Share |
Download: Flyer - Black&White (.PDF 406kb)
                          Course Outline (.PDF 366kb)

                                                               CGBP                              
presents

TUESDAY & WEDNESDAY, JUNE 15 & 16, 2021 * 1:30PM TO 4:45PM * via zoom logo

The National Privacy Commission in its five pillars of compliance expects the Personal Information Controllers (all those who set the policies), Processors (all those who collect, process and file information) and the Data Protection Officer to provide a system and create the manual that document the agreed data privacy protocol within the organization to implement the set rules and regulation in the processing of personal data and in securing personal information.

These two half-day online training sessions will provide participants with the whole-of-the-enterprise approach and methodology to compose the mandated Privacy Management Manual based on the National Privacy Commissionís practice standards

It will also include topics on how to plan, design, acquire, build and operate a Security Operation Center and provide a security incident management framework to help your organization hurdle the challenges of data breach, compliance and business continuity.

Course Director & Lecturer:

John Macasio
is the trainer and consultant at the Information and Communications Technology Literacy and Competency Development Bureau of the Department of Information and Communications Technology.

He has recently done capability building of management and workforce on privacy impact assessment and privacy and security management manual with the following organizations among many others:

   1. Department of Finance and some of its attached agency
   2. Department of Agriculture Ė National Meat Inspection Services
   3. Philhealth - Information Security Group
   4. Light Rail Transit Authority
   5. Philippine Fish Port Authority
    6. MAA General Assurance
   7. PHIVIDEC Industrial Authority

He co-authored the United Nations ESCAP/ APCICT published guidance on ICT Project Management Ė Theory and Application. The academy module has been introduced and translated in six (6) countries.
Who Should Attend:

    1. Personal Information Controller
     (Business Owners, CEOs/ COOs,
     GMs, Administrators, Policy and
     Decision Makers)
   2. Personal Information Processor
     (HR Leaders, Business Managers,
     Sales People, Record Keepers,
     Registrars, etc.)
   3. Data Protection Officer
   4. Compliance Officer for Privacy
   5. Those in outsourcing business
   6. Business Consultants


Attendees will earn credit points for their career advancement based on Civil Service Commission regulation on attending training from an accredited training provider.

Limited Slots Only, Pre-Registration Required

*Training investment is
P 5,580 inclusive of an e-certificate and a printed learning material


*Optional: Add P450 for a printed copy of a certificate of attendance inclusive of delivery charge

-----------------------------------------------


Contact Person: Aiza Cuenca
Telephone: (+632) 8556-8968 or 69
Telefax: (+632) 8842-7148 or 59
Email: aiza.cgbp@yahoo.com
Check: www.cgbp.ph


IMPLEMENTATION BEST PRACTICES
HOW TO DEVELOP A DATA PRIVACY MANAGEMENT SYSTEM & MANUAL


TUESDAY & WEDNESDAY, JUNE 15 & 16, 2021 * 1:30PM TO 4:45PM * via zoom logo


Training Description


Republic Act 10173, known as the Data Privacy Act of 2012 has obligated business enterprises, national government agencies, Government-Owned and Controlled Corporations, and Local Government Units to protect the data privacy right of every citizen; to apply the data privacy principles in data processing; to enforce the lawful criteria to handle personal information; and to adapt control measures that assure the confidentiality, integrity and availability of information.

The Personal Information Controllers (all those who set the policies), Personal Information Processors (all those who collect, process and file information), and Data Protection Officers are required to demonstrate their clear, specific and doable understanding of the accountability and responsibility through a documented manual of managing the control objectives of data privacy and information security. This comprehensive training will focus on the creation of the data privacy and information security management system and manual in compliance to the requirement of the National Privacy Commission. The covered topics are the following:

1. Governance of data privacy compliance and information security
2. Maintenance of personal data registry and visible inventory of information assets
3. Development, implementation, and monitoring of privacy and security policy
4. Conduct of privacy impact assessment and risk remediation planning
5. Implementation and activity recording of data privacy rights processes that make the Data Subject exercise the rights
    to be informed, to give consent, to have access, to correct, to block, to erase, to complain, to require data portability.
6. Design, develop, and operate a data processing system that applies the data privacy principles, lawful criteria, limiting
    condition, and security measures as defined by published rules and standards.
7. Management of security incident and privacy breach.
8. Provide single point of contact for inquiries, complaint, and assistance.
9. The data privacy and security management system demonstrate the ability of the personal information controller and
    processor to lead, direct, and control the delivery and support of the control objectives of data privacy and security
    protection

The whole-of-the-enterprise have to agree and communicate the compliance governance, success factors, results indicators, adopted policy, prescribed activities, established methodology, and the identified risks of non-compliance. The established data privacy and security management system determines, describes, documents and demonstrate the capability that must be acquired and implemented in order to deliver and support the control objectives of what to achieve, prevent, maintain and eliminate.


Day 1: Security and Privacy Management Framework, System and Methodology

Learning Objectives:

1. Establish the organization-wide-agreement on the statutory goals and regulatory objectives of data privacy
    protection implementation.
2. Identify the role, accountability and responsibility in the implementation of R.A. 10173
3. Identify and assess the organizationís capability to manage data privacy and security
4. Adopt the published rules and common standards to design, develop, operate and improve the organizationís
    protection privacy and security management system and manual

Learning Topics:

1. R.A. 10173 Statutory Goals and Regulatory Objectives
2. Data Privacy Implementation Role, Accountability and Responsibility
3. Data Privacy Management System Key Result Areas and Performance Indicators
4. Implementation Rules of Privacy Management System and Manual
5. Implementation Standards of Privacy Management System and Manual


Day 2: Breach Management, Security Operation Center, Incident Response Team

Learning Objectives:

1. Adopt the published regulatory procedures in the identification, analysis, control, response and report of security and
    privacy breach.
2. Utilize the known practice standards in security incident management and business continuity.
3. Plan and design the Security Operation Center to deliver and support the cyber security function of identification,
    protection, detection, response, recovery, investigation, and continuity.
4. Fill up to adopt the NPC Privacy Management Manual Template

Learning Topics

1. Security Incident Management and Complaint Rules of Procedures
2. Security Operation Center Requirements
3. NPC Privacy Management Program Manual Template

 





---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

NOTE: PARTICIPANTS IN THIS TRAINING ARE ALSO ENCOURAGED TO ATTEND THE TRAINING ON



Wednesday & Thursday, September 8 & 9, 2021 * 1:30PM TO 4:45PM * via zoom logo


---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

The Center for Global Best Practices also provides in-house training and offers professional consulting service to help organizations comply with the mandated requirement of the National Privacy Commission.

Contact details for your training or consulting requirement/s:
(+63 2) 8842-7148 or 59
(+63 2) 8556-8968 or 69

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------


*Training investment is P 5,580 inclusive of an e-certificate and a printed learning material


*Optional: Add P450 for a printed copy of a certificate of attendance inclusive of delivery charge



CLICK HERE TO ENROLL NOW!
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Share |
Download: Flyer - Black&White (.PDF 406kb)
                          Course Outline (.PDF 366kb)