GDPR Auditor

The qualification that will prepare you for the role of the GDPR Auditor for the purposes of certification (proof of compliance with EU 2016/679) in connection with the processing of personal data (hereinafter referred to as the "DO").

Would you like to compare to other courses?

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target audience

From the point of view of personal data protection, a new institute is being introduced into the legal system, namely the issuing of a certificate for the protection of personal data (certificate) (Article 42 of Regulation 1)

The most transparent way for an Administrator and a Submitter to guarantee guarantees of an adequate level of privacy.

The certificate (certificate of conformity) is obtained by the organization processing the personal data, based on the positive audit report of the GDPR Auditor.

This course is intended for professionals who want to acquire knowledge and skills to perform certification audits. It is on the basis of a positive audit report that the conformity assessment body may decide to issue a GDPR certificate for products (SW and HW) or services.

  • Attorneys, lawyers, court experts
  • Specialists in personal data protection
  • Security auditors (eg ISO / IEC 27001)

In addition to the above mentioned roles, it is also intended for "third-party" experts, who want to provide highly professional audit services under international standards under the aegis of an accredited entity for the purpose of issuing a GDPR Compliance certificate / certificate.

Target audience

Why become a GDPR Auditor

The General Privacy Regulation (EU 2016/679) modernises the legal framework for the protection of personal data.

This also entails new requirements, such as the appointment of the Data Protection Officer, the Data Protection Impact Assessment, or the Certificates (Personal Data Protection Certificate) issued on the basis of the GDPR Auditors' accredited certification bodies (Articles 43 and 42).

Certifications, seals and marks will be the main measure to demonstrate compliance with the provisions of the General Regulation. The aim is to set a certain standard and the required level of personal data protection for Administrators and Processors.

Benefits
  • transparency of data subjects
  • strengthen the credibility of administrators and processors
  • proven data security in business relationships
  • an independent third party attestation is authoritative proof of compliance with the GDPR
Why become a GDPR Auditor

Aims of the course

  • Properly implement a privacy audit
  • Prepare adequately for the control of the supervisory body
  • How to prepare organizational, process and technical changes
  • Get valuable advice on reviewing contracts and internal processes
  • Enhance your position in the market, you can defend yourself with criminal accusations and unfair competition

The adoption of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as the Regulation) a new institute has been introduced, namely the issue of a certificate on the protection of personal data (certificate) (Article 42 of Regulation 1).

Pursuant to the above-mentioned Regulation (Article 42 (1)), certification is applied to processing operations carried out by the controller or processor and is to certify compliance with the Regulation. This approach is also supported by the text of the next provision (Article 42 (2)), which states that when transferring personal data to third countries, the issue of the certificate (certificate) is one of the possibilities as proven by the controller or processor (especially from outside EU) that it provides appropriate guarantees of an adequate level of protection of personal data. This implies that the issue of the certificate should primarily concern the processing of personal data (which includes one or more operations) or the personal data protection management system of the controller or processor. However, the recital (explanatory memorandum) in paragraph 100 also states that the issue of the certificate (certificate) requires data subjects to rapidly assess the level of protection of personal data for the products and services concerned. The certification (certificates) should also apply to products (sw and hw) and services.

Evaluation - the activity of the certification body (the certification body) to assess whether the compliance of the evaluated product with the requirements of the European Parliament and Council Regulation (EU) 2016/679 of the European Parliament and of the Council is ensured in the given case. The assessment shall include an assessment of whether the applicant has analyzed the risks to the rights and freedoms of individuals in relation to the processing of his or her personal data, taking into account the state of the art, the cost of execution, the nature of the scope, the context and the purposes of the product under consideration, their limitations.

Subject and scope of the audit

As part of the assessment (audit), you will learn how to ensure that the product in question meets the requirements of (EU) 2016/679 in the given case.

You will learn how to properly analyze the process of assessing whether the client (client), taking into account the state of the art, costs, nature of scope, context and purposes, has analyzed the risks associated with the processing of personal data and has put in place adequate technical measures to limit them. You will be ready for certification audits in all areas that GDPR offers.

Subject and scope of the audit

Agenda

Day 1
Hide agenda
Open agenda

09:00 - 10:30

** GDPR from the Auditor's point of view **

  • Fundamental rights and freedoms
  • Principles of legal processing
  • Overview of basic principles from the point of view
  • GDPR Audit Framework - introduction

10:30 - 10:45

Coffee break

10:45 - 12:15

** GDPR I accreditation. **

  • GDPR compliance
  • ISMS ISO / IEC 27001
  • Principles of audit, preparation

12:15 - 13:15

Lunch Lunch menu

13:15 - 14:45

** GDPR II accreditation **

  • Instructions for initiating the audit
  • Review of documentation
  • Audit activity at the client's site
  • Closing the audit, report, final report

14:45 - 15:00

Coffee Break

15:00 - 17:00

** Requirements of the certification body **

  • Audit process
  • Purpose and benefits of the audit
  • Structure and requirements
  • Audit as a tool to ensure compliance

** Auditor's role **

  • Code of ethics
  • Audit methodology
  • Auditor's critical skills
  • Communication with the client within the audit
  • Creation and administration of the audit program

Day 2
Hide agenda
Open agenda

09:00 - 10:30

** Types of audits ** Tent categorization WP29

  • SW, HW
  • Organizational measures
  • Related services for OU processing
  • Protection management at the administrator, processor

** Preparation of practice simulated audits **

  • Division into work teams
  • Allocation of team topics for audit
  • Types and focus of the scope of the simulated audit
  • Special rules for performing a simulated audit

10:30 - 10:45

Coffee Break

10:45 - 12:15

** Preparation of audit documentation **

Teamwork

  • Preparation of the Audit Plan
  • Division of audit roles
  • Work with company documentation
  • Preparation of working documentation for the audit
  • Discussion - summary of key findings and experiences

12:15 - 13:15

Lunch Lunch menu

13:15 - 14:00

** Practical audit **

  • Simulation
  • Team work

14:00 - 14:45

** Revision of GDPR Lead Auditor I. **

  • Simulated audit under the supervision of an experienced Lead Auditor
  • Fulfillment of the defined task of the simulated audit record on the video camera

14:45 - 15:00

Coffee Break

15:00 - 17:00

** Revision of GDPR Lead Auditor II. **

  • Simulated audit under the supervision of an experienced Lead Auditor
  • Fulfillment of the defined assignment; recording a simulated audit on a video camera

Day 3
Hide agenda
Open agenda

09:00 - 10:30

** Audit analysis **

  • Summary of findings from the previous day
  • Analysis of records from simulated audits of individual teams
  • Feedback from an experienced Lead Auditor Discussion of knowledge and experience

10:30 - 10:45

Coffee Break

10:45 - 12:15

** End of audit **

Preparation of final reports from simulated audits - teamwork. Presentation and defense of final reports from simulated audits

** Analysis of conclusions **

  • From output messages
  • Confrontation from audit
  • Discussion of knowledge and experience

12:15 - 13:15

Lunch Lunch menu

13:15 - 14:45

** Rules for Auditors **

  • Summary of acquired knowledge
  • Rules for issuing certificates
  • Adherence to the principles of proper auditing
  • Method of evaluation and assessment of auditors

14:45 - 15:00

Coffee Break

15:00 - 17:00

Final exam

  • GDPR Auditor certification test

The GDPR Auditor course will teach you all the necessary principles, procedures and processes needed for the actual implementation of the audit.

Based on practical exercises, you will learn audit techniques and you will be ready to manage the audit program and compile the final report, which is the basis for issuing the certificate.

  • Block duration 45 minutes
  • Hours 24 hours
  • Refreshments Yes
  • Exam Yes
  • Prerequisites

    The minimum criterion for participation in this course is successful completion of Data Protection Officer

František Nonnemann

Frantisk has been dealing with the issue of law and practice of processing and protection of personal data for more than ten years. After graduating from the Faculty of Law of Charles University in Prague, he worked for many years in leading positions at the Office for Personal Data Protection, including as the head of the legal department.

He also participated in the preparation of the accredited course Commissioner for Personal Data Protection, is the author of the Handbook for Commissioners, is also involved in the development of other GDPR services, sample documents, methodologies, created an online free tool for GDPR Audit and now collaborates in the working group for GDPR certification Compliance.

Active activities in European working groups for personal data protection as well as in international control activities cannot be neglected either. He is a co-author of a commentary on Act No. 101/2000 Coll., On the protection of personal data, as well as a commentary on the GDPR, as well as a number of professional articles.

  • 2016 - present| TAYLLORCOX: GDPR Auditor
  • 2016 - present| Moneta
  • 2006 - 2016     | ÚOOÚ
  • 2000 - 2006     | Law faculty, Charles Univerisity 

Lucie Balýová

Problematice ochrany osobních osobních údajů se věnuje již více než 10 let, a to zejména s ohledem denní užívání v praktické aplikaci, provádění auditů ochrany osobních údajů, lektorské a poradenské činnosti. V advokátní praxi se zaměřuje nejen na ochranu osobních údajů, ale také na IT právo a kybernetickou bezpečnost, kdy se jednotlivé specializace zásadně doplňují pro řešení konkrétních případů. 

Lucie hojně publikuje v odborných periodikách, je členkou odborného spolku gdpr.cz a autorkou několika odborných knih, a často se vyjadřuje k dotazům problematiky osobních údajů, IT práva či kybernetické bezpečnosti a vyučuje i na několika vysokých školách.

Jan Cuřín

Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.

  • Cyber Security standard author
  • Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
  • Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067

Graduate ratings

Excellent review from 1406 reviewers

What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

  • Lenka V.
  • 27.04.22
  • Český úřad pro zkoušení zbraní a střeliva

Velice přínosný kurz s přidanou hodnotou, celkově kurz hodnotím jako výborný.

  • GDPR Anonymizováno
  • 27.04.22

Výborný kurz, kladně hodnotím především reakci na dotazy.

  • GDPR Anonymizováno
  • 04.06.20
  • Freelancer

Velmi dobré.

  • Eva V.
  • 24.10.19
  • Sokolovská Uhelná

Výborný.

  • GDPR Anonymizováno
  • 24.10.19
  • Letiště Praha

Výborný.

  • GDPR Anonymizováno
  • 24.10.19
  • Letiště Praha

Výborný.

  • GDPR Anonymizováno
  • 29.05.19
  • Freelancer

Spokojena. 

  • GDPR Auditor
  • 29.05.19
  • SŠ Gastronomie, oděvnictví a služeb

Vynikající.

  • GDPR Anonymizováno
  • 29.05.19
  • FN Motol

Výborný.

  • Vladislav Š.
  • 29.05.19
  • iXperta

Výborný.

View the next 10 reviews of our graduates

View the full list of reference clients.

Your rating
*****

Not sure if this is the right courese for you? Get in touch!

For assistance please give us a call.

We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

*items marked with an asterisk are mandatory

Would you like a gift for your birtday?