Specialised Education for
Data Protection Officers & GDPR Professionals
Data Protection and GDPR implementation professionals require extended knowledge and practice.
We are delighted to give access to our Solvay Alumni and GDPR professionals to Specialised Education that both created and sustained the reputation of Solvay Brussels School in domains like Digital Transformation, Technology Implementation, Information Security, Risk Management, Compliance and Auditing, and much more.
The modules are delivered in 8 subsequent sessions plus an examination during evening classes.
The following list of available modules are sorted by domains of knowledge.
Select and register to the module that is related to your competences and needs.
Benefit now from
15% special Alumni discount!
This module helps GDPR professionals in implementing the governance and the organisation for an adequate compliance.
Module G2
"IT Governance Workshop"
Module Sessions
Session 1 -> COBIT5 Overview and COBIT Principles
Session 2 -> COBIT Processes Reference
Session 3 -> COBIT5 Enablers
Session 4 -> Examples of COBIT application
Session 5 -> Measuring IT Process Capabilities
Session 6 -> Structured implementation of IT Governance Workshop
Session 7 -> Examples of Practical COBIT Implementation
Exam
Module Objectives
Two main objectives:
- Get the necessary skills in order to be able to effectively apply Governance of Enterprise IT principles in practices, using the COBIT5 Framework
- Prepare you to be able to pass the COBIT5 Foundation certification exam
Detailed Module Objectives
- Understand the concepts relating to the structure and format of the framework, the drivers and business benefits of using the COBIT5 framework;
- Know facts and terms relating to the five Principles of COBIT5;
- Understand that COBIT enables IT to be governed and managed in a holistic manner for the entire enterprise;
- Know facts, terms, and concepts relating to the Process Capability Model;
- Understand the Process Capability Model and the basic ISO 15504 concepts;
- Understand the guidance that ISACA offers on implementing COBIT5, the use of the continual improvement life cycle' in enabling change in an enterprise;
- Understand how COBIT is used for performing IT Audits;
- Understand how COBIT can be used for building IT governance within an organisation.
Price: 2.500 EUR
Agenda
from April to June 2019
Domain 1
Legal & Management Requirements
- GDPR Principles: Material scope, Personal scope, and Territorial scope
- Processing principles: Lawfulness of processing, Conditions for consent, Processing of sensitive data and Processing not requiring identification
- Data subject (DS) Rights: General modalities; Information and access to data; Rectification and erasure; Right to portability; Right to object; Right to not be subject to automated individual decision making/profiling
- Remedies and sanctions
- Responsibility of Controller
- Responsibility of Processor and Sub-Processor
- Data Processing Agreement
- Data Protection by Design and by Default
- Records of Processing Activities
- DPO Designation, Position and Tasks
- Cross border data flows today and the road ahead
- International Data Transfers solutions: adequacy, Derogations and Safeguards
- Role of Certification and Codes of Conduct
- Analysis of Cloud computing (Case discussion)
Module Sessions
01 October -> From uncertainty to action: the broad picture
08 October -> Conducting an audit assignment (1)
15 October -> Conducting an audit assignment (2)
22 October -> Being recognised as an expert in the assurance process: insight on what it takes to become certified
29 October -> Selecting and scoping an assignment
05 November -> Communicating on results in order to trigger action
12 November -> Asking the right questions to the audit client
19 November -> Collecting evidence and drawing conclusions
26 November -> Exam
Module Objectives
After completing this module, participants will:
- Have a sound understanding of the business context and needs for an expert opinion;
- Have a sound understanding of the corporate governance, risk management and control principles;
- Understand commonly accepted practices, activities and expectations from assurance providers;
- Be able to formulate an audit question or comfort statement, to develop the work programme, to formulate findings and recommendations leading to a SMART action plan;
- Be able to participate and bring value to an assurance project led by another Professional.
Price: 2.500 EUR
Agenda
from October to November 2018
Master the assessment skills and adopt professional audit techniques while reviewing and improving Data Protection Controls.
Empowering your risk management capabilities and bringing extended legal knowledge on various digital issues.
Module Sessions
Module Objectives
Price: 2.500 EUR
04 October -> Introduction to IT Risk and COBIT 5 for Risk
11 October -> IT Risk Workshop - Case Study (Part I)
18 October -> IT Risk Workshop - Case Study (Part II)
25 October -> IT Risk Workshop - Case Study (Part III)
08 November -> Privacy and Data Protection and other IT legal aspects from a CIO perspective
15 November -> Privacy and Data Protection
22 November -> Intellectual Property
29 November -> Executive overview of legal aspects in IT
06 December -> Exam
- Introduction and discussion of basic Risk related concepts & presentation of the COBIT 5 for Risk framework
- Apply the COBIT 5 for Risk concepts to a comprehensive case study
- Learn from CIOs how they approach Privacy and Data Protection in their organisations and how they deal with legal and HR departments in a multinational context
- Learn about Privacy and Data Protection requirements
- Learn about IP issues
Agenda
from October to December 2018
Module A3
"Building Expert Opinion"
Module G3
"IT Risk & Legal Concerns"
- Data Protection Impact Assessments Context, Relevance
- Risk Management principles, Risk Scenario and their categories
- Risk Response Priority Workflow
- Information Risk Management Steps
- Samples of detailed Risk Scenario Analysis
- DPIA Process in light if the guidelines from the G29 Working Party
- Detailed Walkthrough of the DPIA Process (Risks, Controls, Risks, and Decisions)
- The Concept of Legitimate Interest
- Shadow IT impact on GDPR Compliance
- Analysis of Internet of Things applications (Case discussion)
- Analysis of Facebook tracking through social plug-ins (Case discussion)
Domain 2
Risk & Impact Assessment
Module M3
"IT Sourcing Management"
Module Sessions
03 October -> Sourcing Strategy
10 October -> Vendor Selection & Contract Management
17 October -> Transition & Transformation
24 October -> Relationship Management
31 October -> Case Study on BPO - new trends in outsourcing
07 November -> Legal
14 November -> Skill Management
21 November -> eSCM and other frameworks
28 November -> Exam
Module Objectives
After following this module, the students should be able to :
- Define the sourcing strategy of a company and understand the specificities,applicability's, levelers, risks, challenges and benefits of the different sourcing alternatives;
- Learn how to implement each of the lifecycle phases from supplier selection and contracting to exit strategy, through managing the contract execution and the relationship, relying on best practices and with an awareness of the major traps;
- Understand the sourcing maturity levels and be able to use eSCM to assess a maturity level and make it progress, along with other market frameworks;
- Apply SFIA for resource planning, recruitment, and assessment;
- Understand the most important legal challenges, in the different areas of Law that you can encounter in an sourcing project.
Price: 2.500 EUR
Agenda
from October to November 2018
Data Protection depends on sourcing partners' capabilities and compliances. This module addresses the sourcing life cycle and essential controls necessary to succeed the two-way processor-controller relationship.
Module Sessions
Session 1-> The need for change
Session 2 -> Organizational maturity
Session 3 -> Lean Six-Sigma - 1
Session 4 -> Lean Six-Sigma - 2
Session 5 -> Dimensions of change
Session 6 -> Project Management 1
Session 7 -> Project Management 2
Session 8 -> Project Management 3
Exam
Module Objectives
- Understand the dimensions of business transformation (organization, process, performance)
- Understand the notions of “Business process”, “Business process management” and “Business Process Maturity”
- Be aware of Business Process transformation best practices and issues
- Understand the principles and practice of Project and Program Management
- After attending the module, the participants will be able to participate into Business transformation projects with a clear understanding of what is going on and how it should go on, from the process management, change management and project management point of views.
Price: 2.500 EUR
Agenda
from April to June 2019
Module Sessions
Session 1-> Application Management Overview & Positioning
Session 2 -> Application development life cycle activities
Session 3 -> Application Management Governance, Assurance, Risk & Audit
Session 4 -> Application Infrastructure Foundations
Session 5 -> Application Architectures
Session 6 -> Application development languages, platforms, and patterns
Session 7 -> Secure the application layer
Session 8 -> Putting the applications in production
Exam
Module Objectives
At the end of the module, the participants should be able to understand:
- the Supply and Demand framework and the different Governance and Maturity methods used for application management;
- the different Software Development Life Cycle (SDLC) methodologies;
- the basic technology building blocks and how they interact when to use in- or outsourcing, open-source or Commercial Off The Shelf Software (COTS);
- the importance of Governance, Quality, Auditing & Risk in development and methods that exist to manage it;
- what methods & frameworks are used at which point in the SDLC;
- design and testing methods used throughout development;
- different application architectures depending on the type of function provided;
- common programming languages that are used, how applications are modeled and implemented through patterns using frameworks;
- importance of application security and methods that exist to manage threats;
- the operational and delivery life cycle processes from inception, going over release-, change-, configuration management to disposal.
Price: 2.500 EUR
Agenda
from April to June 2019
Gain necessary knowledge in software applications and system constructions to ensure essential Data Protection through purchased and built software and web pages.
Module M2
"Applications Build & Management"
Module B2
"Business Transformation"
GDPR professionals need to manage programmes while projecting and implementing change through digital transformation of a variety of processes and operations.
Domain 3
Compliance Transformation
- Defining security controls
- Information Security Management System (ISMS)
- ISO 27001 controls & the impact on Privacy & Data Protection
- Role of the CISO & information security domains
- Data Protection Governance & Business Requirements definition
- Differences CISO - DPO
- Security Fundamentals
- Sources of external threat
- Enterprise Security Architecture
- Cybersecurity processes
- Bottom-up approach using comprehensive security controls checklists
- Typical Shortcomings in Existing Management Processes
- Network Security methods and Cloud computing threats
- Identity and access management
- Security information and event management
- Implementing and Demonstrating the effectiveness of security controls
- Security vs Privacy
- Data Protection threats and Data Protection controls
- Building Data Protection into systems to counter Vulnerabilities and attacks
- Data protection by design
- Data Protection Design Strategies
- Data Protection Enhancing technologies
- Analysis of GDPR Accountability versus consent (Case discussion)
- Analysis of Data Protection by default in a Geolocation (Case discussion)
- Threat modelling technique for privacy
Module Sessions
Session 1-> Fundamentals: Cryptography
Session 2 -> Fundamentals: System & Network Security
Session 3 -> Fundamentals: Application-Level Security
Session 4 -> Fundamentals: Identity Management & Access Control
Session 5 -> Legal, Regulations, Compliance Aspects
Session 6 -> Physical (Environmental) Security/ Business Continuity and Disaster Recovery
Session 7 -> Security Architecture and Design
Session 8 -> Operations Security
Exam
Module Objectives
Price: 2.500 EUR
- To meet a growing demand in knowledge in the ever expanding security field
- To broaden your current knowledge of security concepts and practices
- To demonstrate practical and working knowledge of information security
- To offer a career differentiator, with enhanced credibility and marketability
- To be able to discuss security topics with expert lecturers and therefor understand not only theory but also practice.
- To allow you to communicate with security professionals specialized in eg one specific security domain (eg IAM) based on a industry recognized vocabulary.
- In short: the S-track is intended for participants to be able to work in CISO office, and the S2 module targets the linking CISO and SME security interaction
Agenda
from April to June 2019
Module Sessions
Session 1-> Introduction + Information Security Governance
Session 2 -> The role of the modern CISO & certification
Session 3 -> Information Security Management Standards
Session 4 -> Information Security Risk Management
Session 5 -> Information Security Sourcing & Architecture
Session 6 -> Information Security Awareness & Operations
Session 7 -> Information Security Innovation
Session 8 -> Information Security Incident & Crisis Management
Exam
Module Objectives
Price: 2.500 EUR
- Get better business results & value from IT security investments (“ROI/value” approach)
- Decrease security risk complexity (“risk” approach)
- Contribute to contractual & regulatory requirements (“external compliance” approach)
- Improve confidence in operational & financial integrity (“reliability” approach).
- Improve public image & relationship with external stakeholders (“communication” approach)
- Protect Board & Directors from blame for legal problems (“accountability” approach)
- Establish / Enhance shared set of values to guide security behavior (“cultural” approach)
- (Re-)Focus on IT Security Controls (“audit” approach)
- Contribute to existing corporate / IT security policies & procedures (“internal compliance” approach)
- Gain competitive advantage through best uses of next generation security technologies (“innovation” approach)
- Gain competitive advantage through external delivery centers & point solution expertise (“multisourcing” approach)
- Prioritize security systems & projects to attain better focus on business critical applications & processes & needs (“alignment” approach)
- Enhance understanding of IT security among Board & Directors (“awareness” approach)
- Optimize IT security operations with integrated approach to confidentiality, integrity & availability (“integration” approach)
- Provide consistency in security terminology, measurement, compliance & risk tolerance (“consistency” approach).
Agenda
from January to March 2019
Security by design, Identity and Access Management, Cryptography, and Network Security are some of enablers for Data Protection and are key for building a Data Protection by design environment. Both the DPO and GDPR implementation manager require to understand and ensure Information security techniques are adequately put in place and verified.
Information Security Management is a key success factor for GDPR implementation. The Chief Information Security Officer is a key partner to the DPO. This module addresses information security management system and the governance activities of information security.
Module S2
"IT Security Practices"
Module S1
"Information Security Management"
- Personal data categories
- Data Life Cycle Management
- Data Classification Process
- Manage Data Protection within a classification process
- Apply security rules to software
- Data Flow
- Governance enablers in a Data Protection transformation
- Seven steps for a Data Protection program implementation
- Key success factors for a successful implementation
- Link to external resources and usual Data Protection frameworks
- Overview of Data Protection standards
- The transformation process and Organizational Barriers
- Practical step by step implementation at a complex organisation
- Creating a Data Protection notice/policy, a consent policy/withdrawal, a Data breach notification form, and a complaint form
Domain 4
Information Security & Privacy
Module Sessions
Session 1-> Group Dynamic
Session 2 -> An introduction to communication skills part1
Session 3 -> An introduction to communication skills part2
Session 4 -> Presentation skills
Session 5 -> Team management
Session 6 -> Serious creativity
Session 7 -> Neurocognitivism
Session 8 -> Negotiation
Exam
Module Objectives
- Adapt to communication styles and channels;
- Animate a question and answer time;
- Apply knowledge about non-violent conflict management to their social work practice;
- Apply the concepts of modern persuasion skills;
- Can identify the brain activities relating to the reflex, reflection and re-action activities;
- Communicating as a leader and presenter;
- Decode the signals in communication;
- Describe the negotiation process, tricks and gambits and apply it to all areas of life;
- Distinguish between different responses to conflict, and the consequences of each of these responses;
- Gain the communication recipient’s attention and interest by using the right language and style;
- Identify and articulate other people's points of view;
- Improve structure, tone, wordiness of communications;
- Inspire confidence and empowerment;
- Lead stakeholder to the desired action or reaction.
Price: 2.500 EUR
Agenda
from April to June 2019
Module Sessions
Session 1 -> Setting the scene: the Wall Street Shuffle
Session 2 -> Service Strategy
Session 3 -> Service Design
Session 4 -> Service Transition
Session 5 -> Service Operation
Session 6 -> CSI & performance management
Session 7 -> Sourcing
Session 8 -> Lean Thinking
Session 9 -> "IT governance through other frameworks e.g. COBIT; ISO 20k; ISO 38500"
Exam
Module Objectives
Price: 2.500 EUR
- By providing a global overview of the most used IT Service Management (ITSM) frameworks, standards & techniques, to understand what these mean & imply at the operations level;
- To focus on the de-facto standard, ITIL v3, and to bring the participants to the official <Foundation> level;
- To illustrate the implementation risks & difficulties and spot the pitfalls with relevant real-life <return of experience>;
- To offer the possibility to participants to gain an ITIL Foundation certification through an accredited examination session.
Agenda
from January to March 2019
Successful implementation of Data Protection involves building robust services that are necessary for compliance as well in responding to Data Subject requests, to handle Data breaches and to ensure adequate execution of various compliances processes.
Module M1
"IT Service & Run Management"
Module A2
"Soft Skills for IT Professionals"
Running since 2005, this module has trained hundreds of compliance, digital professionals and Information security experts bringing to them the essential soft skills in communication, presentation and other methods that enable change management and stakeholders buying. This module extends your knowledge in all five domains of knowledge in GDPR.
Domain 5
Operations & Breach Management
- Response / Breach Management & Communication
- Security of Processing & Data Breach Notification People, Process, Technology
- Statistics overview and Questionnaires to relate risks of security and data breaches
- Security operations centre
- Data Breach requirements in GDPR
- Reasons of personal data breach
- Maintain a Personal Data incident/Response Plan
- Incident Handling standards
- Incident identification & classification and key performance indicators
- Incident Management guidance
"The Education at Solvay Brussels School gave me the chance to open a new paradigm in my professional career. I would recommend to anyone interested in the challenge of a new DPO role.
The "Information Security Management" module is the core of the security management practices; it provides the major frameworks and bodies of knowledge, very useful in regards of GDPR Art32. The “IT Risk and Legal Concerns” module is fundamental for the DPO role.
The “Business Transformation” module enhances the skills for business transformation, change management and project/program management, definitively a solid and complete background for the DPO daily activities".
William De Angelis
DPO at la Compagnie Intercommunale Liégeoise des Eaux
Testimonials
"In addition to my DPO education at Solvay Brussels School, I was enrolled in the Executive Master in Information Security and Cybersecurity. It enables me to join the cyber security team of Deloitte Belgium and to integrate the International Privacy Professionnal Members of the firm. Moreover, I strongly believe that the synergie between those two tracks gave me enough confidence to engage more amongst both security and privacy experts.
I am glad to notice everyday that the knowledge acquired during the sessions help me constantly adressing accurately my client expectations".
Steve Ahouanmenou
Senior Consultant in Information Security and Privacy at Deloitte
"I recently completed my IT Management Education at Solvay Brussels School with the DPO education. Two specific IT Management Education modules have brought to my knowledge and expertise in Compliance, Governance, the G2-IT Governance workshop and in IT Risk the G3-IT Risk and legal concerns.
These modules structures very well the approach to follow when facing major compliance transformation programs and fulfilling the need to have a methodology to the identify the gaps and in reaching defined protection targets which any DPO is facing in his day to day activities.”
Liviu Luca
ERP, Governance of IT, IT Audit and Information Security Consulting
"The GDPR DPO education from the Solvay Business School has given me a solid background to enable me to best deploy my organization on May 25th, 2018. The course was given by experts that highlighted the different aspects of the impact of the GDPR. The wide range of topics covered Information Security, GDPR articles, Marketing, Cross-Border information flows and more.
I strongly recommend this course to anyone needing to acquire practical insights, as it combines theory and practice on both the legal and operational needs for a successful implementation. The strong partnership between Solvay and the Privacy Commission gave me as a student the all-around view I expected."
Taco Mulder
CISO-DPO CHU Brugmann and HUDERF
Questions?
Contact the Programme Manager
Anna VITIELLO
anna.vitiello@solvay.edu
+32 2 650 67 40
©2019 Solvay Brussels School of Economics and Management
42, Avenue Franklin Roosevelt
1050 Bruxelles