Online platform for data protection training. Case study - Romania top level domain

No Thumbnail Available
Journal Title
Journal ISSN
Volume Title
The introduction of the European Data Protection Regulation (GDPR) is the most important change in data protection legislation in the EU and worldwide, in recent years. All public system operators as well as private system operators with over 250 employees are required to analyze personal data processing in accordance with art. 30 of the General Data Protection Regulation. National Institute for Research and Development in Informatics - ICI Bucharest offers numerous services (research-development-innovation services, domain registration .ro, electronic fiscal tax markers, ICIPRO - institutional cloud) that process personal data from data from research-development-innovation projects until identification data of the legal representatives of institutions requesting space in the institutional cloud. A special place is occupied by the domain registration services (ROTLD), where the processing of personal data plays an important role, in the sense that ICI, as a data controller, must take into account all the provisions regarding the protection of such personal data, which the user offers them when registering a domain. In this context, in addition to the implementation of GDPR policies, ICI Bucharest, through the Training Center, has developed a training program for its own employees on the conditions of GDPR compliance, especially for ROTLD clients. These training and awareness program is built on an online platform that offers distance learning and self-paced facilities. ROTLD clients are those who register domains with the .ro extension and who, in order to do so, must provide a series of personal data, established in accordance with the regulatory acts governing the registration of domains at European level ( and international (ICANN, IANA and so on). In this context, the experience in the implementation of GDPR at the ROTLD level has demonstrated that both personnel operating personal data and clients do not know the GDPR provisions. In this context, the training and awareness program offered by us has as main objective the acquisition and development of competences regarding the processing of personal data and the understanding of the importance of the protection of these data in the context of different processing. The program consists of 8 training modules, with a duration of about 40 hours, with a weekly distribution, but accessible according to the student's needs. Each module contains a theoretical, interactive module that uses game-based self-learning methods, interactive phrases puzzles, and an application part with problem-solving methods based on scenarios the student needs to solve. The course also contains webinars and virtual class options that allow students to interact with each other. At the end of each course there are quiz - tests with self-learning, and blueprints for each topic that allow student to prepare the final exam. As a result from ROTLD clients, we have a positive feedback through the training program they understanding the need for personal data protection. In the future we intend to certify this course at national level and to align with the national occupational standards on personal data protection.
gdpr, training program, dpo, research project