This training is taught in English
Meeting the accountability obligation of the GDPR is still a challenge for many organizations. How can you convince your management, shareholders, customers or possibly the regulator that all administrative obligations of the GDPR are correctly implemented in your organization? How can you, as a dpo, comply with the supervisory task as included in Article 39.2 of the GDPR, such as the allocation of responsibilities, awareness raising and training of personnel involved in the processing and the relevant audits? To measure is to know: audit is therefore an excellent answer to this question.
Whoever says audit, also says standards. We will study the ISO/IEC 27701 standard in more detail. This standard is a supplement to an already existing Information Security Management System (ISO/IEC 27001) and is discussed in more detail in this course. The standards that have been approved or may be approved by the EDPB are also discussed, such as BC5701, EuroPrivacy, Carpa, Europrise, … they will all be reviewed during this training.
The course will go deeper on how to start an internal audit as requested by management or in preparation of an external (certification) audit, focusing on the communication with the auditee, the preparation of the internal audit, facts and assumptions, social styles, the register of findings and the do’s and don’ts about writing the final report.
Using the ISO 19011 standard this course will help you how to execute an audit: how to initiate the audit, how to prepare documentation reviews and interviews, how to actually perform the audit and create the final report.
This training also focuses on the topic of certification, as included in the GDPR (articles 42 and 43 of the regulation). We discuss the scope of this certification, in particular products and services, based on the EuroPrivacy standard.
Why take this course?
- This module is an ideal introduction to the world of audits
- You want to apply the GDPR in your company
- You want to check whether the GDPR has been applied correctly
- You want to learn which audit tools you can use to test whether your company is compliant.
Are you a DPO, an internal or external auditor or do you want to further improve your advice for customers? Do you need guidance for a GDPR audit? Do you want to assess processors on GDPR or do you want to carry out external audits? Then this training is for you. GDPR knowledge is required for this training.
After following this course:
- you know the link between GDPR and audit;
- you can explain and apply ISO 19011 guidelines for auditing management systems and you have knowledge of standards such as ISO/IEC 17065 and ISO/IEC 17021;
- you understand the added value of new market standards such as ISO/IEC 27701 and how these can be practically implemented;
- you have the necessary knowledge about the (approved) GDPR standards such as EuroPrivacy, BC5701, Carpa, Europrise,…
- you know what a GDPR management system is, how you can assess it, and how you can audit processes, products and services – always with practical examples;
- you have deepened your GDPR knowledge from an audit and certification perspective;
- you know the different social styles and how to apply them in an audit;
- you can initiate, prepare, perform, complete and follow up an audit;
- you know how to draw up a correct audit report;
- you can assess your systems, processes and product.
Educational approach of this course
This module is taught in English and takes place in a training room in a hotel.
The training is provided by teachers who are top experts in their field. The teachers present the subject matter by means of a presentation.
There is interaction with the group during the explanation. Typically, the group for this course is about 20 students (minimum 8, maximum 24 students).
Each student receives a printed version of the training material with space for taking notes. In addition, the information is made available in a digital learning environment. For all knowledge items, the teacher refers to practical examples.
After successfully completing the training, the student receives a certificate from the Data Protection Institute that demonstrates that he or she has the necessary knowledge and skills to perform a GDPR audit correctly.
How to prepare yourself
Foreknowledge: DPO certification or an introductory course GDPR.
You do not have to prepare anything prior to this training, except for a refresher on the main principles of the GDPR.
Click here for more information about our teachers.
1Day 1 09h00 - 17h00
2Day 2 09h00 - 17h00
3Day 3 09h00 - 17h00
4Day 4 09h00 - 17h00
5Day 5 09h00 - 17h00
DAY 1 – How to set up and maintain a management system (1 of 2)
– Introduction to what an audit is and what types of audits exist
– GDPR implementation
– PIMS analysis and establishment of the findings register
– Management systems for the GDPR
DAY 2 – How to set up and maintain a management system (2 of 2)
– Lines of Defense
– Management system: PDCA cycle, HLS, ISO27001, ISO27002
DAY 3 – How to execute an audit (1 of 2)
– ISO19011: audit of a Management System: initialization, communication to the auditee
– ISO19011: audit of a Management System: preparing for the audit, preparation of interviews
– ISO19011: audit of a Management System: performing the audit
– ISO19011: audit of a Management System: the report
DAY 4 – How to execute an audit (2 of 2)
– Interviews (role plays)
– Facts and suppositions
– Social styles
– Supplier audit
– Register of findings (Major/Minor/Pos/OFI)
– The report: do’s and don’ts
DAY 5 – Certification, seals and marks for demonstrating GPDR compliance
– Certification and accreditation
– ISO17021 vs ISO17065
We are recognized by:
Registration number KMO portefeuille: DV.O213013
Our courses are accredited for the KMO-portefeuille. This means that, depending on whether you are a small or medium-sized enterprise, you can receive a 30% or 20% subsidy from the Flemish Government on the cost of registration.
Acknowledgement by Chèque-Formation
The training voucher allows you to benefit from financial aid to train your workers in one of the approved training centres. Worth 30 euros, it corresponds to 1 hour of training per worker.
Erkenning door Vlaanderen (Vlaams Opleidingsverlof)
Legal points by Orde van Vlaamse Balies
If you submit an individual training file at the Orde van Vlaamse Balies, this can give you 30 legal points within the framework of general training. This programme is also recognised for CPE credits: successful participation in the programme (passing the exam) equals 15.6 CPE credits.
Accreditation by the Institute of Accountants and Tax Consultants
Our training is recognised by the iec-iab. The training programme qualifies for the continuing education obligation.
Accreditation by the Institute of Company Auditors
Our training is recognised by the IBR-IRE. The training programme qualifies for the continuing education obligation.
Accreditation by the Institute of Company Lawyers
Our training is recognised by the IJE-IBJ. The training programme qualifies for the continuing education obligation.
Accreditation by the Brussels Regional Public Service (Brussels Paid Educational Leave)
Our training is recognised by the Brussels Economy and Employment of the Brussels Regional Public Service. The training programme qualifies for the Brussels Paid Educational Leave.