The training will be organized in the following main nine modules based on nine areas of DPF© supported by case studies:
- Visibility over Personal Information (VPI)
This module will help participants evaluate the organization’s visibility and understanding over handling of personal information during its complete lifecycle from collection to deletion including types of personal information handled, organizational processes / functions / relationships involved, ownership, access channels and patterns, technical & physical environment, among others.
- Privacy Organization and Relationship (POR)
This module will help participants evaluate the adequacy of the privacy function established by the organization to design, implement and monitor privacy program and successfully meet the privacy obligations. The assessment includes evaluation of the organizational structure of the privacy function, governance mechanisms, responsibilities and tasks, coordination and collaboration with other organizational function, among others.
- Regulatory Compliance Intelligence (RCI)
This module will help participants evaluate organization’s capability to track applicable privacy legislations and determine their applicability through appropriate interpretation of regulatory requirements, thereby ensuring alignment of organization’s privacy initiatives to the evolving regulatory landscape. The assessment also includes evaluation of organizational efforts for employee awareness vis-à-vis their responsibilities and the liabilities of non-compliances and the management of compliance related knowledge.
- Privacy Contract Management (PCM)
This module will help participants assess organization’s competence in managing privacy risks when sharing personal information with third parties (for data controllers) OR when receiving personal information from client organizations (for data processors). The assessment includes evaluation of organizational processes for establishing visibility over organization’s external or client relationships, understanding and incorporating adequate privacy protection related clauses in the contracts signed with third parties or clients, identification of contractual liabilities and obligations, ensuring compliance with regulatory requirements, understanding impact of non-compliances, demonstrating compliance to contractual requirements, among others.
- Privacy Monitoring and Incident Management (MIM)
This module will help participants evaluate privacy monitoring and incident management capabilities of an organization to detect, contain and communicate privacy breaches or incidents and includes assessment of designing, contents and execution of privacy monitoring and incident management plan, with a focus on evaluating coordination and collaboration mechanisms established to respond to a privacy breach / incident.
- Information Usage and Access (IUA)
This module will help participants evaluate policy, processes, set of rules and technical controls deployed by the organization for limiting personal information collection, access and usage, thereby ensuring lawful and fair handling of personal information.
- Privacy Awareness and Training (PAT)
This module will help participants evaluate the organizational efforts in creating privacy awareness and training within and outside (external relationships) the organization in order to inculcate a strong privacy culture. The assessment includes evaluation of designing of awareness & training programs, contents of the programs, channels & platforms to deliver the contents, mechanisms to measure effectiveness of such programs, among others.
- Personal Information Security (PIS)
This module will help participants evaluate how an organization’s information security initiatives address security risks specifically to personal information. The assessment includes evaluation of organization’s security initiatives such as data classification techniques, data leakage scenario based planning, security controls & practices for protecting personal information, data centric IT architecture, integration of privacy in IT/ security initiatives (e.g. privacy enhancing technologies), among others. The assessment also covers organizational efforts for managing privacy implications emerging from use of security technologies.