Course Information

Course Overview

There should be a Data Champion from each business area. This training will help them channel information on data protection within their department, and ensure tasks are completed for the Data Protection Manager. The Data Champion should undergo a full training day and will be the ‘go-to’ person responsible for overseeing data privacy matters in their business area. These people are responsible for encouraging a privacy culture in their business areas and ensure any concerns or queries, especially regarding potential data breach issues, are expediently escalated to the organisation’s Data Protection Manager.

Who Should Attend

  • Individuals involved responsible for Personal Data Protection in an organizations
  • Individuals who would like to be data privacy champions in their organization
  • Individuals seeking to gain knowledge about the main privacy principles
  • Understand the General Data Protection Regulation requirements and the fundamental principles of privacy
  • Understand the obligations, roles and responsibilities of the Data Protection Champion
  • Understand the concepts, approaches, methods and techniques to effectively participate in the implementation process of a compliance framework with regard to the protection of personal data

Course Outline


Day 1:
• What is personal data and why does it need to be protected;
• Data protection principles;
• Employee data protection obligations;
• Employee training and awareness;
• Employee information rights;
• Key considerations for disclosing personal data to external third parties;
• What is special category data and the correct procedures for handling information such as trade union membership, medical and sick absence data;
• How to complete a DPIA (Data Protection Impact Assessment);
• How to manage a data breach;
• How to manage SARs (Subject Access Request); and
• How to update your ROPA (Record of Processing Activities).


Day 2:
• Fundamental principles and concepts of the General Data Protection Regulation (GDRP)
• The Kenya Data Protection Act
• How to manage a data breach;
• How to manage SARs (Subject Access Request); and
• How to update your ROPA (Record of Processing Activities