Period:  02/2019
Status:  Finished
Contacts:  Alexandra Tsvetkova

The purpose of the seminar is to provide members of the Institute of Internal Auditors Bulgaria with an understanding of the categories of personal data processed by their organizations, and how information flows and links in the exchange of information within the organization and between the organization and third parties affect the rights of their users, customers and partners; to clarify what organizational, legal and technical measures the organization has to undertake to protect the personal data being processed by the organization and how this affects the work of the employees and the communication with third parties; as well as providing detailed information on the ways of achieving compliance with the requirements of the General Data Protection Regulation (GDPR).

Alexandra Tsvetkova, Director of LIBRe Foundation and an expert on legal aspects of information technology and personal data protection, lead the first day of the training with respect to the new aspects of personal data protection focusing on the basic principles of lawful processing, the duties of an organization as a data controller or a data processor including with respect to their employees’ duties, the Regulation 2016/679 compliance framework and the implementation of the necessary technological and organizational measures to achieve this compliance. Special sessions are dedicated to: requirements for lawful consent, automated individual decision-making including profiling, privacy by design and privacy by default, and data processing at the workplace.

The second day of the training is led by Mladen Mladenov, PhD, MPS, LL.M, MPF, MSM, who presents the GDPR grounds for claims, administrative and disciplinary sanctions and relavant national and EU case law.

Applied Research

Partners