Traditional GDPR trainings focus heavily on legal theory, article-by-article explanations, and abstract definitions, often leaving participants unsure how to apply the regulation in real workplace situations.

This training takes a modern, practical, and AI-enabled approach by integrating:

• Real GDPR cases and supervisory authority decisions
• Hands-on drafting of compliance documents
• Practical simulations of internal audits and risk assessments
• Introduction to the EU AI Act and its interaction with GDPR obligations
• AI-supported drafting tools that speed up compliance work while maintaining human oversight

The objective is to make the course significantly more relevant for today’s organisations, which must manage both GDPR and the new EU AI Act obligations simultaneously.

GDPR Principles in Action

What you’ll learn:

• The 7 core GDPR principles (Art. 5)
• Real cases demonstrating breaches and how authorities enforced them

Hands-on:

• Analyse 3 short case summaries (e.g., H&M, Google Spain, Clearview AI)
• Match each principle to the facts
• Use AI to paraphrase legalese into plain language explanations

Personal, Special and Mixed Data

What you’ll learn:

• Art. 4 definitions of personal, special category, and mixed personal data
• How to distinguish facts from opinion in performance reviews, HR records, etc.

Hands-on:

• Review 5 anonymised data samples
• Use AI to classify each one and suggest legal bases for processing

Rights of the Data Subject

What you’ll learn:

• Overview of Art. 12–23: access, rectification, erasure, objection, portability
• When and how rights apply, with real enforcement examples

Hands-on: Use templates + AI to draft:

• Access request reply
• Erasure confirmation
• Rectification notice

Roles and Responsibilities – Controller, Processor, DPO

What you’ll learn:

• Art. 24–28 obligations
• What regulators look for in DPOs, contracts, and processor accountability

Hands-on:

• Work in pairs to assign responsibilities in a real scenario (e.g., a SaaS company using external HR tools)
• Use AI to review contract clauses and flag missing elements

Build Your GDPR Register (RoPA)

What you’ll learn:

• Art. 30 register requirements
• How to document data subjects, purposes, legal bases, transfers, and retention

Hands-on:

• Use AI-assisted templates to build a RoPA for a fictional company
• Peer review another group’s RoPA for completeness and clarity

Risk Assessment, Safeguards, and AI Governance

What you’ll learn:

• How to conduct a basic risk analysis
• Choosing proportionate safeguards (Art. 32, 35)
• When to perform a DPIA to identify risks.
• Manage high risks in compliance with EU-AI Act

Hands-on:

• Identify 3–5 risks in your RoPA
• Use AI to suggest suitable technical, legal, and organisational controls

GDPR Audit and EU-AI Act Simulation

What you’ll learn:

• Internal audit structure: scope, findings, remediation
• Common findings in supervisory authority audits

Hands-on:

• Simulate a DPO-style audit of your fictional organisation:
  • Check data flows
  • Review documentation
  • Issue a mock audit report using templates

Draft Key GDPR Documents with AI

What you’ll learn:

• AI-assisted policy generation: privacy notice, internal policy, DPIA summary
• Ensuring human oversight and GDPR-compliant outputs

Hands-on:

• Feed your RoPA or scenario into AI tools
• Draft:
  • Privacy notice
  • Data retention policy
  • DPIA summary
  • Subject Access Request (SAR) response
• Review outputs for compliance and clarity

• Decode the key concepts of the GDPR and the EU AI Act through real-life court decisions and enforcement actions from Data Protection Authorities, making complex legal principles easy to understand and apply.
• Identify and correctly handle all data types, including personal data, special category data, and mixed datasets, using practical examples drawn from everyday workplace scenarios.
• Break down every data subject right (Art. 12–23) through hands-on drafting exercises, template-based responses, and real case examples of access, rectification, erasure, and objection requests.
• Map roles, responsibilities, and liabilities across controllers, processors, joint controllers, and DPOs — including real-world examples of misclassification and third-party processing risks.
• Create a GDPR-compliant Record of Processing Activities (RoPA) collaboratively in class, based on a fictional organisational structure, covering purposes, legal bases, transfers, retention, and recipients.
• Apply a simple but effective framework for personal data risk assessment, linking risks to appropriate technical, organisational, and legal safeguards, and identifying when a DPIA is mandatory.
• Simulate a GDPR internal audit using real audit checklists, peer-review methods, and role-based assignments that mirror how organisations prepare for supervisory authority inspections.
• Understand how the EU AI Act affects organisational governance, including obligations for high-risk AI systems, transparency duties, documentation expectations, and intersections with GDPR (e.g., fairness, data minimisation, risk assessment).
• Use AI-assisted compliance writing tools responsibly to draft privacy notices, Subject Access Request (SAR) responses, DPIA summaries, internal policies, and governance documents while maintaining human oversight and legal accuracy.
• Access a full library of ready-to-use templates, including AI prompt collections, RoPA samples, DPIA frameworks, policy templates, and compliance checklists — enabling immediate implementation after the training.

Methodology based on Active Learning: 50% minimum practice. Each theoretical point is systematically followed by examples and exercises.

• Participants will complete small, practical assignments after each module.
• Progress will be continuously monitored through quick tasks and feedback.
• There will be no heavy exams - just simple hands-on practice to build confidence.

Certificate of completion