Privacy Information Management System (PIMS) Masterclass

To enable the participant acquire knowledge and comprehensive understanding of key Privacy Information Management concepts and activities to enable strategic leadership and decision making with regards to Data Protection and Privacy.

  1. Data Protection and Privacy Concepts; Laws and Regulations around Data Protection and Privacy and Compliance Measures
  2. Roles and Responsibilities and Accountable Parties for Privacy Laws or Regulatory Compliance
  3. Technical and Organizational Measures for data protection


General Privacy and Data Protection Information

  • Definitions; Privacy, Data Protection, Personally Identifiable Information(PII), PII Controller, PII Processor, Joint Controller, Privacy Risks, Privacy Impact Assessments etc.
  • Why we protect personal data
  • Privacy and Security

Legal and Regulatory Requirements

  • Requirements for Data Protection (National Laws around Data Protection and Privacy e.g. Kenya Data Protection Law 2019, , GDPR, ISO 27701 etc.)
  • Principles of Data Protection/Privacy
  • Rights of the Data Subject

Privacy Information Management

  • Responsibilities and Accountabilities; Management, Staff, Technical Teams, Data Protection Officer, Supervisory Authority etc.
  • Privacy Training, Awareness and Communication

Day 2

Establishing a Privacy Information Management System

  • Gap Analysis
  • Privacy Information Management Maturity Assessment

Privacy Documentation

  • Data Protection Policy and supporting Policies, Guidelines, Standards etc.
  • Records of Processing activities

Privacy Risk Management

  • Privacy Risk Management
  • Privacy Impact Assessment

Day 3

Technical Privacy Controls

  • Data Collection – Consent, Lawful Basis, Data Minimization
  • Use of Personal Data – Purpose specification
  • Information Classification
  • Data Handling and Processing – Privacy by Design (Privacy Impact Assessment, SDLC Lifecycle, Encryption, Hashing, De-identification) and Privacy by Default (Access Control, Data Retention etc.)
  • Applications and Software Hardening
  • Monitoring and Logging
  • Transfer and Sharing of Personal data – International and Third Party Transfers
  • Handling Requests – Notice, Access and Correction, Consent, Right to Erasure, Right to Data Portability

Impact of Trends and Technologies on Data Protection and Privacy

  • Cloud Computing
  • Big Data
  • Blockchain Technology
  • Robotic Process Automation (RPA)
  • Machine Learning and Artificial Intelligence
  • 5G
  • Internet of Things(IoT)

Incident Management and Personal Data Breaches

  • Incident Identification and Response
  • Identifying data  breaches
  • Breach Notification Procedures