Data Protection Auditor Training

This three-day training course offers Data Protection Officers and privacy professionals a practical approach to efficiently auditing and systematically monitoring their organization’s GDPR compliance, as expected of a DPO under Article 39(1)(b) of the GDPR.

The training combines international audit standards, governance principles, and concrete audit techniques with realistic case studies from the instructor/auditor’s professional practice. Participants learn not only how to prepare and conduct an audit, but also how to correctly formulate findings, identify risks, and communicate audit results in a clear and convincing manner to the governing bodies that bear ultimate responsibility.

This training begins with the question: “How can we objectively determine whether an organization is truly GDPR compliant?” It focuses on governance structures, audit methodologies, and certification and accreditation systems, while also referencing ISO standards such as ISO 27701 and actively applying audit standards such as ISO 19011. Throughout the training, participants work with real-world examples, interactive exercises, and simulations that prepare them for actual audit situations and the accurate preparation of DPO reports with clear action plans and realistic priorities.

Training features

Course highlights

• Practical GDPR audit training specifically designed for DPOs and privacy professionals
• Insight into audit objectives, governance, and compliance monitoring
• Implementing the obligation set forth in Article 39(1)(b) of the GDPR regarding the DPO’s supervisory role
• Overview of certification, accreditation, and ISO systems
• In-depth introduction to ISO 19011 and the six audit phases linked to the PDCA cycle
• Techniques for interviews, evidence gathering, and formulating findings
• Focus on facts versus assumptions in audit reporting
• Practical examples and real-life cases from experienced auditors
• Introduction to AI tools and prompting in an audit context
• Interactive group assignments and boardroom simulation
• Practice in presenting a major finding to an executive committee

Target group

Are you a DPO, an internal or external auditor or do you want to further improve your advice for customers? Do you need guidance for a GDPR audit? Do you want to assess processors on GDPR or do you want to carry out external audits? Then this training is for you. GDPR knowledge is required for this training.

Learning goals

Educational approach of this course

This module is taught in English and takes place in a training room in a hotel.

The training is provided by teachers who are top experts in their field. The teachers present the subject matter by means of a presentation.

There is interaction with the group during the explanation. Typically, the group for this course is about 20 students (minimum 8, maximum 24 students).

Each student receives a printed version of the training material with space for taking notes. In addition, the information is made available in a digital learning environment. For all knowledge items, the teacher refers to practical examples.

How to prepare yourself

DPO certification or an introductory course GDPR.

You do not have to prepare anything prior to this training, except for a refresher on the main principles of the GDPR.

Click here for more information about our teachers.