Get in Touch

Course Outline

Day 1

I. Selecting a Personal Data Protection Management Model?
1. Prerequisites for an effective data protection system
2. Existing data protection governance models
3. Division of roles and responsibilities in data protection processes

II. Duties and Responsibilities of the Data Protection Officer (DPO)
1. Mandatory appointment of a Data Protection Officer
2. Optional appointment of an Auditor
3. Essential knowledge for a DPO
4. Sources for gaining knowledge
5. Qualifications to act as an Auditor
6. Employment forms for the Supervisor
7. Professional development for the DPO
8. DPO tasks

III. Data Flows
1. What a DPO needs to know about data flows
2. Expected capabilities of a DPO
3. DPO tasks in this context

IV. Preparing and Conducting an Audit
1. Audit preparatory activities
2. Preparing the audit plan
3. Appointing and assigning tasks to the audit team
4. Creating working documents
5. Audit checklist
6. Case study: The auditing process

V. Assessing Compliance Levels
1. Key considerations:
2. Processing security
3. Legal grounds for processing
4. Principle of consent
5. Principle of data minimization
6. Principle of transparency
7. Entrustment of processing
8. Transferring data to third countries and international transfers

VI. Audit Report
1. Preparing an audit report
2. Audit report components
3. Key areas of attention
4. Case study
5. Engaging employees – building awareness
6. Verifying CPU warranty

VII. Maintaining Compliance
1. Employee awareness – a critical issue
2. Data Protection Policy
3. Essential documentation
4. Continuous monitoring

Day 2

VIII. Introduction to Risk Management
1. Organizing the risk assessment process
2. Selected risk assessment practices
3. Essential elements of a DPIA

IX. Examining the Context of Personal Data Processing
1. Contextual research exercises
2. External context
3. Internal context
4. Common mistakes

X. Data Protection Impact Assessment (DPIA)
1. Purpose of execution
2. When a DPIA is obligatory versus optional
3. Necessary elements of the process
4. Inventory of processing activities
5. Identifying processing resources, particularly those with high risk

XI. Risk Analysis Exercises
1. Estimating the probability of a hazard occurring
2. Identifying vulnerabilities and existing security measures
3. Evaluating effectiveness
4. Estimating consequences
5. Risk identification
6. Determining the level of risk
7. Determining the risk acceptability threshold

XII. Asset Identification and Security Exercises
1. Determining the process risk value for the resource
2. Estimating the probability of hazard occurrence
3. Vulnerability identification
4. Identifying existing safeguards
5. Estimating consequences
6. Risk identification
7. Determining the risk acceptability threshold

Requirements

Target Audience

  • Individuals serving as Data Protection Officers
  • Professionals interested in expanding their knowledge in this field
 14 Hours

Number of participants


Price per participant

Open Training Courses require 5+ participants.

Testimonials (1)

The variety of the information shared and the clarity to explain terms in plain English.

Arisbe Mendoza - Fairtrade International
Course - GDPR Workshop

Upcoming Courses

Personal Data Protection Officer - Advanced Level

2026-07-27 09:30
14 hours
Puebla - Triangulo Las Animas
76,413 MXN (Online)
96,413 MXN (Classroom)

Personal Data Protection Officer - Advanced Level

2026-08-10 09:30
14 hours
Puebla - Fratta Center
76,413 MXN (Online)
96,413 MXN (Classroom)

Personal Data Protection Officer - Advanced Level

2026-08-24 09:30
14 hours
Mexico City - Torre Concreta
76,413 MXN (Online)
96,413 MXN (Classroom)

Personal Data Protection Officer - Advanced Level

2026-09-07 09:30
14 hours
Mexico City - Samara Shops Tower A
76,413 MXN (Online)
96,413 MXN (Classroom)

Related Courses

GDPR Workshop

 7 Hours

Gain comprehensive knowledge of the General Data Protection Regulation essentials through this intensive one-day workshop, specifically tailored for managers, department heads, and compliance professionals. The curriculum covers GDPR foundations, the rights of data subjects, core data protection principles, consent requirements, obligations for reporting breaches, and the concept of privacy by design. Participants will receive practical frameworks to implement GDPR compliance strategies throughout their organizations, ensuring lawful data processing and fostering a culture of accountability in data protection.

Read more...

How to Audit GDPR Compliance

 14 Hours

This course is designed specifically for auditors and administrative professionals responsible for verifying that their control systems and IT environments comply with current laws and regulations. The program starts by clarifying core GDPR concepts and explaining how these requirements impact the daily responsibilities of auditors. Participants will examine the rights of data subjects, the obligations of data controllers and processors, and the frameworks for enforcement and compliance under the regulation. Additionally, the training includes a review of the audit program developed by ISACA, equipping auditors to evaluate GDPR governance, response mechanisms, and supporting processes that mitigate risks associated with non-compliance.

Read more...

PECB GDPR - Certified Data Protection Officer

 35 Hours

The PECB Certified Data Protection Officer training program empowers you with the essential knowledge, skills, and competence required to effectively perform the duties of a Data Protection Officer within an organization's GDPR compliance framework.

Why should you attend?

As data protection grows increasingly critical, organizations face growing demands to safeguard this information. Non-compliance with data protection regulations not only infringes upon individuals' fundamental rights and freedoms but also exposes organizations to significant risks that can damage their credibility, reputation, and financial standing. Your expertise as a Data Protection Officer is vital in navigating these challenges.

This PECB Certified Data Protection Officer training course will equip you with the knowledge and practical skills needed to serve as a Data Protection Officer (DPO), helping organizations meet General Data Protection Regulation (GDPR) requirements.

Through hands-on exercises, you will master the DPO role, gaining the competence to inform, advise, and monitor GDPR compliance, as well as collaborate effectively with supervisory authorities.

Upon completing the training, you may sit for the exam. If you pass, you can apply for the "PECB Certified Data Protection Officer" credential. This internationally recognized certificate validates your professional capability and practical knowledge to guide controllers and processors in fulfilling their GDPR obligations.

Who should attend?

  • Managers or consultants aiming to prepare and support an organization in planning, implementing, and sustaining a GDPR-based compliance program
  • Current DPOs and individuals tasked with maintaining GDPR compliance
  • Members of information security, incident management, and business continuity teams
  • Technical and compliance professionals preparing for a Data Protection Officer role
  • Expert advisors specializing in personal data security

Learning objectives

  • Grasp GDPR concepts and interpret its requirements
  • Understand the content and interrelation between GDPR and other regulatory frameworks, such as ISO/IEC 27701 and ISO/IEC 29134
  • Develop the competence to execute the DPO's role and daily tasks within an organization
  • Build the ability to inform, advise, and monitor GDPR compliance, including cooperation with supervisory authorities
Read more...

Personal Data Protection Officer - Basic Level

 21 Hours

Purpose of the Training

  • To familiarize participants with the structured, comprehensive framework governing personal data protection under Polish and European law.
  • To provide practical insights into the updated regulations for processing personal data.
  • To highlight key areas of legal risk associated with the implementation of the GDPR.
  • To practically prepare participants to independently carry out the duties of a Personal Data Protection Officer.
Read more...

Related Categories

GDPR
GDPR