The purpose of the
seminar was to provide members of the Institute of Internal Auditors Bulgariawith an understanding of the
categories of personal data processed by their organizations, and how
information flows and links in the exchange of information within the
organization and between the organization and third parties affect the
rights of their users, customers and partners; to clarify what
organizational, legal and technical measures the organization has to
undertake to protect the personal data being processed by the
organization and how this affects the work of the employees and the
communication with third parties; as well as providing detailed
information on the ways of achieving compliance with the requirements of
the General Data Protection Regulation (GDPR).
Alexandra Tsvetkova, Director of LIBRe Foundation and an expert on legal aspects of information technology and personal data protection, led a training on the new aspects of personal data protection focusing on the basic principles of lawful processing, the duties of an organization as a data controller or a data processor including with respect to their employees’ duties, the Regulation 2016/679 compliance framework and the implementation of the necessary technological and organizational measures to achieve this compliance. Special sessions were dedicated to: requirements for lawful consent, automated individual decision-making including profiling, privacy by design and privacy by default, and data processing at the workplace.
The second day of the training was led by Mladen Mladenov, PhD, MPS, LL.M, MPF, MSM, who presented the GDPR grounds for claims, administrative and disciplinary sanctions and relavant national and EU case law.