hr en

General Data Protection Regulation (Certified Data Protection Officer)




This five-day intensive course enables participants to develop the necessary expertise to demonstrate their knowledge, skills and competence, for implementing, managing and aligning a privacy framework based on General Data Protection Regulation requirements. Participants will be able to understand the gap between the General Data Protection Regulation and the current organizational processes including, privacy policies, procedures, working instructions, consent forms, data protection impact assessments, etc. in order to associate organizations in the adoption process to the new regulation which will help them be accountable in front of a possible inspection.

Who should attend?

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of the new procedures and adoption of the new requisites presented in the GDPR which will come into force by the 25th May 2018 
  • Auditors who wish to fully understand the GDPR implementation process 
  • DPO and Senior Managers responsible for the personal data protection of an enterprise and the management of its risks 
  • Members of an information security team 
  • Members of a lawyer firm 
  • Expert advisors in personal data protection and information security 
  • Technical experts and compliance experts wanting to prepare for a Data Protection Officer job

Learning objectives

  • To understand the history of personal data protection in Europe 
  • To gain a comprehensive understanding of the concepts, approaches, methods and techniques required for the effective alignment with the General Data Protection Regulation 
  • To understand the new requirements that the General Data Protection Regulation brings for EU organizations and non-EU organizations and when it is necessary to implement them 
  • To acquire the necessary expertise to support an organization in assessing on the implementation of this new requirements 
  • To acquire the necessary expertise to manage a team implementing the GDPR 
  • To develop the knowledge and skills required to advise organizations on best practices in the management of personal data 
  • To improve the capacity for analysis and decision making in the context of personal data protection

Course Agenda

Day 1:  

Privacy Foundations 

  • Introduction to personal data protection 
  • Presentation of the General Data Protection Regulation 
  • Fundamental concepts included in the GDPR 
  • Explaining definitions under the General Data Protection Regulation 
  • Exercise 

European Framework 

  • Presentation of the history of personal data protection in the EU 
  • European Institutions related with personal data protection (EDPS, EDPB, WP29, DPAs) 
  • Fundamental Principals presented in the GDPR and its implications 
  • Explaining the rights of the data subjects and how to give attendance to them 
  • Detailing the responsibilities, necessities, obligations and need of a Data Protection Officer 
  • Explaining the obligations and responsibilities of the controller and processor 
  • Personal data protection documents and accountability (Code of conduct, privacy policies, consent form, etc.) 
  • Analyzing the possible sanctions that organizations could face under the GDPR 
  • Practical case on a consent form

Day 2: 

International Framework 

  • Introduction of the internet governance 
  • Look into the UN resolutions involving personal data protection 
  • Safe international transfer of personal data to non EU states 
  • Green lists: Countries with an adequate level of personal data protection 
  • Binding Corporate Rules 
  • International agreements: PNR’s (Australia, Canada, US), Privacy Shield 
  • Explicit consent for international transfer; when do you need it?
  • Personal data protection in USA, Canada, South America 
  • Exercise 

Data protection and information technologies 
  • Fundamentals in information security risk management 
  • Analyzing fundamental principles of confidentiality and Integrity (and Availability) 
  • Implication of the GDPR for access policies 
  • GDPR security measures (pseudonymization and cryptography)
  • Exercise

Day 3: 

Privacy and Security 

  • Understanding the implication of technology in personal data protection 
  • Big data: systematic and automated profiling 
  • Big data and the GDPR 
  • Internet of things: Devices that gather (non-stop) personal data and the alignment with the GDPR 
  • Presentation of the new era with quantum computing 
  • Exercise 

Management and Incident Response 
  • Understanding what is a personal data breach 
  • Explaining how to react under a personal data breach 
  • Introducing different types of incidents 
  • Necessity of a continuity plan and policies for accountability 
  • Exercise

Day 4: 

Data Protection Impact Assessment 

Understanding what is Data Protection Impact Assessment according to the GDPR Answering on why, when and how should a DPO assess in the process of carrying out a DPIA Explaining in detail the steps to follow in a DPIA Introducing and explaining the Personal Data Life Cycle Exercise on the relation of the Personal Data Life Cycle and the Fundamental Principles under the GDPR Practical case scenario on conducting a DPIA.

Day 5: 

Certification Exam


Educational approach

This training is based on both theory and practice: 

  • Sessions of lectures illustrated with examples based on real cases 
  • Practical exercises based on a full case study 
  • Review exercises to assist the exam preparation 
  • Practice test similar to the certification exam 
  • Examination and Certification

Examination and Certification

  • Certification fees are included in the exam price 
  • Duration: 3 hours 
  • Consists 150 multiple choice questions 

Price: 7.950,00 kn + VAT

ZIH d.o.o., tel:  01/4855-271, 4855-273, fax: 01/4855-272, e-mail: