Data Protection Practitioner training and exam

Inter-company training

Who is the training for?

Typical participants include but are not limited to: Privacy Officers, Data Protection Officers, Data Protection Specialists, Compliance Officers, Legal Counsels, CISO’s, CDO’s, CIO’s, CRO’s, Data Managers, Information Security Governance, Risk, & Compliance Experts and Managers.

Level reached



5,00 day(s)

Language(s) of service



Minimum Requirements:
Students are expected to have fundamental understanding of Risk, data protection and privacy. If you are looking for an entry level training in privacy and data protection, have a look at our Data Protection Foundation Course.


Data Protection Practitioner prepares you for SECO-Institute’s certification as a Data Protection Officer. You will learn how to build a data protection programme and practice DPO tasks with hands-on assignments in policymaking, data protection impact assessments, incorporating data protection requirements and awareness planning. The course evaluates practical considerations in design and implementation, technology and tools supporting data protection, privacy enhancing technologies, and security by design. You’ll evaluate what data is required to support good governance and decision-making and how to translate the concept of management systems to a Data Protection Management System (DPMS). Lastly you will prepare yourself for an (external) compliance audit and define and implement a basic 3rd-party assurance process.

Are included in the training:

  • 5 days of training
  • Official course materials from SECO-Institute
  • Access to SECO-Institute’s student portal with exam syllabus, practice exam and useful references
  • Exam voucher
  • Practice exam


By the end of the program you will be able to:

  • Practice DPO tasks with hands-on assignments, from policymaking to data protection impact assessment to awareness planning;
  • Translate corporate goals into a vision on handling personal data; Develop a strategic data protection policy.
  • Incorporate data protection requirements including those based on privacy by design principles into new and already existing procedures. Describe generic data protection requirements for projects;
  • Create data inventories and data flow maps, draft a GDPR-compliant privacy notice;
  • Perform a Data Protection Impact Assessment (DPIA) and define data protection requirements based on the outcomes;
  • Dive into human behaviour, conflicts of interests and how to resolve them. Close the gap between what’s written on paper and what’s actually happening in your organisation. Position data protection and privacy as a business enabler instead of just a regulatory burden;
  • Design an implementable data protection and privacy awareness programme;
  • Integrate data protection-related decisions, policies, procedures, requirements and roles into a Data Protection Management System (DPMS);
  • Prepare for GDPR-compliance audits, design data protection reports.

Points covered

Day 1: Strategic considerations
  • Data protection management framework
  • Provisions and common principles that govern the design of privacy and data protection frameworks
  • Main characteristics of a vision on data protection and a (strategic) data protection policy
  • Policy implementation
  • Privacy notice
  • Data inventory
Day 2: Data protection impact assessment
  • Risk management and data protection risk assessment
  • Threat actors, typical vulnerabilities and risk controls
  • Risk-based approach and the importance of risk assessment
  • Data Protection Impact Assessment (DPIA) in the context of the GDPR
  • DPIA models and DPIA in practice
  • Business, organisational and technical requirements relating to the protection of personal data provisions and common principles that govern the design of personal data
Day 3: Operations
  • Data subject rights management
  • Contract management: managing processing agreements (contents of a processing agreement, controllers and processors)
  • Complaints procedure
  • Data breach procedure
  • Administration and documentation – Register of processing activities
Day 4: Design and implementation
  • Privacy awareness (privacy risks and human behavior, awareness-raising activities)
  • Privacy/security by design/default
  • Privacy-enhancing technologies
  • Anonymisation and pseudonymisation
  • Data protection requirements for projects
Day 5: Governance
  • Data protection reports
  • Metrics
  • Selecting the right information
  • Strategic monitoring
  • Data protection management system
  • Roles and responsibilities
  • Tasks of the DPO
  • Establishing a data protection programme
  • Compliance
  • Privacy audits
  • Third party assurance

Additional information

Typical participants include but are not limited to: privacy officers, data protection officers, data protection specialists, compliance officers, legal counsels, CISO’s, CDO’s, CIO’s, CRO’s, data managers, information security governance, risk and compliance experts and managers.

Lead experts:

Koen Maris is partner at PwC Luxembourg, leading the Cyber Security practice with more than 20 years of experience in information/cyber security in cross industry environments. Koen is specialised in Secure Operations Centers, incident response and awareness raising at all levels of an organisation. He has experience with Distributed Ledger Technology, IoT, OT/IT security, threat intelligence and forensics. Koen has a strong technical background and operational experience in cyber security as well as strong competencies in security architecture, solution design, program management, business development.

Simon Petitjean is a cybersecurity senior manager specialised in ethical hacking. He worked on multiple cybersecurity projects in various industries and environments (banking sector, governmental agencies, European institutions, industrial companies). As a technical specialist, he fully takes part in the activities undertaken by the Ethical Hacking team, including penetration tests, vulnerability assessments, and on-demand hacking scenarios.
Simon also works as a Subject Matter Expert on incident response assignments and digital forensics investigations. He is a sworn judicial expert in the field of cybersecurity, cybercrime and digital investigation, appointed by the Luxembourg Ministry of Justice.

Matthieu Devallée is manager at PwC Luxembourg. He has joined the Cybersecurity team at PwC Luxembourg in 2017 with the objective to assist clients dealing with information security matters. He leverages his more than 13 years of technical and operational expertise to act as a subject matter expert on consultancy assignments. Since the creation of the PwC CSIRT Luxembourg, Matthieu has had the opportunity to support clients in major incident response from ransomware on a compromise infrastructure till insider investigation. His broad scale of skills allow him to manage operational teams, drive technical investigation and ease crisis communication.

These courses might interest you

Law - Private law - Intellectual property law - Data protection law - General Data Protection Regulation
Law - Private law - Intellectual property law - Data protection law - General Data Protection Regulation