• Structure of the GDPR
• GDPR subject-matter and objectives
• GDPR into EU, EEA, and EFTA countries
• European Data Protection Board
• Impact on the EU and beyond
• Supervisory authority
• Administrative fines
• GDPR in the United Kingdom
• UK GDPR and data protection act (DPA)

• Personal data protection
• Key concepts
• Personal data categories
• Data protection principles
• The rights of the data subject
• Analysis of the GDPR challenges

• Qualification of the DPO
• Tasks of the DPO
• Position of the DPO

• Controllers and processors under the GDPR
• Cooperation with the supervisory authority
• Gap analysis
• The GDPR scope

• The DPO and the top management
• Promoting data protection to top management level
• Allocating resources
• Employment contract of the DPO
• Independence of the DPO in performing the tasks
• Reporting to the top management

• The structure of a policy
• The application of the data protection policy
• Data protection policy control, evaluation, and review
• Communicating the data protection policy
• Review of other policies related to data protection

• Identification of processing activities
• Steps to create records
• Key elements of records of processing activities
• DPO’s role in keeping records of processing activities
• Monitoring the data processing records

• Risk identification
• Risk analysis
• Risk evaluation
• Risk treatment
• Risk acceptance

• Data protection impact assessment
• Need for a data protection impact assessment
• When is a data protection impact assessment not necessary?
• Role of the DPO in a data protection impact assessment
• Data protection impact assessment methodologies

• Work documents
• Types of documents
• Value of documentation
• Common problems in documentation management

• The ISO/IEC 27701 standard
• Mapping of the GDPR to ISO/IEC 27701
• Data protection controls

• Data protection by design and by default
• Anonymization
• Pseudonymization
• Access control
• Logging and monitoring
• Technical security measures
• Mobile and portable devices
• Software life cycle security
• Data erasure and storage

• Awareness program
• Training program
• Evaluation of the outcomes of the awareness and training sessions
• Communication
• DPO as a point of contact

• Events vs. incidents
• Frequent threats and incidents
• Incident management
• Personal data breach
• Personal data breach response plan
• Personal data breach notification
• Examples of personal data breaches

• Determine measurement objectives
• Define what needs to be monitored and measured
• Monitor compliance
• Determine the frequency and method of monitoring and measurement
• Report the results

• What is an audit?
• Types of audits
• Differences between internal and external audits
• Data protection audit
• Collecting and verifying information
• Knowledge and competence to audit
• Following up on nonconformities
• Data protection external audit

• The eight disciplines problem-solving method
• Root cause analysis
• Corrective action process
• Preventive action process
• Evaluation of the action plan

• Continual monitoring of change factors
• Maintenance and improvement
• Continual update of documentation
• Documentation of improvements

• PECB GDPR certification scheme
• PECB certification process
• Other PECB services
• Other PECB training courses and certifications

A: The GDPR – Certified Data Protection Officer course is designed for individuals who are interested in becoming Data Protection Officers (DPOs) or professionals already working in data protection roles. It is suitable for individuals responsible for ensuring GDPR compliance within organizations, such as privacy officers, legal professionals, IT managers, compliance officers, and consultants.

A: Becoming a certified GDPR Data Protection Officer provides several advantages. It demonstrates your expertise and competence in data protection and GDPR compliance, enhancing your professional credibility. Certified DPOs are highly valued by organizations seeking to ensure compliance with the GDPR and protect personal data. Additionally, the certification enables you to effectively manage data protection activities, mitigate risks, and safeguard individuals’ rights, making you an invaluable asset to any organization.

A: There are no strict prerequisites for the GDPR – Certified Data Protection Officer course. However, having a basic understanding of data protection concepts and familiarity with the GDPR is beneficial. Individuals with prior experience or knowledge in privacy, legal, IT, or compliance fields may find it advantageous during the course.

A: While the GDPR is an EU regulation, the knowledge and skills gained through the GDPR – Certified Data Protection Officer course are applicable and valuable beyond EU borders. Organizations worldwide recognize the importance of data protection and privacy, making the expertise gained from GDPR certification globally relevant and sought after.

A: The GDPR – Certified Data Protection Officer course primarily focuses on the GDPR, which is applicable across the European Union. However, the course may touch upon the relationship between the GDPR and national data protection laws, providing insights into their interplay and considerations for compliance.

A: This training can be customized to address specific organizational needs. We can discuss customization options based on your requirements.