Course Overview
The short course introduces the concept of privacy and data protection to participants. Data protection is a relatively new concept in Botswana and implementation of the legal requirements is still in its infancy. The Data Protection Act was passed by Parliament in 2018 and re-enacted in 2024 which came into operation on the 14th of January 2025. Therefore, persons with responsibilities are expected to be compliant with its legal requirements. The course is therefore intended to assist participants with understanding the background of data protection, the definition of terms and concepts, as well as applying the principles and obligations prescribed under the Data Protection Act of 2024 to their specific organisational environment.
Learning Objectives
• Explain the principles of the General Data Protection Regulation (GDPR) • Define personal data, the data controller, data processor, data protection representative and data subject. • Interpret the applicability and scope of the Data Protection Act. • Describe the functions of the Data Protection Commission. • Outline the responsibilities of a data controller and data protection representative. • Identify all types of data processed by one’s organisation. • Demonstrate the requirements for processing personal data. • Outline the rights of a data subject. • Participate in one’s organisation’s initiatives toward compliance with data protection requirements.
Target Audience
This training is suitable for
- • Board Members
- Data Controllers (CEOs, Managing Directors, Directors)
- Data Processors (supervisors, front-line workers)
- Data Protection Officers
- IT Officers
- Legal Officers
- Compliance Officers
- Business consultants
COURSE CONTENT
The course will cover the following:
DAY ONE
4.1. Introduction
- What is data protection
- Aims of data protection
4.2. The EU’s General Data Protection Regulation (GDPR) Objectives
- Principles of the GDPR
- Key Issues
- Penalties
4.3. Botswana’s Regulatory Framework
- The Data Protection Act, 2024
- Definitions
- Application and limitation
- Information and Data Protection Commission
- Functions
- Powers
- Other legislation
4.4. The Information and Data Protection Commission
- Information and Data Protection Commission
- Duties
- Powers
4.5. Responsibilities under the Data Protection Act
- Data Controller
- Implement measures to ensure that personal data is processed lawfully.
- Support the functions of the Data Protection Officer
- Provide information to the data subject
- Communication of personal data breach to the data subject.
- Data Protection Officer
- Designation of a Data Protection Officer
- Qualifications
- position in the organisation
- Duties
- Secrecy, confidentiality and conflict of interest
- Data Processor
4.6. Processing of personal data
- Data processing principles
- Legal basis for processing
- Revocation of consent
DAY TWO
4.7. Processing of sensitive personal data
- Basis for processing sensitive personal data
4.8. Rights of data subjects
- Access
- Rectification and Erasure
- Restriction
- Data portability
- Objection
4.9. Security of Personal Data
4.10. Data Protection Impact Assessment
4.11. Transfer of personal data to third countries or International Organisations
- Transfer based on the adequacy decision
- Transfers subject to appropriate safeguards
4.12. Consequences of non-compliance
- Administrative
- Criminal
- Compensation
Method Of Delivery
- Physical training
- Online live training
Assessment
A Quiz will be undertaken at the end of each day to test the delegates’ overall understanding of the topic discussed for a particular day. Scenarios and questions are included at the end of each module for group exercises that will be followed by presentations. Feedback will be provided after quizzes and group exercises. Case studies will also be discussed to link data protection issues with real life cases for better understanding.