Overview

Duration 5 days
Time from 09h00 - 12h00 & 13h00 - 17h00
This training is taught in English

Meeting the GDPR’s obligation to demonstrate compliance is still a challenge for many organisations. How can you convince your management, shareholders, customers or possibly the supervisory authority that all of GDPR’s administrative obligations have been correctly implemented in your organisation? To measure is to know: an audit is therefore the answer to this question.

During this course we will take a very practical look at the practices of a GDPR auditor. Based on a worked out example of a company that claims to meet GDPR requirements, you will conduct an audit together with the instructors and formulate your findings and recommendations.

Whoever says audit, also says standards. We will study the new ISO/IEC 27701 standard in more detail. This standard is a supplement to an already existing Information Security Management System (ISO/IEC 27001) and is discussed in more detail in this course.

However, ISO/IEC 27701 is not the only standard that aims at a management system. BSI, the British Standards Institution, has also issued an interesting standard, i.e. BS 10012. Unlike ISO 27701, this does not depend on other standards, but can be implemented independently.

Because conformity with ISO 27701 and BS 10012 offers no guarantees with a view to an inspection, we broaden the horizon in this training course. We explore how a supervisory authority, such as the Data Protection Authority, conducts GDPR inspections and how you can prepare for them. To achieve this, we confront the findings of an audit with those of an inspection.

And finally, this training also focuses on the topic of certification, as included in the GDPR (articles 42 and 43 of the regulations). We discuss the scope of this certification, in particular products and services, and the standards used. We will put this topic into practice by working with our specialists to conduct an audit on a product (based on EuroPriSe criteria), that could lead to a GDPR ‘proof’ certificate.

Why take this course?

  • You want to apply the GDPR in your company.
  • You want to check whether the GDPR was correctly applied.
  • You want to learn which audit tools you can use to test whether your company is compliant.

Target group

Are you a DPO, an internal or external auditor or do you want to improve your advice to customers? Do you need a handhold for a GDPR audit? Do you want to assess processors in terms of GDPR or do you want to conduct external audits? Then this training is perfect for you. Prior knowledge of GDPR is required for this training. This training concludes with an exam consisting of a practical part (interpreting audit findings and writing an audit report) and a theoretical part.

Learning goals

After following this course:

  • You know the link between GDPR and audit.
  • You know the existing ISO/IEC 17065 GDPR certification standard.
  • You understand the added value of new market standards such as ISO/IEC 27701 and BS 10012 and how they can be practically implemented.
  • You know what a GDPR management system is, how you can evaluate it, and how to audit processes, products and services – with practical examples.
  • You have honed your GDPR knowledge from the perspective of audit and certification.
  • You can explain and apply ISO 19011 guidelines for auditing management systems and you have knowledge of standards such as ISO/IEC 17065 and ISO/IEC 17067 for product certification.
  • You know the different social styles and how to apply them in an audit.
  • You can initiate, prepare, conduct, finalise and follow up an audit.
  • You know how to correctly draw up an audit.
  • You can evaluate systems, processes and products.

Educational approach of this course

This course is given in English and takes place in a classroom in a hotel.

It is given by instructors who are leading experts in their field and who present the subject matter interactively.

Groups taking this course typically comprise around 20 students (minimum 8, maximum 24 course participants).

Each course participant receives a printed version of the course materials with some space to make notes if needed. The information is also made available in a digital learning environment and instructors provide practical examples.

End product

This course includes an exam. End product: certificate “GDPR Auditor”.

How to prepare yourself

Prior knowledge: DPO certification or a GDPR introduction course.

Prior to this course you don’t need to prepare anything, apart from going over the most important principles of the GDPR.

Questions can be submitted beforehand. If possible, and in keeping with the scope of the course, they will be answered during the lessons.

Click here for more information about our teachers.

Day 1

09h00 - 17h00
  • Introduction: what is an audit?
  • GDPR implementation
  • PIMS analysis and establishment of the findings register
  • Management systems for the GDPR (ISO 29100, ISO 27701, BS10012)

Day 2

09h00 - 17h00
  • Management system ISO 27001 / ISO 27002
  • Audit of a Management System: Initialisation
  • Audit of a Management System: Preparing for the Audit
  • Audit of a Management System: Performing the Audit

Day 3

09h00 - 17h00
  • Audit of a management system: the report
  • EXAMINATION PART 1: layout of a report

Day 4

09h00 - 17h00
  • Supplier audit
  • Certification and accreditation
  • Individual feedback of the first part of the examination
  • Audit of products and services

Day 5

09h00 - 17h00
  • Governance, Risk Management and Controls
  • EXAMINATION PART 2-3-4 (multiple-choice)

Price of the course

€2.725

Exclusive of VAT

Certificate

"GDPR Auditor"

Lunch, coffee, refreshments, course material and exam fee included.

At location Inhouse
Schedule

Planning 2022

Name

Date

Location

Register

Data Protection Auditor Certification Training

17 january until 21 january 2022

Data Protection Auditor Certification Training

3 october until 7 october 2022

We are recognized by:

  • Registration number KMO portefeuille: DV.O213013

    Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.

  • Acknowledgement by Chèque-Formation

    The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.

  • Legal points by Orde van Vlaamse Balies

    If you submit an individual training file at the Orde van Vlaamse Balies, this can give you 30 legal points within the framework of general training. This programme is also recognised for CPE credits: successful participation in the programme (passing the exam) equals 15.6 CPE credits.

  • Accreditation by BIBF

    Our training is recognised by the Professional Institute of Accountants and Tax Consultants. The training programme qualifies for the continuing education obligation.

  • Accreditation by the Institute of Accountants and Tax Consultants

    Our training is recognised by the iec-iab. The training programme qualifies for the continuing education obligation.

  • Accreditation by the Institute of Company Auditors

    Our training is recognised by the IBR-IRE. The training programme qualifies for the continuing education obligation.

  • Accreditation by the Institute of Company Lawyers

    Our training is recognised by the IJE-IBJ. The training programme qualifies for the continuing education obligation.

  • Accreditation by the Brussels Regional Public Service (Brussels Paid Educational Leave)

    Our training is recognised by the Brussels Economy and Employment of the Brussels Regional Public Service. The training programme qualifies for the Brussels Paid Educational Leave.