Data Protection Auditor Certification Training

This training is taught in English

Meeting the GDPR’s obligation to demonstrate compliance is still a challenge for many organisations. How can you convince your management, shareholders, customers or possibly the supervisory authority that all of GDPR’s administrative obligations have been correctly implemented in your organisation? To measure is to know: an audit is therefore the answer to this question.

During this course we will take a very practical look at the practices of a GDPR auditor. Based on a worked out example of a company that claims to meet GDPR requirements, you will conduct an audit together with the instructors and formulate your findings and recommendations.

Whoever says audit, also says standards. We will study the ISO/IEC 27701 standard in more detail. This standard is a supplement to an already existing Information Security Management System (ISO/IEC 27001) and is discussed in more detail in this course.

Because conformity with ISO 27701 offers no guarantees with a view to an inspection, we broaden the horizon in this training course. We explore how a supervisory authority, such as the Data Protection Authority, conducts GDPR inspections and how you can prepare for them. To achieve this, we confront the findings of an audit with those of an inspection.

And finally, this training also focuses on the topic of certification, as included in the GDPR (articles 42 and 43 of the regulations). We discuss the scope of this certification, in particular products and services, and the standards used. We will put this topic into practice by working with our specialists to conduct an audit on a product (based on EuroPriSe criteria), that could lead to a GDPR ‘proof’ certificate.

Why take this course?

• You want to apply the GDPR in your company.
• You want to check whether the GDPR was correctly applied.
• You want to learn which audit tools you can use to test whether your company is compliant.

Target group

Are you a DPO, an internal or external auditor or do you want to improve your advice to customers? Do you need a handhold for a GDPR audit? Do you want to assess processors in terms of GDPR or do you want to conduct external audits? Then this training is perfect for you. Prior knowledge of GDPR is required for this training. This training concludes with an exam consisting of a practical part (interpreting audit findings and writing an audit report) and a theoretical part.

Learning goals

After following this course:

• You know the link between GDPR and audit.
• You know the existing ISO/IEC 17065 GDPR certification standard.
• You understand the added value of new market standards such as ISO/IEC 27701 and how they can be practically implemented.
• You know what a GDPR management system is, how you can evaluate it, and how to audit processes, products and services – with practical examples.
• You have honed your GDPR knowledge from the perspective of audit and certification.
• You can explain and apply ISO 19011 guidelines for auditing management systems and you have knowledge of standards such as ISO/IEC 17065 and ISO/IEC 17067 for product certification.
• You know the different social styles and how to apply them in an audit.
• You can initiate, prepare, conduct, finalize and follow up an audit.
• You know how to correctly draw up an audit.
• You can evaluate systems, processes and products.

Educational approach of this course

This course is given in English and takes place in a classroom in a hotel.

It is given by instructors who are leading experts in their field and who present the subject matter interactively.

Groups taking this course typically comprise around 20 students (minimum 8, maximum 24 course participants).

Each course participant receives a printed version of the course materials with some space to make notes if needed. The information is also made available in a digital learning environment and instructors provide practical examples.

End product

This course includes an exam. End product: certificate “GDPR Auditor”.

How to prepare yourself

Prior knowledge: DPO certification or a GDPR introduction course.

Prior to this course you don’t need to prepare anything, apart from going over the most important principles of the GDPR.

Questions can be submitted beforehand. If possible, and in keeping with the scope of the course, they will be answered during the lessons.

Click here for more information about our teachers.