Course Content
Module 1: Fundamentals of Data Privacy
This module comprises of 4 lessons and a quiz. Complete all lessons and quiz successfully to unlock module 2.
0/5
Video Lesson
00:00
Why is it important to protect personal data? 
Application and Definitions
Overview of Data Privacy
Fundamentals of Data Privacy Quiz
Module 2: Data Processing Requirements
This module comprises of 7 lessons and a quiz. Complete all lessons and quiz successfully to unlock module 3.
0/8
Security Safeguards
Information Quality
00:00
Consent
00:00
Lawfulness
Purpose Specification
Adequacy and Relevance
Accountability
Data Processing Requirements Quiz
Module 3: The Impact Assessment
This module comprises of 3 lessons and a quiz. Complete all lessons and quiz successfully to unlock module 4.
0/4
Video Lesson
00:00
What should an impact assessment include?
00:00
What is a Data Privacy Impact Assessment?
00:00
Impact Assessment Quiz
Module 4: Cross Border Transfer Flows
This module comprises of 1 lesson and a quiz. Complete all lessons and quiz successfully to unlock module 5.
0/1
An overview of Cross Border Transfer Flows
Module 5: Data Privacy Program, Safeguards and Risk Indicators
This module comprises of 4 lessons and a quiz. Complete all lessons and quiz successfully complete the course.
0/3
Video Lesson
00:00
The Data Privacy Compliance Program
00:00
Key Risk Indicators
00:00
Data Privacy: Best Practice
About Lesson

Complying with the Lawfulness Requirements 

Organizations can ensure compliance with the lawfulness requirements by taking the following steps:

  • Identify and Document Lawful Processing Grounds: Organizations should clearly identify and document the lawful grounds for processing personal information as defined in the data privacy legislation being implemented. These grounds include obtaining the individual’s consent, processing for the performance of a contract, compliance with a legal obligation, protecting the vital interests of the individual, pursuing the legitimate interests of the organization, or processing for historical, statistical, or research purposes.
  • Obtain Valid Consent: When relying on consent as a lawful processing ground, organizations should ensure that the consent obtained is freely given, specific, and informed. Consent should be obtained prior to processing personal information, and individuals should be provided with clear information about the purpose and consequences of the processing. Organizations should maintain records of consent and provide mechanisms for individuals to withdraw consent if they choose to do so.
  • Determine Legitimate Interests: If relying on legitimate interests as a lawful ground for processing personal information, organizations should conduct a legitimate interest assessment (LIA) to assess the necessity, proportionality, and impact on individuals’ rights and freedoms. The LIA should balance the legitimate interests of the organization against the rights and expectations of the individuals.
  • Limit Processing to Specified Purposes: Organizations should ensure that personal information is processed only for specified purposes that are lawful, explicitly defined, and compatible with the original purpose of collection. Any further processing of personal information should be assessed for compatibility, and if deemed incompatible, separate consent or another lawful ground should be obtained.
  • Adhere to Data Minimization Principles: Organizations should adopt data minimization practices, ensuring that personal information collected and processed is adequate, relevant, and not excessive for the purpose for which it is processed. Organizations should only collect and retain the necessary and pertinent information and avoid unnecessary data retention.
  • Comply with Legal Obligations: Organizations must comply with all applicable legal obligations when processing personal information. This includes adhering to industry-specific regulations, contractual obligations, or requirements imposed by law enforcement or regulatory authorities.
  • Establish Record-Keeping Processes: Organizations should establish record-keeping processes to demonstrate compliance with the lawfulness requirements. This includes keeping records of the lawful grounds for processing, consent obtained, and legitimate interest assessments conducted, as well as documenting any legal obligations that justify the processing of personal information.

By following these steps and adhering to the lawfulness requirements, organizations can ensure that their processing of personal information is conducted in a lawful and responsible manner.

 

Video Lesson

Previous
Next