GDPR Readiness: Building Your Data Privacy Plan
Learn how to create a comprehensive Data Privacy Plan that keeps your organization compliant with GDPR and other privacy legislation. This course walks you through every key component — from data mapping and breach procedures to staff training — giving you the tools to protect personal data and build customer trust.
What you'll learn
- Explain what a data privacy plan includes and why it matters
- Define key data privacy and data protection terminology
- Map the flow of personal data through an organization
- Write an information request procedure that upholds GDPR rights
- Develop internal data handling, retention, and erasure procedures
- Draft a data security policy covering both organizational and operational levels
- Create a personal data protection policy with clearly assigned responsibilities
- Adapt a client-facing privacy policy to meet GDPR transparency requirements
- Develop a structured data breach response procedure
- Plan awareness and role-specific privacy training for employees
- Identify supplementary GDPR requirements such as DPAs and DPIAs
Preview a lesson
Responding to Information Requests Under the GDPR, every individual has rights over their personal data — and your organization has a legal obligation to respond when those rights are exercised. An Information Request Procedure is the step-by-step process your team follows whenever someone contacts you about their personal information. Why You Need a Clear Procedure Without a documented process, information requests can be handled inconsistently — or worse, ignored. A clear procedure ensures that any employee who receives a request knows exactly what to do, even if your privacy officer is unavailable. The Rights Your Procedure Must Address Your Information Request Procedure should outline how to respond to each of the following: Right to be informed — the individual asks whether you hold their personal data Right of access — the individual requests a copy of all the personal data you hold on them Right to rectification — the individual provides evidence that their data is inaccurate and requests a correction Right to erasure — in circumstances such as withdrawal of consent, the individual requests that their data be deleted Right to restrict processing — the individual asks that you store their data but stop using it for processing Right to object — the individual objects to a specific use of their data, such as direct marketing Key Rules to
…Free to read in full once you sign in.
Sign up — it's freeCurriculum
Understanding Data Privacy and GDPR Fundamentals
3 lessons- textData Protection vs. Data Privacy: Know the Difference
- textThe GDPR: What It Is and Who It Affects
- quizPrivacy Fundamentals: Knowledge Check
Designing Your Data Privacy Plan
3 lessons- textThe Building Blocks of a Data Privacy Plan
- textMapping the Flow of Data in Your Organization
- quizPrivacy Plan Design: Knowledge Check
Procedures for Handling Personal Data
3 lessons- textResponding to Information RequestsPreview
- textManaging Data Internally: Accuracy, Retention, and Erasure
- quizData Procedures: Knowledge Check
Policies: Security, Protection, and Client Transparency
3 lessons- textBuilding a Data Security Policy
- textThe Personal Data Protection Policy and Client Privacy Policy
- quizPolicies in Practice: Knowledge Check
Responding to Breaches and Training Your Team
3 lessons- textWhat to Do When a Data Breach Occurs
- textTraining Employees on Data Privacy
- quizBreach Response and Training: Knowledge Check
Completing the Picture: Additional GDPR Requirements
2 lessons- textDPAs, DPIAs, and Supervising Authorities
- quizCompleting Your GDPR Compliance Journey: Knowledge Check