This training is taught in English
Meeting the GDPR’s obligation to demonstrate compliance is still a challenge for many organisations. How can you convince your management, shareholders, customers or possibly the supervisory authority that all of GDPR’s administrative obligations have been correctly implemented in your organisation? To measure is to know: an audit is therefore the answer to this question.
During this course we will take a very practical look at the practices of a GDPR auditor. Based on a worked out example of a company that claims to meet GDPR requirements, you will conduct an audit together with the instructors and formulate your findings and recommendations.
Whoever says audit, also says standards. We will study the new ISO/IEC 27701 standard in more detail. This standard is a supplement to an already existing Information Security Management System (ISO/IEC 27001) and is discussed in more detail in this course.
However, ISO/IEC 27701 is not the only standard that aims at a management system. BSI, the British Standards Institution, has also issued an interesting standard, i.e. BS 10012. Unlike ISO 27701, this does not depend on other standards, but can be implemented independently.
Because conformity with ISO 27701 and BS 10012 offers no guarantees with a view to an inspection, we broaden the horizon in this training course. We explore how a supervisory authority, such as the Data Protection Authority, conducts GDPR inspections and how you can prepare for them. To achieve this, we confront the findings of an audit with those of an inspection.
And finally, this training also focuses on the topic of certification, as included in the GDPR (articles 42 and 43 of the regulations). We discuss the scope of this certification, in particular products and services, and the standards used. We will put this topic into practice by working with our specialists to conduct an audit on a product (based on EuroPriSe criteria), that could lead to a GDPR ‘proof’ certificate.
Why take this course?
- You want to apply the GDPR in your company.
- You want to check whether the GDPR was correctly applied.
- You want to learn which audit tools you can use to test whether your company is compliant.
Are you a DPO, an internal or external auditor or do you want to improve your advice to customers? Do you need a handhold for a GDPR audit? Do you want to assess processors in terms of GDPR or do you want to conduct external audits? Then this training is perfect for you. Prior knowledge of GDPR is required for this training. This training concludes with an exam consisting of a practical part (interpreting audit findings and writing an audit report) and a theoretical part.
After following this course:
- You know the link between GDPR and audit.
- You know the existing ISO/IEC 17065 GDPR certification standard.
- You understand the added value of new market standards such as ISO/IEC 27701 and BS 10012 and how they can be practically implemented.
- You know what a GDPR management system is, how you can evaluate it, and how to audit processes, products and services – with practical examples.
- You have honed your GDPR knowledge from the perspective of audit and certification.
- You can explain and apply ISO 19011 guidelines for auditing management systems and you have knowledge of standards such as ISO/IEC 17065 and ISO/IEC 17067 for product certification.
- You know the different social styles and how to apply them in an audit.
- You can initiate, prepare, conduct, finalise and follow up an audit.
- You know how to correctly draw up an audit.
- You can evaluate systems, processes and products.
Educational approach of this course
This course is given in English and takes place in a classroom in a hotel.
It is given by instructors who are leading experts in their field and who present the subject matter interactively.
Groups taking this course typically comprise around 20 students (minimum 8, maximum 24 course participants).
Each course participant receives a printed version of the course materials with some space to make notes if needed. The information is also made available in a digital learning environment and instructors provide practical examples.
This course includes an exam. End product: certificate “GDPR Auditor”.
How to prepare yourself
Prior knowledge: DPO certification or a GDPR introduction course.
Prior to this course you don’t need to prepare anything, apart from going over the most important principles of the GDPR.
Questions can be submitted beforehand. If possible, and in keeping with the scope of the course, they will be answered during the lessons.
Click here for more information about our teachers.
1Day 1 09h00 - 17h00
2Day 2 09h00 - 17h00
3Day 3 09h00 - 17h00
4Day 4 09h00 - 17h00
5Day 5 09h00 - 17h00
- Introduction: what is an audit?
- GDPR implementation
- PIMS analysis and establishment of the findings register
- Management systems for the GDPR (ISO 29100, ISO 27701, BS10012)
- Management system ISO 27001 / ISO 27002
- Audit of a Management System: Initialisation
- Audit of a Management System: Preparing for the Audit
- Audit of a Management System: Performing the Audit
- Audit of a management system: the report
- EXAMINATION PART 1: layout of a report
- Supplier audit
- Certification and accreditation
- Individual feedback of the first part of the examination
- Audit of products and services
- Governance, Risk Management and Controls
- EXAMINATION PART 2-3-4 (multiple-choice)
We are recognized by:
Registration number KMO portefeuille: DV.O213013
Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.
Acknowledgement by Chèque-Formation
The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.
Legal points by Orde van Vlaamse Balies
If you submit an individual training file at the Orde van Vlaamse Balies, this can give you 30 legal points within the framework of general training. This programme is also recognised for CPE credits: successful participation in the programme (passing the exam) equals 15.6 CPE credits.
Accreditation by BIBF
Our training is recognised by the Professional Institute of Accountants and Tax Consultants. The training programme qualifies for the continuing education obligation.
Accreditation by the Institute of Accountants and Tax Consultants
Our training is recognised by the iec-iab. The training programme qualifies for the continuing education obligation.
Accreditation by the Institute of Company Auditors
Our training is recognised by the IBR-IRE. The training programme qualifies for the continuing education obligation.
Accreditation by the Institute of Company Lawyers
Our training is recognised by the IJE-IBJ. The training programme qualifies for the continuing education obligation.
Accreditation by the Brussels Regional Public Service (Brussels Paid Educational Leave)
Our training is recognised by the Brussels Economy and Employment of the Brussels Regional Public Service. The training programme qualifies for the Brussels Paid Educational Leave.