Course 02Additional OverlaysPrivacy
Privacy operations, data handling, and DPIA logic.
0
1
Intern
0 XP

Privacy & Data Protection

Privacy is no longer optional — it's a fundamental right in the EU and an increasing regulatory requirement globally. This track covers GDPR from the ground up (principles, legal bases, data subject rights, DPIAs, breach notification, international transfers), CCPA/CPRA for US operations, and the practical challenge of building and running a privacy program that actually works. Built for DPOs, privacy analysts, compliance managers, and anyone handling personal data.

WORKSPACE SNAPSHOT
FRAMEWORKS
4
MODULES
6
CERTIFICATES
5
SCENARIOS
3
Module 1 of 6 · GDPR Deep-Dive

GDPR — Article by Article Where It Matters

The General Data Protection Regulation (Regulation (EU) 2016/679) has been in force since May 25, 2018. It applies to any organization processing personal data of individuals in the EU, regardless of where the organization is located. Maximum fines: €20 million or 4% of global annual turnover (whichever is higher) for the most serious violations, €10 million or 2% for lesser violations. Over €4.5 billion in fines have been issued since 2018.

Personal data must be processed lawfully (based on one of six legal bases), fairly (processing must not be detrimental, unexpected, or misleading to the data subject), and transparently (data subjects must be informed about how their data is used in clear, plain language). Transparency requires providing privacy notices at the time of data collection that explain: who is processing the data, for what purposes, on what legal basis, who it will be shared with, how long it will be retained, and what rights the data subject has.

TRACK NAVIGATOR
LEARNING FLOW
FRAMEWORK FOCUS
CORE FRAMEWORKS
gdpriso-27001nist-800-53nist-csf
TARGET CERTIFICATIONS
CIPP/ECIPP/USCIPMCIPTISO 27701 Lead Auditor
PRACTITIONER OUTCOME
Build industry fluency, not generic GRC knowledge
Understand how privacy & data protection regulations shape the control environment.
Move from framework names into operating decisions, evidence, and enforcement pressure.
Use the modules in sequence, then apply the same reasoning in scenarios and projects.