Course content

This course focuses on global compliance and has been designed bottom-up. The ECPC-G course package takes the standard ECPC - B Professional DPO Certification as a base and further equips participants thoroughly in order to apply data protection globally, rather than just relying on the General Data Protection Regulation (GDPR).

The course will include eight modules with the following topics:

1. What is a Global Privacy Officer (GPO): Description, statutory requirements, desirable professional qualities, critical responsibilities and cooperation and coordination with the legal department and the CISO. 
2. International legal framework (Convention 108, OECD Privacy Guidelines, APEC Privacy Framework)
3. Foundational Principles of Data Protection Law: key concepts & principles, legal basis of processing, different approaches to consent, fair and transparent processing, data security (basic) and retention.
4. Individual Rights: focus on access, correction, deletion, but with attention for other rights that exist around the world (profiling, do not sell, portability, right to be forgotten, etc.)
5. International Data Flows: what constitutes a data transfer, the concept of adequacy around the world, contractual safeguards and other transfer mechanisms (including onward transfers challenges).
6. Contracts: data protection in contracts, processing agreements, consent mechanisms, etc.
7. Confidentiality and Integrity: Technical and Organisational measures; data security and breaches, incident response plan in global operations.
8. Accountability: building a privacy management program to support compliance with privacy laws around the world, including documentation requirements. To what extent you can run a global one-size-fits-all service, and what features must be localised?

The first two modules will provide a worldwide overview of the tasks and legal framework of the work of a Global Privacy Officer. The remaining six modules will cover the fundamentals and key features of the data protection laws of the following countries focusing on the differences with the GDPR:

•  United States (CCPA - California’s Consumer Privacy Act & CPRA - The California Privacy Rights Act)
•  Brazil (LGPD – Data Protection Law)
•  Kenya (Kenya Data Protection Act)
•  Canada (PIPEDA- Data Protection Law & CPPA)
•  India (PBDP – Personal Data Protection Bill)
•  Japan (APPI - Act on the Protection of Personal Information)
•  Australia & New Zealand (Privacy Acts)
•  China (PIPL - Personal Information Protection Law)

Learning objectives

At the end of the training, participants will have a sound understanding of the key concepts, principles and a practical knowledge on data protection, privacy and data security rules worldwide, reducing your organisation’s risk of non-compliance when acting globally.

Learning Methodology and Trainers

Our training courses are driven by practical examples and interactive cases based on real-life scenarios (including group-work with other professionals). By using this methodology, participants learn:

how to recognize the issues of most importance to their business/organisations; 
how to set up a risk-based, sustainable and effective protection compliance programme and; 
how to draft privacy policies and procedures.

The course will be delivered by experts on privacy, data protection and data security with experience in working across many countries, industries and business positions.

Who should attend

This course is open to participants who have already obtained the Maastricht University ECPC-B European Professional DPO Certificate, or an equivalent professional DPO certification (40 hours training). It is designed for professionals with a background in data protection, privacy, law, or information security who are seeking to earn the Global Privacy Officer Certification. The training is ideal for Data Protection Officers (DPOs), security officers, compliance officers, as well as HR, IT, and marketing professionals who handle personal data on a global scale.