Part of the Risk Analysis is the Personal Data Protection Impact Assessment. This is the next stage of the project in connection with the completed GAP Analysis and Data Flow Audit. An audit report that you will learn to compile correctly is a key document for audit authorities. You can easily handle others with GDPR patterns yourself.

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target audience

Risk analysis is another obligation according to Articles 24, 25 of the EU GDPR Regulation. If you want to learn how to risk assessment, this is the fastest way to do it.

The methodology is based on risk management according to the MoR standard. As part of the purpose of the workshop, it is nostrified into the Czech legislative environment.

You will learn the practical aspects of risk analysis and management in an organization in the context of personal data protection. This is in the whole life cycle: from identification, through classification, to the application of principles and measures (pseudonymization, modification of directives, restriction of access).

Typical graduates:

  • Members of the GDPR project team
  • DPO graduates
  • Applicants who want to learn the impact analysis in terms of GDPR requirements
Target audience

Who is this course for?

All who are methodically responsible for GDPR Compliance. If you want to practically manage DPIA (Data Protection Impact Assessment), this is the fastest way to do it.

The DPIA is always responsible for performing the DPIA, but it can also be performed by a third party. Therefore, this workshop is important for all who work in organizations that process personal information in both the private sector and government.

Typical graduates:

  • Internal auditor
  • HR, Internal Lawyer
  • Business, Marketing
  • IT & Security Management
  • GDPR consultants and advisers
Who is this course for?

Aims of the course

  • Eliminate GDPR non-compliance risks
  • Try the example of the Privacy Impact Assessment
  • Prepare a risk analysis in the sense of EU GDPR Art. 24, 25
  • Properly perform impact analysis, evaluate outputs and implement measures
  • Develop recommendations for subsequent organizational and technical measures

Managerial benefits

You will prepare your own sample GPDR risk analysis!

We will try to assess the risks to the rights and freedoms of entities. We will follow a methodology based on GDPR requirements. We will focus on the impacts of the data subject. Together we will develop a matrix of risks (activities x threats x vulnerabilities).

We will focus on the most sensitive data assets. You will learn the methodology of evaluation, categorization and implemented measures for these risks in terms of integrity, confidentiality and availability.

You will also acquire the following know-how:

  • Define criteria for risk categorization
  • Evaluate which risks can be accepted
  • Identify high risks, including resolution procedures
  • We will explain when and why consultation with the supervisory authority is required
Managerial benefits

Organisational benefits

You will learn to minimize the risks associated with personal data protection. Exactly as defined by Data Protection Impact Assessment (DPIA)

We will show you how to methodically correctly and timely evaluate the impacts of personal data processing in the organization. We will discuss examples of how to minimize risks and comply with the law on personal data protection.

1 day intensive workshop is designed to give you maximum information, examples and recommendations. You will learn the methodology that is the most effective for many reasons.

Organisational benefits


09:00 - 10:30

Basics of risk management

  • Management of Risk
  • ISO 27005, ISO 31000
  • Information security risk management process

Risk Analysis

  • How to proceed in the analysis (determination) of risks
  • Qualitative and quantitative risk estimates
  • Identification and valuation of assets
  • Threats and vulnerabilities of GDPR
  • Incident characteristics

10:30 - 10:45

Coffee Break

10:45 - 12:15

** Reporting **

  • How to compile a management report
  • List of risks by size and characteristics
  • Evaluation and reporting of findings

** How to work with outputs **

Proper procedures and risk acceptance criteria from the manager's point of view

12:15 - 13:15


13:15 - 14:45

Methods of risk treatment

  • reduction
  • patience (acceptance)
  • avoidance and transfer of risk

GDPR Risk Management

  • Context with the GDPR risk management system

Possibilities and advantages of comparison with other risks in the organization in order to make the necessary decisions.

DPIA Principles

  • Principles of personal data protection assessment

Legal requirements for DPIA

  • Guidelines for regulators

14:45 - 15:00

Coffee Break

15:00 - 16:45

Getting Started

  • How to perform DPIA
  • When the risk is acceptable

DPIA Assessment

  • How to create DPIA procedures
  • Audit of results and next steps

Workshop - practical exercises

  • Practical models of risk analysis
  • Generic threats and vulnerabilities
  • Derivation of risk and its evaluation

Learn risk analysis and DPIA of personal data directly from the GDPR Lead Auditor!

This updated course will teach you to identify, analyze, evaluate and implement risk measures in the area of personal data protection and cyber security.

The risk analyzes and assessments of the impact on the protection of personal data, even with interesting results, are not of major importance if the identified risks are not systematically managed (treated).

You will learn to perform GDPR and DPIA analysis in the overall context of risk management.

You can plan and specify requirements for detailed and problem-oriented risk analysis. An experienced auditor will introduce you to various approaches and methodologies, their pitfalls and recommend suitable solutions.

  • Block duration 45 minutes
  • Hours 8 hours
  • Refreshments Yes
  • Exam No
  • Prerequisites

    GDPR Risk Analysis can be categorized as an advanced course that includes 80% practical scenarios and only 20% theory.

    Therefore, knowledge of the GDPR at the basic implementation level is required, or at least in the qualification of the Data Protection Officer

Workshop leader

Vít Lidinský

Ing. Vít Lidinský, Ph.D. is the head of the GDPR accreditation commission in the field of products, processes, services as well as the Data Protection Officer certification.

He is active as a Lead Auditor for ISO/IEC 27001 (Information Security Management System), BS 10012 (Personal Information System) GDPR and eIDAS standards. Last but not least, Vit works as a forensic expert in the field.

  • Since 2012, he has been working as a forensic expert in the field of economics, prices and estimates, with a special specialization in information systems and personal data protection.
  • For more than 5 years he was the head of the department. and Chief Executive Officer at the Ministry of Informatics, the Ministry of Foreign Affairs of the Czech Republic and the State Treasury Shared Services Center (ICT Departments).
  • He graduated from the Faculty of Business and Economics, majoring in information management - CULS. Here he gradually obtained a master's (Ing.) And doctoral degree (Ph. D.)

Graduate ratings

Excellent review from 1310 reviewers

What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

  • GDPR nonymizováno
  • 04.11.19
  • Letiště Praha


  • GDPR Anonymizováno
  • 04.11.19
  • 2K Consulting

Velmi dobré.

  • GDPR Anonymizováno
  • 04.11.19
  • Letiště Praha


  • GDPR Anonymizováno
  • 24.06.19
  • Metropolnet

Celková spokojenost. 

  • GDPR Anonymizováno
  • 24.06.19
  • Ministerstvo financí

Praktický kurz. 

  • GDPR Anonymizováno
  • 24.06.19
  • Oblastní nemocnice Jíčín

Splnil očekávání. Srozumitelný přednes. 

  • GDPR Anonymizováno
  • 24.06.19
  • Metropolnet

Vše srozumitelně podáno. Dotazy vysvětleny. Kurz je výborně připraven i veden. 

  • GDPR Anonymizováno
  • 24.06.19
  • Home Credit

Přínosné co se týče vysvětlení metodiky. Příklady z praxe, názorné zpracování. 

  • GDPR Anonymizováno
  • 24.06.19
  • Oblastní nemocnice Kolín

Praktické ukázky, podrobné. 

  • GDPR Anonymizováno
  • 24.06.19
  • Česká pošta

Prezentování složitého tématu srozumitelným způsobem a s přihlédnutím k praktickému použití. 

View the next 10 reviews of our graduates

View the full list of reference clients.

Your rating

Not sure if this is the right courese for you? Get in touch!

For assistance please give us a call.

We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

*items marked with an asterisk are mandatory

Would you like a gift for your birtday?