Data Protection Auditor Certification Training

This training is taught in English

Meeting the accountability obligation of the GDPR is still a challenge for many organizations. How can you convince your management, shareholders, customers or possibly the regulator that all administrative obligations of the GDPR are correctly implemented in your organization? How can you, as a dpo, comply with the supervisory task as included in Article 39.2 of the GDPR, such as the allocation of responsibilities, awareness raising and training of personnel involved in the processing and the relevant audits? To measure is to know: audit is therefore an excellent answer to this question.

Whoever says audit, also says standards. We will study the ISO/IEC 27701 standard in more detail. This standard is a supplement to an already existing Information Security Management System (ISO/IEC 27001) and is discussed in more detail in this course. The standards that have been approved or may be approved by the EDPB are also discussed, such as BC5701, EuroPrivacy, Carpa, Europrise, … they will all be reviewed during this training.

The course will go deeper on how to start an internal audit as requested by management or in preparation of an external (certification) audit, focusing on the communication with the auditee, the preparation of the internal audit, facts and assumptions, social styles, the register of findings and the do’s and don’ts about writing the final report.

Using the ISO 19011 standard this course will help you how to execute an audit: how to initiate the audit, how to prepare documentation reviews and interviews, how to actually perform the audit and create the final report.

This training also focuses on the topic of certification, as included in the GDPR (articles 42 and 43 of the regulation). We discuss the scope of this certification, in particular products and services, based on the EuroPrivacy standard.

Why take this course?

• This module is an ideal introduction to the world of audits
• You want to apply the GDPR in your company
• You want to check whether the GDPR has been applied correctly
• You want to learn which audit tools you can use to test whether your company is compliant.

Target group

Are you a DPO, an internal or external auditor or do you want to further improve your advice for customers? Do you need guidance for a GDPR audit? Do you want to assess processors on GDPR or do you want to carry out external audits? Then this training is for you. GDPR knowledge is required for this training.

Learning goals

After following this course:

• you know the link between GDPR and audit;
• you can explain and apply ISO 19011 guidelines for auditing management systems and you have knowledge of standards such as ISO/IEC 17065 and ISO/IEC 17021;
• you understand the added value of new market standards such as ISO/IEC 27701 and how these can be practically implemented;
• you have the necessary knowledge about the (approved) GDPR standards such as EuroPrivacy, BC5701, Carpa, Europrise,…
• you know what a GDPR management system is, how you can assess it, and how you can audit processes, products and services – always with practical examples;
• you have deepened your GDPR knowledge from an audit and certification perspective;
• you know the different social styles and how to apply them in an audit;
• you can initiate, prepare, perform, complete and follow up an audit;
• you know how to draw up a correct audit report;
• you can assess your systems, processes and product.

Educational approach of this course

This module is taught in English and takes place in a training room in a hotel.

The training is provided by teachers who are top experts in their field. The teachers present the subject matter by means of a presentation.

There is interaction with the group during the explanation. Typically, the group for this course is about 20 students (minimum 8, maximum 24 students).

Each student receives a printed version of the training material with space for taking notes. In addition, the information is made available in a digital learning environment. For all knowledge items, the teacher refers to practical examples.

End product

After successfully completing the training, the student receives a certificate from the Data Protection Institute that demonstrates that he or she has the necessary knowledge and skills to perform a GDPR audit correctly.

How to prepare yourself

Foreknowledge: DPO certification or an introductory course GDPR.

You do not have to prepare anything prior to this training, except for a refresher on the main principles of the GDPR.

Click here for more information about our teachers.