DPO Certification

EU GDPR Institute Methodology
  • Holistic approach: Legal + IT + change management
  • Based on real business scenarios, discussion cases and practical experiences
  • provide tools, templates and other giveaways
  • Quality learning and networking time
Day 1
GDPR Roadmap
  • Introduction to privacy and data protection
  • The "GDPR Institute Roadmap": practicalities, steps and tips for setting and implementing the GDPR project governance
  • GDPR legal basics: cases and examples, principles, penalties, responsibilities of data processor and controller, privacy by design and default
  • Privacy program: risk-based approach, design and build, privacy in HR, marketing, IT, legal and procurement departments
  • Transfers of personal data: to third countries, third parties and the cloud, binding corporate rules, standard contractual clauses; bid data and analytics, options and solutions
  • Standard privacy controls: good practices, avoiding sources of risks, protecting information assets, encrypting and anonymising, reducing soft and hardware vulnerabilities, evaluating privacy solutions and tools
  • Privacy control accountability framework
Day 2
GDPR in Practice
  • Data protection impact assessment, the DPIA "GDPR Institute Roadmap", need, timing, process, internal/external consultation, flows, standard risks, approvals and communication
  • Codes of conduct and certification mechanisms
  • Data privacy audits and monitoring: e-discovery, data audits, activity tracking
  • Privacy awareness training: examples of initiatives
  • Data subjects’ rights in practice: dealing with requests and complaints
  • Incidence response: contingency plan for a data breach: responding to investigations
  • Scenario based-case for a data breach
Day 3
The Data Protection Officer
  • Role, functions, skillsets, requirements, tasks, position, resources
  • Designation of the Data Protection Officer: mandated and voluntary DPO's, independence, conflicts of interests, liability, etc.
  • Relationship with the board, IT, HR and other departments: communication

Demonstrate compliance with the GDPR (article by article)
  • Detailed list of standard documents and examples to prove GDRP compliance, including for certifications

Third day of the course, an On-line certification is conducted (optional)
  • Exam 50 questions (multiple choice)


The EUGDPR Institute DPO Professional Certification Training & Examination

The certification is offered in cooperation with our partners for consultants, managers and administrators in the field of GDPR, Data Privacy and Protection. Individuals wishing to obtain The EUGDPR Institute professional certificate must The certification is offered in cooperation with our partners for consultants, managers and administrators in the field of GDPR, Data Privacy and Protection. Individuals wishing to obtain The EUGDPR Institute professional certificate must
  • Study the course materials provided when registration is accepted.
  • Complete 3.5 days of class room training and ½ day for certification
  • Register for the optional certification workshop ‘DPO Certification’.

The GDPR DPO Foundation seminar will give participants the opportunity to get complete guidance, ask questions and group discuss on certain key GDPR issues. The examination consists of a multiple-choice test covering a broad range of relevant GDPR knowledge and topics that are dealt with, in this advanced GDPR DPO training course.
To pass the exam participants must have basic GDPR knowledge and a good understanding of data privacy and protection mandates and issues. We will provide you with the necessary course materials. Candidates must be prepared to read the curriculum for exam in advance. The validity of the certification is two years.

Topics covered in the training and examination

Current EU legal framework including the GDPR Directive and national legislation in practice; Data protection principles and central concepts; Actors and roles; Data subject rights; Transfers of personal data, contractual clauses, Access to documents and data protection; Binding Corporate Rules, etc.; Case law on personal data protection; Data protection supervisory authorities; Big data, cloud computing, analytics, the internet of things; Data security; Cyber security; Privacy by design; Privacy impact assessment; Data protection audit.

Taking data protection regime into the 21st century and the role and responsibility of the DPO
The new GDPR framework and need for data protection officer can be useful instruments to implement the fundamental changes many organisations need to streamline their IT and data processes and get full control over their IT platforms and databases. The role of the DPO is vital to facilitate;
  • Adherence by all parties concerned to an approved code of conduct to achieve GDPR compliance
  • Demonstrate compliance with the obligations of all stakeholders incl. the Controller and allow data subjects to evaluate the level of data protection of products and services
  • Implement controls for the exchange of information by electronic means between stakeholders (controllers, processors and supervisory authorities) for binding corporate rules; mutual assistance
  • Enhance transparency and compliance with GDPR regulation to ensure adequate standards of protection to and by a third party, country or territory or a specified sector within standard GDPR protection clauses; formats and procedures

The DPO training and certification seminar will take a deep dive into the following GDPR issues;

Data controller/data processor relationship will address the ramifications of the controller/processor relationship and how GDPR will change things and the challenges to make the distinction between a data controller and a data processor;
  • Supervising data protection compliance: What is the role of data protection authorities
  • Cross-border data transfers – options & solutions. Ensure adequacy in international data transfers.
  • A case study and workshop on Privacy by design and privacy by default to explain the concept of privacy by design and the data privacy impact assessment.
  • How to proactively embed privacy into the design of information technologies, communication networks, and the related governance/operational performance.
  • Security issues/interoperability: What are the implications to provide data portability
  • Cybercrime is aggressive and hostile to GDPR and is increasing exponentially and threatening European citizens, businesses, and public administration bodies.
  • Big data, cloud computing, analytics, the internet of things: privacy, regulatory & governance issues will be analysed to strike the right balance between sometimes opposing interests.