Key principles, PIA methodology, key risks and risk management initiatives

Date: 21st July 2017

By May 2018, Data Protection Impact Assessments will be compulsory for a large number of organisations. Also known as a Privacy Impact Assessment (PIA), PIAs will be mandatory under the new EU General Data Protection Regulation (GDPR) in any circumstance where a project proposal introduces risk to the rights and freedoms of data subjects, it is essentially a risk assessment of proposed processing of personal data.

Possible examples of when this may be required for an organisation, would be in considering a new vendor, moving to a new market or processing platform, or introducing a new data processing activity.

It will be a requirement to run the PIA, document its findings and the resulting risk assessment, and show written evidence that these risks have been considered in the eventual design and build of the processing solution. Since most project proposals introduce some element of change, and therefore some element of risk, it is widely expected that PIA’s will become a familiar sight on the data processing landscape in the coming 12 months.

This unique CPD workshop will examine the concept of Privacy by Design, and will discuss the role of the DP officer. This will be a “learning by doing” workshop, to ensure that attendees know best practice in practical terms. We will cover an informative walkthrough of the GDPR in general terms, as well as the PIA methodology in detail, and explore how to identify and undertake a project that may require a PIA. You will hear from others in your field on the key risks that arise from the PIA, and will be offered guidance on best practice.

What topics will be covered?

  • Overview of the GDPR
  • Review of the 7 Principles
  • Focus on concept of Privacy By Design
  • Role of DP Officer
  • Review of criteria of projects requiring a DPIA
  • Walk-through of the PIA Methodology
  • Identification of typical project proposal which would necessitate a PIA
  • Workshop – Tackling a project proposal using the PIA methodology
  • Delegate feedback on the key risks and risk management initiatives arising from the PIA – Guidance on possible options
  • Summary of best practice approach and learnings from the workshop
  • Q & A

The ideal attendee would be someone who has responsibility for the implementation of such projects within their organisation – such as Data Protection Officers, Project Managers, Project Sponsors, or Programme Managers responsible for the success of the project. The course would also be very relevant to third-party vendors who need to be familiar with the process, including implementation managers from IT and data management service providers.

On completion you will receive your CMG Certificate of Attendance as well as your CPD Certificate containing 5 Structured CPD Points. Please note certificates are issued only at the close of the training course to participants who complete the full 5 hours. 

Dave Farrelly

Dave Farrelly, M.Sc. (Mgmt.), Dip. Finance, BA

Dave has extensive business and technology management experience having worked in leadership roles in the interactive media and technology sector for his entire career.  

Having worked for companies such as Riverdeep and Vivendi Games, Dave was responsible for business management and operations as well as the oversight of all project delivery. Dave is a seasoned lecturer and trainer specializing in data protection and the upcoming GDPR legislation, project management and IT capability management.  

Training Environment:

CMG Professional Training courses take place at our state-of-the-art training facility in the Apex Building situated in the Beacon Quarter of Sandyford Industrial Estate, Dublin 18. The CMG Training Centre is accessible by the Luas, (Sandyford line, Stillorgan stop – 6 mins walk) several bus options (the number 11 travels from O Connell street Dublin and stops directly outside the training centre) and we are situated very close to the M50 at the Beacon Hospital corner. There are several car parks within a three minute walk from the training centre with very competitive ‘all day’ parking rates and we have a range of coffee shops (including Starbucks) as well as shops and restaurants nearby.

Date, Time & Venue:

Date:                   21st July 2017
Times:                9.30am to 3.30pm
Venue:               Apex Business Centre, Blackthorn Road, Sandyford, Dublin 18

Course Cost:

This course costs €395 (Early-bird), normal rate €435. Includes course documentation and light refreshments. While the course fee does not include lunch, we do provide freshly made sandwiches, coffee and a range of teas and fresh juice for those who require a light lunch. Alternatively you can avail of the local food stores and coffee shops opposite the training centre for hot food or alternative lunch options.

   Telephone:+353 1 2933650

Company Name (required)

Number of Delegates Attending (required)

Delegate's Name(s) (required)

Delegate's Position(s) Within Company (required)

Delegate's Email(s) (required)

Booker's Name (required)

Booker's Email:

Booker's Telephone (required)

Payment Options (required)

We recommend you pay by credit card to ensure you receive the best rate available

Invoicing Address

Accounts Phone Number (required)

Accounts Email (required)

NOTE: Please do not enter your credit card details. A member of our staff will contact you promptly when you have submitted the form.

Terms and Conditions:
General Terms and Conditions: Full Payment is due on booking. In the event of payment by cheque, must be received within seven days from date of invoice and in any case must be paid prior to attending the training course. If you are unable to attend, a substitute attendee may be sent at any time for no additional charge. Cancellations must be received in writing, by fax or letter, no later than 14 days prior to the event for a refund. Regrettably, no refunds can be made after that date. CMG Training reserves the right to make any necessary changes to the advertised training programme including a change of venue. The views expressed by the Trainers are not necessarily those held by the organisers, nor is the organiser responsible for tutors/trainers opinions or statements.

CHANGING BOOKING TO ANOTHER ADVERTISED DATE. If you wish to change your booking to another advertised date for the same course, you must do so no later than 7 days prior to the event taking place. In the case of a request to change to another advertised date with less than 7 days’ notice, it will be treated as a new booking and liable for payment as a new booking. CMG Training reserves the right to make any necessary changes to the advertised training programme including a change of venue. The views expressed by the Trainers are not necessarily those held by the organisers, nor is the organiser responsible for tutors/trainers opinions or statements.

I have read the terms and conditions