Professional Certification Education

From a Maastricht University Certificate to your Master Degree …. plan your learning journey here!

Whether it is a Professional Certification or even a Master’s Degree... we believe your training does not stop at the end of a course. Obtaining a professional qualification from Maastricht University is only the beginning. We offer you a continuous assessment and monitoring of your knowledge, skills and learning needs and a platform to keep on developing yourself. Holding and updating a Maastricht University certificate or professional diploma guarantees a strong asset in the fast-changing market where you need to act.

Qualifications

EU General Data Protection Regulation Essentials
a jump-start (ECPC-A Beginners)

What you will get
  an introduction to the fundamentals of data protection and privacy, including the GDPR
  the key implementation and compliance activities you need to know to perform your tasks effectively.

At the end of the course, you will have a sound understanding of the key concepts and principles of privacy and the actors and roles involved, as well as data protection obligations under the new GDPR and how it is being applied in practice. 

Who should attend
 individuals with little experience who wish to enter the field of data protection and privacy with a professional qualification
  people already involved in data protection and privacy who wish to update their knowledge under the new GDPR regime, for example newly appointed DPO's, security officers, compliance officers, HR/IT/Marketing staff dealing with personal data ...

 This course is a building block for the next level DPO Professional Certification and is usually offered as a package.

EU General Data Protection Regulation
DPO Professional University Certificate (ECPC-B DPO)

What you will learn
This is a specialised four-days hands-on training focused on privacy risk management enabling participants to acquire the must-know knowledge and the “do’s and don’ts” in order to efficiently perform the role and tasks of data protection officer (DPO) under the GDPR. 

The training provides you:
  an in depth insight of the GDPR  and all implementation obligations;
  a step-by-step plan and checklist to put in place the necessary privacy compliant data protection and information security policies in your organisation;
  guidance in the most cost-effective and efficient ways to comply with the GDPR.

Who should attend
 people already involved in data protection and privacy with either a legal data protection ór information security background who wish to obtain a Professional DPO Certification, for example newly appointed DPO's, security officers, compliance officers, HR/IT/Marketing staff dealing with personal data ...

Prerequisite:
To attend this course it is required to have obtained the Jump-Start certificate. This is usually offered in combination.
 

Obtain your ‘Maastricht University Professional Certificate ECPC-B DPO’
On completion of the course, you can take part in the examination which consists of a MCQ test, a graded group assignement and a written / oral final exam. Experience our unique Maastricht University teaching methodology and become a certified DPO.

Your Professional Diploma

Did you obtain your ‘Maastricht University Professional Certificate ECPC-B DPO’ and do you want to deepen your knowledge further? Or do you hold any other relevant professional certification and do you want to get the Maastricht University learning experience leading to a Professional Diploma?
Maastricht University now offers you a full immersion training package building on knowledge already gained and leading to a Professional Diploma*!

The Professional Diploma consists of:

  • Four compulsory courses (Privacy Executive Week)
  • Two elective courses
  • One executive or elective sector specific case study
  • Write a thesis / complete an assignment in your organisation
     

Requirements – Who can apply? 

* The Diploma Track on Privacy Management is not part of the Maastricht University studies which are accredited according to the Dutch Higher Education and Research Act (WHW)

Take the challenge and obtain your Professional Diploma from Maastricht University.

Privacy Executive week

This is a compulsory four-days executive training for those who want to obtain their Maastricht University Professional Diploma. In addition to the four days you can choose here your half-day sector specific case study. The Privacy Executive week is also highly recommended for those want to follow a specialised and intensive programme covering both privacy- as well as cybersecurity management.

8-12 October 2018

Niet ge- definieerd

Privacy Executive week

Courses (Week 1) Duration
Data Protection Governance, Enterprise/Organisation Risk Management, Relationship with Data Subjects and Supervisory Authorities: Structuring, Auditing and Demonstrating Compliance 1 Day
Data Protection Impact Assessment (DPIA), Security Risk Assessment & Data Protection by Design: Assessing and Designing Compliant Data Processing 1 Day
Data Breach Management: Prevention, Detection, Mitigation, Notification to the Supervisory Authority and Communication tothe Data Subjects 1 Day
Data Transfer: Special focus on Binding Corporate Rules and Standard Contractual Clauses 1 Day 
Niet ge- definieerd

Data Protection Governance

Enterprise/Organisation Risk Management, Relationship with Data Subjects and Supervisory Authorities: Structuring, Auditing and Demonstrating Compliance

Practical guidelines on how to create, implement and audit a Data Protection Management Programme to demonstrate accountability under the EU General Data Protection Regulation (GDPR) both to data subjects and to supervisory authorities, taking into consideration the Enterprise/Organisation Risk Management framework

This training course provides practical guidance for the creation of a Data Protection Management Programme, which needs to be both effective and coherent with the Enterprise/Organisation Risk Management framework. It sheds light on the concepts of accountability, compliance and data protection management in the context of the evolving EU data protection framework. Moreover, the course provides guidelines and tools (e.g., methodologies and checklists) to perform personal data protection/security internal audit or investigation under the GDPR and coherently assess controllers and processors’ level of compliance. The participants will benefit from hand-on experience to ensure comprehensive data protection management and prompt response to inquiry in their organization. The following questions are addressed:

  • What are the legal requirements derived from the notion of accountability under the GDPR?
  • How to structure and draft a Data Protection Management Programme that will ensure ongoing compliance (and not simply ticking boxes)?
  • What is the role of the Data Protection Officer in creation of an effective Data Protection Management Programme?
  • How to coordinate the Data Protection Management Programme with the relevant Enterprise/Organisation Risk Management framework?
  • How to build internal accountability: techniques of mapping data processing and building a register?
  • How to demonstrate accountability externally: best practices for responding to requests for documentation by supervisory authorities or data subjects?
  • How to gauge the level of compliance of processors or controllers with whom personal data is shared?
  • How different approaches work for different organizations (public authorities vs. private entities; start-ups vs. SMEs vs. MNEs)?
  • How to identify the perimeter of the audit?
  • Who are the entities involved in the audited data processing activities and their roles?
  • What are exactly the data processing activities carried out within the perimeter of the audit?
  • How to identify the type of personal data processed?
  • How to correctly identify the personal data flow/transfer outside the EU?
  • How to identify relevant duties and obligations of the parties involved under the GDPR?
  • How to verify the compliance with parties' relevant duties and obligations?
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk? [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]
  • How to verify the correct management of Personal Data Breaches? [see specific training on Data Breach Management]
  • How to evaluate controller's Data Protection Impact Assessment? [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]
  • How to verify the accurateness of the records of processing activities?
  • How to verify the compliance with the principles of Data Protection by Design and by Default? [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]
  • How to evaluate data processing agreements/clauses with third parties, e.g., limitation of liability, hold harmless, and indemnity clauses? [see specific training on Data Protection Contract Management]
  • How to verify the correctness of the legal basis for transferring data outside the EU, e.g., Model Contractual Clauses, Privacy Shield, Binding Corporate Rules, Consent, etc.? [see specific training on Data Transfer]?
  • How to draft a meaningful audit report?
  • How to effectively set and manage audit meetings and interviews (e.g., kick-off meeting, interim meetings, closing meeting, interviews, etc.)
  • What constitutes a data subject access requests under the new EU GDPR?
  • How to assess the validity of data subjects’ and supervisory authorities’ requests and how to reply to them (identification requirements, content, time limits)?
  • How to set parameters for the search for information and collating the results?
  • How to incorporate data subjects’ and supervisory authorities’ requests into your operational ‘business as usual’ processes?
  • How to manage data subjects complaints?
  • How to deal with new rights such as the right to be forgotten, restriction of processing, data portability, and it’s practical implementation?
Niet ge- definieerd

Data Protection Impact Assessment (DPIA)

Security Risk Assessment & Data Protection by Design: Assessing and Designing Compliant Data Processing

Practical guidelines on how to carry out a Data Protection Impact Assessment (DPIA), evaluate the security risks in an organisation and design data processing in compliance with the EU General Data Protection Regulation (GDPR)

This course provides practical methodologies and tools to conduct a DPIA, to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Moreover, it focuses on the key principle of data protection-by-design/by default and its practical application to processing activities and technologies in an organization. The following questions are addressed:

  • What is the practical meaning of data security key concepts: confidentiality, integrity, availability?
  • What are personal data, pseudonymized data, and anonymized data?
  • What does personal data processing exactly means? How is data subject exactly defined?
  • Which are effective techniques to anonymize personal data? 
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk?
  • Actors, roles and responsibilities of the parties involved in the relevant data processing activities: who is involved and who is responsible for what?
  • Which are the available information security risk management international standards (e.g., ISO 27005) for the performance of a correct risk analysis?
  • What is a DPIA?
  • Actors, roles and responsibilities: who is involved and who is responsible for completing a DPIA?
  • When should you conduct DPIA?
  • How to conduct a DPIA?
  • How to assess risks? How to quantify them and determining whether the risks are acceptable?
  • What appropriate remedial measures could be adopted to eliminate or mitigate the risks?
  • What DPIA records should be kept and in which format?
  • How to select/develop an effective DPIA procedure (templates, checklists etc.) for your organization?
  • Which are the core elements of the data protection-by-design/by default principle?
  • How to place data protection-by-design/by default in a legal and technical context (matching legal standards and technical requirements to gauge data protection-by-design/by default requirements, specifications, implementation, testing, deployment and maintenance)?
  • How to include data protection-by-design/by default in development cycles and how to embed it in the broader Data Protection Management Programme of your organisation?
  • The basics of data protection engineering and data protection-by-design/by default – or: how to communicate with IT on data protection?
  • What is the role of the Data Protection Officer in the evaluation of the security risks in an organisation, performance of a DPIA, and in the design of data processing activities in compliance with the GDPR?
Niet ge- definieerd

Data Breach Management

Prevention, Detection, Mitigation, Notification to the Supervisory Authority and Communication to the Data Subjects 

Practical guidelines on how to manage data breaches in terms of: prevention, investigation, documentation, notification to the competent supervisory authority and communication to the data subjects under the EU General Data Protection Regulation (GDPR).

Building on practical experience of data breaches, this course provides insights on how to handle one of the most complex, stressful and high-risky situation an organisation can face. Specific attention will be dedicated on how to correctly and effectively prepare for a data breach: having data breach management policies and procedures in place, which specifically deal with prevention, detection, mitigation, notification to the competent supervisory authority and, as the case may be, communication of a breach to the data subjects. The following questions are addressed:

  • What is a data breach?
  • How to prevent a data breach?
  • How to detect a data breach?
  • How to document a data breach?
  • How to mitigate the effects of a data breach?
  • Who are the relevant people/functions in the organisation to involve in order to effectively manage data breaches?
  • What is the role of the Data Protection Officer in the management of a data breach?
  • How to evaluate whether the breach must to be notified to the supervisory authority?
  • How to identify the competent supervisory authority to notify the breach?
  • What it the timeline for notifying a data breach to the supervisory authority?
  • What information related to the data breach should be notified to the supervisory authority?
  • How the notification to the supervisory authority should be made?
  • How to evaluate whether the breach must be communicated to the data subjects?
  • What it the timeline for communicating the data breach to the data subjects?
  • What information related to the data breach should be communicated to the data subjects?
  • How the communication to the data subjects should be made?
  • How to draft effective data breach management policies and procedures?
  • How to learn from a data breach?
Niet ge- definieerd

Data Transfer

Special Focus on Binding Corporate Rules and Standard Contractual Clauses (1 day)

Practical guidelines on how to lawfully and safely transfer personal data abroad under the EU General Data Protection Regulation (GDPR).

This training course will provide a practical hands-on approach to the different existing transfer mechanisms, derogations and exemptions to overcome the legal limitations affecting international data transfers. The following questions are addressed:

  • How to effectively identify all the entities involved in the data processing activities?
  • How to effectively map the data flows to foreign countries?
  • Which data protection provisions should be considered when sending data to a foreign country?
  • Which countries have an adequate level of data protection?
  • What to do when a country does not have an adequate level of data protection level, but my organization/company would still like make a data transfer?
  • What are the methods of ensuring that transfers are lawful?
  • What are Standard Contract Clauses and how do they work in practice?
  • What are Binding Corporate Rules and how do they work in practice?
  • What is the “Privacy Shield” and how does it work in practice?
  • How to safeguard our data and comply with the GDPR?
  • How to ensure that service providers-subcontractors meet the applicable legal requirements concerning data transfer?
Niet ge- definieerd

Parallel sector specific workshops

Case studies and examples (Parallel workshops 3 hours each)
Handling personal data within Public authorities/EU Institutions: meeting compliance requirements and preserving citizens’ rights
The management of personal data in International Organizations/Humanitarian Aid: security and availability of data should coexist
Data management in Private Sector: the valorisation and protection of personal data is key to all businesses

Data protection and Universities & Research Centres: sharing of data in compliance with applicable regulations is fundamental

Course listing

  • Privacy Executive week

    Dit is er niet
  • Data Protection Governance

    Dit is er niet
  • Data Protection Impact Assessment (DPIA)

    Dit is er niet
  • Data Breach Management

    Dit is er niet
  • Data Transfer

    Dit is er niet
  • Parallel sector specific workshops

    Dit is er niet

Privacy Elective Courses

This week is composed of four specialised training days for those who want to build further on knowledge already gained and who want to become a privacy- and security specialist. Maastricht University Diploma candidates need to select and follow two elective courses from this programme. An optional half-day sector specific case study can be added to the programme.

11-15 June 2018
10-14 December 2018

Niet ge- definieerd

Elective courses

 Courses   
Big Data & Analytics: Managing Data Protection Compliance, Risks, and Accountability 1 Day
Cloud Computing: Managing Data Protection Compliance, Risks, and Accountability 1 Day
Internet of Things (IoT): Managing Data Protection Compliance, Risks, and Accountability 1 Day
Data Protection Contract Management: Drafting, Negotiating and Managing Data Protection
related contracts/clauses
1 Day
Niet ge- definieerd

Big Data & Analytics

Managing Data Protection Compliance, Risks, and Accountability

Practical guidelines on how to identify specific data protection compliance aspects, risks and demonstrate accountability under the EU General Data Protection Regulation (GDPR) in the big data & analytics domain.

In this course data protection implications of big data and analytics are specifically analysed, and practical insights on how address compliance and demonstrate accountability in such complex domain will be shared with the participants.

The following questions are addressed:

  • How big data is defined?
  • What does performing analysis on big data means from the data protection point of view?
  • Which are the main provisions of the GDPR which need to be considered in the big data & analytics domain?
  • Which are the main documents issued by EU (data protection) authorities/institutions on personal data processing related to big data & analytics?
  • Transparency, user control, data protection by design/default and accountability as the main pillars of big data & analytics compliance: how to apply them?
  • How to deal with big data & analytics on personal data, pseudonymised data, and anonymized data?
  • How to select the most appropriate legitimate ground to process data in the big data & analytics domain (e.g., data subject’s consent, legitimate interest pursued by the controller or by a third party)?
  • Doing big data & analytics on personal data already collected or on personal data to be collected: how to deal with these two different scenarios?
  • Does big data & analytics trigger the obligation to conduct a DPIA?
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed by big data & analytics?
  • How to assess the lawfulness of and possibly regulate profiling activities carried out by means of big data & analytics in compliance with the GDPR?
  • The “compatibility test” and how to apply it to the big data & analytics domain?
  • How to correctly comply with the duty to inform the data subjects regarding big data & analytics-related processing activities?
  • How to ensure effective compliance with the purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability principles in the big data & analytics domain?
  • Why data quality is key in the big data & analytics domain?
  • How to effectively regulate big data & analytics’ services offered by third parties in compliance with the GDPR (e.g., data processing agreements, data protection clauses)?
  • Big data & analytics, cloud computing and internet of things are converging to develop cutting-edge solutions, how to deal with compliance in complex/data-intensive environment?
Niet ge- definieerd

Cloud Computing

Managing Data Protection Compliance, Risks, and Accountability

Practical guidelines on how to identify specific data protection compliance aspects, risks and demonstrate accountability under the EU General Data Protection Regulation (GDPR) in the cloud computing domain.

In this course data protection implications of cloud computing are specifically analysed, and practical insights on how address compliance and demonstrate accountability in such complex domain will be shared with the participants.
The following questions are addressed:

  • How cloud computing can be defined?
  • How cloud computing services work in practice (service models: IaaS, PaaS, SaaS; deployment models: public cloud, private cloud, hybrid cloud)?
  • Which are the main data protection issues related to cloud computing?
  • Which are the main contractual issues related to cloud computing?
  • Which are the main provisions of the GDPR which need to be considered in the cloud computing domain?
  • Which are the main documents issued by EU (data protection) authorities/institutions on personal data processing related to cloud computing?
  • Are there international standards/codes of conducts related to cloud computing and data protection compliance?
  • Introducing the Privacy Level Agreement [V3] Code of Conduct: A Compliance Tool for Providing Cloud Services in the European Union, how it works and how can it be leverage for assessing compliance of cloud services with the GDPR?
  • How to deal with data breaches which involve a cloud service providers?
  • How to assure data subjects’ rights in the cloud, especially data portability, access, erasure (“right to be forgotten”), restriction of processing?
  • How to deal with data transfer in the cloud computing domain?
  • Does cloud computing trigger the obligation to conduct a DPIA?
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed by cloud computing?
  • How to monitor/control data processing in the cloud?
  • How to deal to with Law Enforcement Authorities’ requests for disclosure of personal data in the cloud?
  • How to deal with data restitution/deletion in the cloud?
  • How to deal with ‘migration’ and ‘transfer back’ without losing control on the data in the cloud environment, and in compliance with the GDPR?
  • How to effectively regulate cloud computing services to assure compliance with the GDPR (e.g., data processing agreements, data protection clauses)?
  • Big data & analytics, cloud computing and internet of things are converging to develop cutting-edge solutions, how to deal with compliance in complex/data-intensive environment?
Niet ge- definieerd

Internet of Things (IoT)

Managing Data Protection Compliance, Risks, and Accountability 

Practical guidelines on how to identify specific data protection compliance aspects, risks and demonstrate accountability under the EU General Data Protection Regulation (GDPR) in the Internet of Things (IoT) domain.

In this course data protection implications of IoT are specifically analysed, and practical insights on how address compliance and demonstrate accountability in such complex domain will be shared with the participants.

The following questions are addressed:

  • How IoT can be defined?
  • How IoT works in practice (examples of IoT environments)?
  • Which are the main data protection issues related to IoT?
  • Which are the main provisions of the GDPR which needs to be considered in the internet of things domain?
  • Which are the main documents issued by EU (data protection) authorities/institutions on personal data processing related to cloud computing?
  • How to identify the type of personal data processed in an IoT environment?
  • How to identify the type of processing carried out in an IoT environment?
  • How to identify the parties involved in the data processing performed in an IoT environment?
  • How to correctly identify the personal data flow/transfer outside the EU in an IoT environment?
  • How to identify relevant duties and obligations of the parties involved in an IoT environment under the GDPR?
  • How to verify the compliance with parties' relevant duties and obligations in an IoT environment?
  • Does IoT triggers the obligation to conduct a DPIA?
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk in an IoT environment?
  • How to effectively regulate respective duties and obligations of the parties involved in an IoT environment, to assure compliance with the GDPR (e.g., data processing agreements, data protection clauses)?
  • How to select the most appropriate legitimate ground to process data in a IoT environment (e.g., data subject’s consent, legitimate interest pursued by the controller or by a third party, execution of contractual obligations)?
  • How to ensure effective compliance with the purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, accountability principles in an IoT environment?
  • How to correctly comply with the duty to inform the data subjects in an IoT environment?
  • How to assess the lawfulness of and possibly regulate automated individual decision-making (including profiling) carried out by means of IoT in compliance with the GDPR?
  • Big data & analytics, cloud computing and internet of things are converging to develop cutting-edge solutions, how to deal with compliance in complex/data-intensive environment?
Niet ge- definieerd

Data Protection Contract Management

Practical guidelines on how to evaluate, negotiate and draft data protection agreement/clauses under the EU General Data Protection Regulation (GDPR).

In this course data protection implications of the most common IT contracts are analysed, relevant parties' duties and obligations are identified, and guidance on how to correctly deal with them in the related data protection agreements/clauses is provided. The following questions are addressed:

  • How it is commonly structured an IT contract?
  • Which are the data protection implications of the IT services analysed?
  • Actors, roles and responsibilities: who is involved and who is responsible for what?
  • Should you conduct a preliminary Data Protection Impact Assessments? [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]
  • How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]?
  • How to comply with the principles of Data Protection by Design and by Default [see specific training on Data Protection Impact Assessment, Security Risk Assessment & Data Protection by Design]?
  • Who should keep the record of processing activities and how?
  • How to deal with possible personal data breaches? [see specific training on Data Breach Management]
  • How to identify issues in IT contracts?
  • How to deal with limitation of liability, hold harmless, and indemnity clauses?
  • How to negotiate appropriate data processing agreements/data protection clauses?
  • How to draft robust data processing agreements/data protection clauses?
  • How to regulate contractual and data protection-related disputes?
Niet ge- definieerd

Elective sector specific workshops

Case studies and examples (Parallel workshops 3 hours each)

Learn how to effectively implement the GDPR requirements​ for:

Banking and financial sector    
Technology
Media & Entertainment
Research
Healthcare

Courses listing

  • Elective courses

    Dit is er niet
  • Big Data & Analytics

    Dit is er niet
  • Cloud Computing

    Dit is er niet
  • Internet of Things (IoT)

    Dit is er niet
  • Data Protection Contract Management

    Dit is er niet
  • Elective sector specific workshops

    Dit is er niet