Synopsys Enters into Definitive Agreement for Sale of Application Security (Software Integrity Group) Learn More

close search bar

Sorry, not available in this language yet

close language selection

GDPR for Developers and Architects v2.0

Course Description

This intermediate course discusses GDPR principles, requirements, and personal data specifics for software developers and technical architects. It examines the processes for getting consent for personal data collection, how personal data should be accessed and shared, and provides an in-depth view on data subject access requests (DSARs) and international data transfers (IDTs). This course requires basic familiarity with the GDPR, and students are advised to complete “Introduction to GDPR” before taking this course.

Learning Objectives

  • Explain the principle of data protection by default and by design and how it applies to software development
  • Discuss privacy requirements and classify what data is personal data, including the special categories of personal data
  • Know the processes for sharing personal data with law enforcement
  • Explain data portability and deletion, as well as access control and logging in the context of the GDPR
  • Define data subject access requests and know how to prepare for and respond to such requests
  • Define international data transfers and explain the proper handling of data transfers to third parties


Delivery Format: eLearning

Duration: 2 Hours

Level: Intermediate

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers

Prerequisites: Introduction to GDPR

Course Outline

Principle of Data Protection by Design and by Default

  • Article 25: Data Protection by Design and by Default
  • Processing Only Personal Data Necessary
  • Privacy an Integral Part of the Design Phase
  • Introduce a Privacy Page
  • Privacy Policies and Data Protection Controls

Privacy Requirements

  • From Principle to Privacy Requirements
  • Categories for Privacy Requirements
  • Data Collection Requirements
  • Data Processing Requirements
  • Data Storage and Deletion Requirements

Personal Data

  • Definition and Examples of Personal Data
  • IP Addresses and Location Data
  • Cookies and Similar Identifiers
  • Examples of Data not Considered in Scope of GDPR
  • Special Categories
  • Indirectly Revealing Personal Data
  • Deceased Persons

Getting Consent

  • Requirements for End User Consent
  • Getting Consent
  • Consent Life Cycle
  • Consent Withdrawal
  • When Is Consent Valid?
  • GDPR Fines Related to Consent

Personal Data Collection and Processing

  • Lawfulness, Fairness and Transparency
  • Purpose Limitation and Data Minimization
  • Accuracy
  • Right to Restrict Data Processing
  • Storage Limitation
  • Data Profiling

Collecting Personal Data of Children

  • GDPR Mandate
  • Requirements
  • Reasonable Effort to Verify a User's Age
  • Conducting a Data Protection Impact Assessment (DPIA)

Accessing Personal Data

  • Right of Access
  • Providing Copies of Personal Data and Other Relevant Information
  • Right to Edit and Correct
  • Data Retention

Sharing Personal Data with Law Enforcement

  • Lawful Basis
  • Share Only What Is Necessary
  • Informing Data Subjects about Law Enforcement Requests

Data Portability and Deletion

  • Exporting Data
  • Deleting Data

Anonymization and Encryption

  • Encrypting Data
  • Encrypting Data in Motion
  • Encrypting Data at Rest
  • Integrity Protection
  • Anonymization and Pseudoanonymization
  • Anonymization and Pseudoanonymization Techniques

Data Subject Access Requests (DSARs)

  • How to Prepare
  • How to Receive
  • How to Respond

International Data Transfers (IDTs)

  • International Transfers of Personal Data
  • Handling Data Transferred to Third Parties
  • Map your Flows of International Data

Access Control and Logging

  • Requirements for Access Control
  • Keeping Audit Trails and Logs


Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster