Data Protection Practitioner training and exam
Data Protection Practitioner prepares you for SECO-Institute’s certification as a Data Protection Officer. You will learn how to build a data protection program and practice DPO tasks with hands-on assignments in policymaking, data protection impact assessments, incorporating data protection requirements and awareness planning. The course evaluates practical considerations in design and implementation, technology and tools supporting data protection, privacy enhancing technologies, and security by design. You’ll evaluate what data is required to support good governance and decision-making and how to translate the concept of management systems to a Data Protection Management System (DPMS). Lastly you will prepare yourself for an (external) compliance audit and define and implement a basic 3rd-party assurance process.
Are included in the training:
- 5 days of training
- Official course materials from SECO-Institute
- Access to SECO-Institute’s student portal with exam syllabus, practice exam and useful references
- Exam voucher
- Practice exam
By the end of the program you will be able to:
- Practice DPO tasks with hands-on assignments, from policymaking to data protection impact assessment to awareness planning;
- Translate corporate goals into a vision on handling personal data. Develop a strategic data protection policy;
- Incorporate data protection requirements including those based on privacy by design principles into new and already existing procedures; Describe generic data protection requirements for projects;
- Create data inventories and data flow maps, draft a GDPR-compliant privacy notice;
- Perform a Data Protection Impact Assessment (DPIA) and define data protection requirements based on the outcomes;
- Dive into human behavior, conflicts of interests and how to resolve them. Close the gap between what’s written on paper and what’s actually happening in your organization. Position data protection and privacy as a business enabler instead of just a regulatory burden;
- Design an implementable data protection and privacy awareness program;
- Integrate data protection-related decisions, policies, procedures, requirements and roles into a Data Protection Management System (DPMS);
- Prepare for GDPR-compliance audits, design data protection reports.
Day 1: strategic considerationsData protection management framework
Provisions and common principles that govern the design of privacy and data protection frameworks
Main characteristics of a vision on data protection and a (strategic) data protection policy
Day 2: data protection impact assessment
Risk management and data protection risk assessment
Threat actors, typical vulnerabilities and risk controls
Risk-based approach and the importance of risk assessment
Data Protection Impact Assessment (DPIA) in the context of the GDPR
DPIA models and DPIA in practice
Business, organisational and technical requirements relating to the protection of personal data provisions and common principles that govern the design of personal data
Day 3: operationsData subject rights management
Contract management: managing processing agreements (contents of a processing agreement, controllers and processors)
Data breach procedure
Administration and documentation – Register of processing activities
Day 4: design and implementationPrivacy awareness (privacy risks and human behavior, awareness-raising activities)
Privacy/security by design/default
Anonymisation and pseudonymisation
Data protection requirements for projects
Day 5: governanceData protection reports
Selecting the right information
Data protection management system
Roles and responsibilities
Tasks of the DPO
Establishing a data protection programme
Third party assurance
A qui s'adresse la formation?
The Data Protection Practitioner program prepares you for a certification as a data protection officer. The training is designed for professionals that want to successfully lead and implement data protection and privacy compliance into their organisations, officials that have privacy and data protection as an important part of their responsibilities and experts active in closely related domains looking to specialise in data protection.
Students are expected to have fundamental understanding of risk, data protection and privacy. If you are looking for an entry level training in privacy and data protection, have a look at our Data Protection Foundation Course.
Typical participants include but are not limited to: privacy officers, data protection officers, data protection specialists, compliance officers, legal counsels, CISO’s, CDO’s, CIO’s, CRO’s, data managers, information security governance, risk and compliance experts and managers.
Koen Maris is partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. Koen is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. Koen has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, program management, business development.
Simon Petitjean is a cybersecurity senior manager specialised in ethical hacking. He worked on multiple cybersecurity projects in various industries and environments (banking sector, governmental agencies, European institutions, industrial companies). As a technical specialist, he fully takes part in the activities undertaken by the Ethical Hacking team, including penetration tests, vulnerability assessments, and on-demand hacking scenarios.
Simon also works as a Subject Matter Expert on incident response assignments and digital forensics investigations. He is a sworn judicial expert in the field of cybersecurity, cybercrime and digital investigation, appointed by the Luxembourg Ministry of Justice.
Matthieu Devallée is manager at PwC Luxembourg. He has joined the Cybersecurity team at PwC Luxembourg in 2017 with the objective to assist clients dealing with information security matters. He leverages his more than 13 years of technical and operational expertise to act as a subject matter expert on consultancy assignments. Since the creation of the PwC CSIRT Luxembourg, Matthieu has had the opportunity to support clients in major incident response from ransomware on a compromise infrastructure till insider investigation. His broad scale of skills allow him to manage operational teams, drive technical investigation and ease crisis communication.