Data Protection Officer

The General Data Protection Regulation requires all public authorities in the EU and many private organisations to appoint a data protection officer (DPO) to help with GDPR compliance.

Would you like to compare to other courses?

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target audience

Data Protection Officer - DPO

Every company or organization will have to provide an administrator who will be able to meet the specified scope of responsibility for managing personal data.

The Certified EU General Data Protection Regulation (GDPR) Certified Data Protection Officer qualification will be extremely beneficial to you because of the rapidly growing number of organisations that recommend that employees become certified.

The GDPR explicitly orders the "timely engagement of the Delegate" and requires the Administrator to request his or her Opinion in relation to the Privacy Impact Assessment.

Target audience

Who Should Attend

The Foundation level certificate (CDPO-F) is targeted at individuals entering the data protection profession, or non-data protection professionals transitioning into the DPO role. There are no formal entry requirements.

The course is suitable for those interested in complex issues from the point of view of processing and protection of personal data.

These are small and medium-sized businesses, hospitals, public authorities and other entities that process personal data.

The more complex or high-risk the data processing activities are, the greater the expertise the DPO will need. Professional qualities – DPOs do not have to be lawyers, but they must have expertise in national and European data protection law.

  • Statutory authority, procurators
  • Legal advisers, staff and internal managers
  • Employees in the sales department, but also marketing
  • Employees of public administration, non-profit organizations
  • Data administrators, databases, operators. Head of IT, security
  • Internal and External Data Protection Officers Data Protection Officer's (DPO)
Who Should Attend

Aims of the course

  • Prepare you for the role of Privacy Commissioner
  • Create a RoadMap (Data Audit, process settings, GDPR Compliance)
  • Explain implementation on practical scenarios and best practice solutions
  • Demonstrate an approach to meeting legal, operational and technical aspects

Appointing a DPO

Data Protection Officer - Everything you need to know

The general regulation in Article 37 (1) requires the appointment of the trustee in 3 cases.
  • A public authority or a public entity performs processing
  • The principal activities of the controller or processor consist of processing operations that require extensive regular and systematic monitoring of data subjects
  • The principal activities of the controller or processor consist in the extensive processing of specific categories of data or personal data relating to convictions in criminal matters and offenses

An organization that does not want to appoint a nominee on a voluntary basis and has no legal obligation to do so does not hinder anything in hiring employees or external consultants for tasks related to personal data protection.

The data protection officer's job is to inform and advise the organisation about meeting GDPR requirements, and monitoring compliance. They'll also act as the data protection authority's primary point of contact, and will be expected to cooperate with the authority.

Appointing a DPO
  • Processing of personal data and its rules on examples
  • Activities of the Administrator, Commissioners and their outputs, including documentation
  • Documentation kept by the company in case of inspection by Office for Personal Data Protection
  • What are the requirements of the Office for Personal Data Protection for GDPR and their way of documenting organizations


How are our GDPR courses unique and different? Thanks to the accredited course syllabus, you will get exactly the information you need to deal with GDPR requirements. The main benefits also include:

eCF EU Accreditation

European accreditation according to the e-CF framework

RoadMap Implementation

Know-how in the form of GDPR RoadMap implementation

GDPR law in the legislation of the Czech Republic

We are a competent team of lawyers and auditors

Best Practice Practical scenarios

The basis is real scenarios and best-practice solutions

360 ° Comprehensive approach

Fulfillment of legal, technical and operational parts

Case Study GDPR scenario

Impact analysis, audit and process setup

Legislative standardization to the Czech Republic

Accredited program standardized in the Czech legal environment

GDPR Cross Reference Model, maps the requirements of the European regulation to current laws, regulations, and regulations.

What makes this course unique?
  • GDPR is a comprehensive IT, Process, and Rights project
  • We have been protecting our privacy for 10+ years
  • We are members of the Government's Legislative Council for GDPR implementation
  • We joined the ÚOOU Working Group on Accreditation and Certification of GDPR
Legislative standardization to the Czech Republic

e-Competence Framework (e-CF)

EU GDPR courses accredited under the European e-Competence Framework (e-CF) guarantee the fulfillment of the specific competency requirements defined by the European Regulation and the EU Council: General Data Protection Regulation

  • the courses homologated in Czech
  • authorization according to European (e-CF)
  • accreditation in accordance with ISO / IEC 17024
e-Competence Framework (e-CF)

Our qualifications GDPR

We have a huge competitive edge. By crossing into other areas that are related to the GDPR or have even become the basis for this European Regulation.

The issue of data protection has been devoted to more than 10 years. This is one of the first ever accreditations we have gained. We have a wide portfolio of references and experience from realized projects.

In particular, the Act 101 / 200Sb., M_o_R (Personal Data Risk Management), ISMS (Information Security and Information Flows) according to ISO / IEC_27001 & ZoKB_181 / 2014Sb. (the Cyber Security Act), eIDAS (GDPR analogue for electronic identification and trusted services), BS10012 Personal Information Management System (GDPR Framework Standard), ISVS (Public Administration Information Systems) and others.

Our qualifications GDPR

It is time to start

The EU Regulation establishes the "responsibility" principle.

A data controller defines the terms (how and why) of data processing, but does not necessarily carry out these activities themselves. That means they might contract a third party to collect and process data - telling them how to do it, and stating what purpose they are doing it for.

People have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it's stored for, and who gets to see it. Where possible, data controllers should provide secure, direct access for people to review what information a controller stores about them.

It is time to start


Day 1
Hide agenda
Open agenda

09:00 – 10:30

What is GDPR

  • Basics of GDPR
  • Rights and obligations
  • Scope and exceptions

Legal regulation of personal data protection

10:30 – 10:45

Coffee Break

10:45 – 12:15

Personal data

  • Legal titles of processing
  • Special categories (sensitive data)

Data subjects' rights, changes and impacts

12:15 – 13:15


13:15 – 15:00

Security of personal data

  • Technical
  • Organizational

15:00 – 15:15

Coffee Break

15:15 – 16:45


  • Responsibilities of the controller and the processor
  • Personal Data Protection Officer
  • Sanctions for non-compliance with GDPR obligations

16:45 – 17:00


  • Summary
  • Questions

Day 2
Hide agenda
Open agenda

09:00 – 10:30

GDPR Compliance

  • Administrator steps to ensure compliance
  • Cross reference § 110/2019Sb. vs. GDPR

10:30 – 10:45

Coffee Break

10:45 – 12:15

DPO in Practice

  • Data Protection Officer
  • The position of officers and required knowledge

12:15 – 13:15


13:15 – 15:00

Officer tasks

  • Providing information
  • Processing of personal data in practice
  • How to be a DPO: audit, communication, activities

15:00 – 15:15

Coffee break

15:15 – 17:00


  • Practice tests
  • GDPR DPO certification

Graduates of the course will be prepared to fulfill the actual impacts of the European Regulation within their powers and responsibilities in the organization

The course contains only 20% of theoretical information and 80% of practical examples and scenarios that belong to the Commissioner's agenda. Namely, these are, for example:

Principles of intentional and standard protection of personal data, pseudonymization, records management, setting up communication with the supervisory authority, etc ..

Thanks to practical overlap and qualified experts, you have a unique opportunity to discuss your issues directly with the GDPR Lead Auditor!

  • Block duration 90 minutes
  • Hours 16 hours
  • Refreshments Yes
  • Exam Yes
  • Prerequisites


Vít Lidinský

Ing. Vít Lidinský, Ph.D. is the head of the GDPR accreditation commission in the field of products, processes, services as well as the Data Protection Officer certification.

He is active as a Lead Auditor for ISO/IEC 27001 (Information Security Management System), BS 10012 (Personal Information System) GDPR and eIDAS standards. Last but not least, Vit works as a forensic expert in the field.

  • Since 2012, he has been working as a forensic expert in the field of economics, prices and estimates, with a special specialization in information systems and personal data protection.
  • For more than 5 years he was the head of the department. and Chief Executive Officer at the Ministry of Informatics, the Ministry of Foreign Affairs of the Czech Republic and the State Treasury Shared Services Center (ICT Departments).
  • He graduated from the Faculty of Business and Economics, majoring in information management - CULS. Here he gradually obtained a master's (Ing.) And doctoral degree (Ph. D.)

Jan Cuřín

Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.

  • Cyber Security standard author
  • Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
  • Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067

František Nonnemann

Frantisk has been dealing with the issue of law and practice of processing and protection of personal data for more than ten years. After graduating from the Faculty of Law of Charles University in Prague, he worked for many years in leading positions at the Office for Personal Data Protection, including as the head of the legal department.

He also participated in the preparation of the accredited course Commissioner for Personal Data Protection, is the author of the Handbook for Commissioners, is also involved in the development of other GDPR services, sample documents, methodologies, created an online free tool for GDPR Audit and now collaborates in the working group for GDPR certification Compliance.

Active activities in European working groups for personal data protection as well as in international control activities cannot be neglected either. He is a co-author of a commentary on Act No. 101/2000 Coll., On the protection of personal data, as well as a commentary on the GDPR, as well as a number of professional articles.

  • 2016 - present| TAYLLORCOX: GDPR Auditor
  • 2016 - present| Moneta
  • 2006 - 2016     | ÚOOÚ
  • 2000 - 2006     | Law faculty, Charles Univerisity 

Get your DPO Certification


The exam is part of a 2-day intensive course. Participants in this training will receive information on thorough preparation for certification. Although the success rate for certification is 96%, the test dates can be agreed upon in a substitute term.

To pass the exam you are strongly advised to study the materials that will be provided to you before and during the seminar.

The certification test is homologated in the Czech environment, so the course and the final exam are in Czech.
  • Duration: 60 min
  • Pass mark: 60% (45 out of 75 marks)
  • Multiple choice
  • Closed book

    Get your DPO Certification


    Authorized by the European e-Competence Framework. Accredited content under the e-Competence Framework (e-CF) is a guarantee of adequate expertise especially for the roles listed below.

    The certificate is issued in accordance with ISO / IEC 17024, the General Data Protection Regulation (GDPR Regulation EU 2016/679), respectively. Personal Data Protection Officer, in accordance with Article 37 of the Regulation of the European Parliament and the Council, including relevant other legislation and e-CF.

    The certificate is issued in 2 versions (CZ and EN)

    • EU GDPR Data Protection Officer
    • Personal Data Protection Officer
    • The exam fee and certificate issue is already part of the course!

    Graduate ratings

    Excellent review from 1362 reviewers

    What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

    • GDPR Anonymizováno
    • 18.08.23

    Perfektní - logické vysvětlení důležitých požadavků z praktických příkladů. Kladně hodnotím prostor pro dotazy.

    • Jana K.
    • 18.08.23
    • ATALIAN CZ s.r.o.

    Školitelka Lucie byla perfektní, vše skvěle vysvětleno, probíhala velmi cenná diskuze.

    • GDPR Anonymizováno
    • 18.08.23

    Splnil účel, výborný kurz.

    • GDPR Anonymizováno
    • 18.08.23

    Kurz je dobře zpracovaný, ocenila bych ještě nějaké vzorové materiály jako součást kurzu.

    • GDPR Anonymizováno
    • 18.08.23

    Velmi přínosný kurz i pro ty, kteří už vykonávají práci pověřence pro ochranu OÚ.

    • GDPR Anonymizováno
    • 18.08.23

    S GDPR jsem se přišla seznámit. Moc se mi líbil přístup školitelky. Trpělivě se snažila vše vysvětlit, naslouchala dotazům a vše ochotně zhodnotila a ke všemu se vyjádřila.

    • GDPR Anonymizováno
    • 28.07.23

    Skvělý kurz, informativní. Školitelka velmi sympatická, vysvětlení a pochopení témata značně zpříjemněno. Děkuji :)

    • Petr Š.
    • 21.07.23

    Komplexní přehled při výborné atmosféře.

    • Markéta B.
    • 16.06.23
    • Střední zdravotnická škola a Vyšší odborná škola zdravotnická Zlín

    Výborná školitelka, příjemná atmosféra, skvělá organizace a zázemí.

    • GDPR Anonymizováno
    • 16.06.23

    Kurz je přínosný, jak pro lidi se zkušenostmi, tak i bez.

    View the next 10 reviews of our graduates

    View the full list of reference clients.

    Your rating

    Not sure if this is the right courese for you? Get in touch!

    For assistance please give us a call.

    We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

    *items marked with an asterisk are mandatory

    Would you like a gift for your birtday?