Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
      • Templates
        • T-005-001 Job Description
        • T-005-003 Training plan YYYY_nnn
        • T-005-004 Training evaluation and record
        • T-005-006 GDPR training
        • T-005-007 Technical Responsible designation
        • T-005-008 PRRC designation
        • T-005-009 QMS procedures training
        • T-005-010 Email footer generator
      • Specific procedures
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • Procedures
  • GP-005 Human Resources and Training
  • Templates
  • T-005-006 GDPR training

T-005-006 GDPR training

Purpose​

The purpose of this document is to record and certify that GDPR training has been acquired.

Definitions​

GDPR stands for General Data Protection Regulation. It is a comprehensive data protection and privacy regulation that was introduced in the European Union (EU) in 2018. GDPR was designed to enhance the protection of individuals' personal data and provide them with more control over how their data is collected, processed, and stored. It applies to both EU organizations and any organization outside the EU that processes the personal data of EU residents. Compliance with GDPR as a company means adhering to the rules and principles outlined in the regulation to ensure the protection of individuals' personal data.

Content​

  • First level information and second level information: what is first and second level information, legal notice, privacy policy and cookies policy.
  • The 3 roles of the GDPR and the responsibility of each role: understand the difference between the data owner, data controller and data processor and their obligations.
  • Data Collection and Consent: we must obtain clear and explicit consent from individuals before collecting and processing their personal data. This consent should be freely given, specific, informed, and easily revocable.
  • Data Minimization: we only collect and process the data that is necessary for the purposes for which it was collected. Unnecessary data should not be collected.
  • Data Portability: Individuals have the right to request their personal data from us and transfer it to another organization, if they wish.
  • Data Security: we are required to implement appropriate security measures to protect personal data from breaches and unauthorized access.
  • Data Protection Impact Assessments (DPIAs): In certain cases, companies are required to conduct DPIAs to assess and mitigate the risks to individuals' data privacy.
  • Data Subject Rights: GDPR grants individuals various rights, including the right to access their data, the right to rectify inaccurate data, the right to be forgotten (i.e., have their data deleted), and the right to object to certain types of processing.
  • Notification of Data Breaches: Companies must report data breaches to the relevant authorities and, in some cases, to affected individuals.
  • Accountability and Documentation: Companies are required to maintain records of their data processing activities and demonstrate compliance with GDPR.

Duration​

2 hours.

Documents​

All content and references can be found on youtube video tutorials, recorded and created by internal company personnel.

Timetable​

As the program consists of recorded videos, it can be viewed at the schedule that best suits the employee's needs.

Facilities and equipment​

The individual has the equipment or it can be provided by the company.

Teachers​

Teachers are internal workers.

Evaluation​

At the end of the training the trainer assess the knowledge acquired and the signature of this record means the approval of the efficacy of the training.

Configuration
Full name of trainee
Full name of certifier
Received and acknowledgedCertifies that the knowledge has been acquired

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
T-005-004 Training evaluation and record
Next
T-005-007 Technical Responsible designation
  • Purpose
  • Definitions
  • Content
  • Duration
  • Documents
  • Timetable
  • Facilities and equipment
  • Teachers
  • Evaluation
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)