DATA PROTECTION DISPUTES AND LITIGATION

Filing complaints with Data Protection Authorities

How to lodge a complaint with a Data Protection Authority
How to deal with a complaint filed against your business with a DPA

Damages claims

Material or immaterial damage
Extent of compensation
Precedents and court decisions on compensation

Collective and representative actions

Actions by consumer associations

Injunctive relief Claims under competition law

PRIVACY RISK MANAGEMENT

How to conduct privacy due diligence When and how to conduct a Data Protection Impact Assessment

Understanding various customer scenario descriptions
Personal data analysis form
Asset inventory list
Project implementation plan

Third party vendor management Investigating data breaches

Monitoring implementation of corrective action
Root cause investigation and reporting

Conducting Data Privacy Audits Creating Privacy Roadmaps and Annual Processes

DATA PROTECTION LEGISLATIONS IN THE EU: EU GDPR

Introduction to EU GDPR

Applicability
Participants under GDPR
Requirement to create a supervisory authority
Responsibility of the supervisory authority
Core principles of GDPR

Other Data Protection Legislation in Europe:

European Data Protection Board
The Data Protection Law Enforcement Directive
ePrivacy Regulation 2021

Data Protection Authorities in Europe

European Data Protection Supervisor
Data Protection Officer in the European Commission
National Data protection authorities

How to implement changes to key business functions to implement GDPR compliance

Product development
Technology
Marketing
Sales

Consent under GDPR

How to obtain consent of a data subject
How to draft a privacy notice
Difference between a privacy policy and a privacy notice
How to draft a Data Protection Addendum to the Terms of Use of a Website
How to draft a Data Protection Addendum for third party technology service providers

Lawful processing under GDPR

Purposes for processing data
Cross-border data transfers
How to draft a data processing agreement
Data adequacy decisions
Schrems I and Schrems II

Responsibilities of data processors and data controllers Rights of customers, employees and other “data subjects”

Right to be informed
Right of access
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
Rights related to automated decision making

Sanctions and consequences of non-compliance with GDPR Templates:

Personal data protection policy
Privacy notice/policy
Employee privacy notice
Data retention policy
Data subject consent form
Parental consent form
Data processing agreement
Standard contractual clauses
Record of processing
Right to erasure request form

Checklists:

Checklist for implementing GDPR compliant data protection systems
GDPR checklist for Data Controllers
GDPR checklist for Data Processors
GDPR checklist for transfer of data outside EU
Checklist of documentation required to be maintained under GDPR

DATA PROTECTION LAWS IN EUROPEAN COUNTRIES

Data Protection laws in France

France’s adoption of the GDPR and ePrivacy Directive
The French Data Protection Act

Data Protection authorities in France: Commission Nationale Informatique & Libertes (CNIL) Data Protection laws in Germany

Germany’s adoption of the GDPR and ePrivacy Directive
The German Federal Data Protection Act
German Telemedia Act

Data Protection Authorities in Germany:

Federal Data Protection Agency
State Data Protection Agencies

Data Protection laws in Switzerland

Federal Act on Data Protection
Ordinance on Data Protection Certification

Data Protection Authorities in Switzerland

Federal Data Protection Commissioner
Cantonal and Municipal Data Protection Authorities

Data Protection laws in Ireland

Ireland’s adoption of the GDPR and ePrivacy Directive
Data Protection Act, 2018
Data Protection Commission

DATA PROTECTION IN UK POST BREXIT

Data Protection laws in the UK

The UK Data Protection Act, 2018 vs. EU-GDPR
- Privacy impact assessment
- Consent mechanisms
- Bases for processing data
- International data transfers (Within EU vs. Outside EU)
- Breach notification procedure

The Freedom of Information Act, 2000
The Privacy and Electronic Communications Regulations

Data Protection Authorities in the UK: The Information Commissioner’s Office

DATA PROTECTION LAWS IN THE US: FEDERAL AND STATE LAWS

Federal Laws:

The Privacy Act of 1974
The Gramm-Leach-Bliley Act
The Children’s Online Privacy Protection Act (COPPA)
The Health Insurance Portability and Accountability Act (HIPAA)
The Video Privacy Protection Act (VPPA)
The Telephone Consumer Protection Act
The Family Educational Rights and Privacy Act

Data protection laws of some important US states:

California: California Consumer Privacy Act
- New law: California Privacy Rights Act
- Annual Cybersecurity Audits

Virginia: Virginia Consumer Data Protection Act (VCDPA)
New York: New York Privacy Act, The New York SHIELD Act
Massachusetts: Massachusetts General Laws

Major requirements under US State laws:

Notice requirements
Access to records and data
Uses and disclosures

Data protection authorities and regulators in the US

Federal Trade Commission
The Department of State’s Privacy Office
Privacy Unit of the Department of Justice

DATA PROTECTION LAW IN CANADA

Basic principles of data protection law in Canada

Accountability
Purpose of use of data
Consent
Limiting collection, use, disclosure and retention
Accuracy
Openness
Ensuring safeguards
Compliance

Data Protection laws in Canada: Federal Laws

The Personal Information and Protection of Electronic Documents Act
The Consumer Privacy Protection Act
The Personal Information and Data Protection Tribunal Act
Electronic Documents Act
Upcoming law: Bill C11 - The Digital Charter Implementation Act, 2020
- Privacy impact assessment
- Consent mechanisms
- Bases for processing data
- International data transfers
- Breach notification procedure

Data Protection laws in Canada: Provincial Laws

British Columbia: Personal Information Protection Act
Alberta: Personal Information Protection Act
Quebec: Act Respecting the Protection of Information in the Private Sector
Ontario: FIPPA / MFIPPA / PHIPA / CYSA

Data Protection Authorities in Canada

Office of the Privacy Commissioner
Competition Bureau of Canada
Data Protection Tribunal

DATA PROTECTION LAW IN SOUTH EAST ASIA

Data protection laws in Singapore

Personal Data Protection Act 2012
Info-communications Media Development Act, 2016
Different Notifications, Rules and Regulations for Personal Data Protection
- Privacy impact assessment
- Consent mechanisms
- Bases for processing data
- International data transfers
- Breach notification procedure

Data Protection Authorities in Singapore: Personal Data Protection Commission and Advisory Committee Data protection laws in Hongkong

Basic principles of data protection and privacy in Hongkong
- Collection purpose and means
- Accuracy and retention
- Use
- Security
- Openness
- Data Access and correction

The Personal Data (Privacy) Ordinance

Guidelines and Practice codes on various matters such as identity cards, credit data etc. by the Office of the Privacy Commissioner
- Privacy impact assessment
- Consent mechanisms
- Bases for processing data
- International data transfers
- Breach notification procedure

Data Protection Authorities in Hongkong: Office of the Privacy Commissioner for Personal Data, Hongkong Data protection laws in Philippines

Republic Act 10173: Data Privacy Act of 2012

Circulars, Advisories, Commission decisions and resolutions
- Privacy impact assessment
- Consent mechanisms
- Bases for processing data
- International data transfers
- Breach notification procedure

Data Protection Authorities in Philippines: National Privacy Commission

DATA PROTECTION REGIME: MIDDLE EAST AND INDIA

Data Protection laws in UAE: Dubai & Abu Dhabi

Criminal Offences covered in the Penal Code relating to publishing or unlawful disclosure of personal data
Articles of Federal laws penalising certain acts of data breaches such as intercepting phone calls, illegally accessing websites
Federal Law governing collection, processing and transfer of healthcare data
Regulatory Framework for Internet of Things (IoT)
Laws applicable within the Dubai International Financial Centre: Data Protection Law DIFC Law No. 5 of 2020
Laws applicable within the Abu Dhabi Global Market: Data Protection Regulations 2021

Templates:

Organization-level privacy policies
Privacy notice
Audit template for independent auditor

Course Plan

Above prices are inclusive of all applicable taxes and charges.

Standard

RS. 66000 incl. of all charges

View details

Join the waitlist

Printed study material (by courier)

2 practical exercises/ Drafting exercises per week (24 weeks)

6 writing assignments

1-2 online live class/week

Get digital access to entire study material

Access on LMS, Android & iOS app

Instructor feedback on assignments

Doubt clearing on WhatsApp, LMS & classes

Instructor led course with online live classes

Online exams (give exams as per your convenience on given time slots)

Certificate (by courier)

CV enhancement

Coaching for professional networking

Internship & job support

Interview preparation support

Networking with students & alumni

Content access for 3 years

Doubt clearing within 24 hours

Top performers are recommended for jobs and client opportunities

Join the waitlist

Diploma in International Data Protection and Privacy Laws

Equip yourself with a comprehensive understanding of global data protection rules, cater to international clientele, and achieve a minimum monthly income of USD 1000-3000 within six months.

Exposure to growing areas of law

Learn & master real skills by doing

Knowledge & mentors for success

Build an unmatched track record

Find global jobs & freelance work

Ride in the remote work revolution

Get opportunities with domestic law firms, MNCs, startups, as well as international recruiters

Prominent recruiters where our alumni are currently working

Learn from top lawyers, partners, international lawyers and our in-house experts

We are building a world where lawyers can work across borders, learn any skills they want very rapidly and don’t burn out from overwork

Remote work means better opportunities for you

Learn high-demand skills and specialise for immediate growth

Learn US laws and work as remote paralegal

Build an awesome track record to win prospective clients

Qualify as a lawyer in California, Canada or UK

LawSikho courses work best for:

Law graduates who are graduating or recerntly graduated without a job and need help

Lawyers who are not earning enough and want to grow their earning potential

Non-lawyers who want to learn the law in a way that they can benefit in their career