GDPR Auditor
The qualification that will prepare you for the role of the GDPR Auditor for the purposes of certification (proof of compliance with EU 2016/679) in connection with the processing of personal data (hereinafter referred to as the "DO").
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget audience
From the point of view of personal data protection, a new institute is being introduced into the legal system, namely the issuing of a certificate for the protection of personal data (certificate) (Article 42 of Regulation 1)
The most transparent way for an Administrator and a Submitter to guarantee guarantees of an adequate level of privacy.
The certificate (certificate of conformity) is obtained by the organization processing the personal data, based on the positive audit report of the GDPR Auditor.
This course is intended for professionals who want to acquire knowledge and skills to perform certification audits. It is on the basis of a positive audit report that the conformity assessment body may decide to issue a GDPR certificate for products (SW and HW) or services.
- Attorneys, lawyers, court experts
- Specialists in personal data protection
- Security auditors (eg ISO / IEC 27001)
In addition to the above mentioned roles, it is also intended for "third-party" experts, who want to provide highly professional audit services under international standards under the aegis of an accredited entity for the purpose of issuing a GDPR Compliance certificate / certificate.
Why become a GDPR Auditor
The General Privacy Regulation (EU 2016/679) modernises the legal framework for the protection of personal data.
This also entails new requirements, such as the appointment of the Data Protection Officer, the Data Protection Impact Assessment, or the Certificates (Personal Data Protection Certificate) issued on the basis of the GDPR Auditors' accredited certification bodies (Articles 43 and 42).
Certifications, seals and marks will be the main measure to demonstrate compliance with the provisions of the General Regulation. The aim is to set a certain standard and the required level of personal data protection for Administrators and Processors.
Benefits
- transparency of data subjects
- strengthen the credibility of administrators and processors
- proven data security in business relationships
- an independent third party attestation is authoritative proof of compliance with the GDPR
Aims of the course
- Properly implement a privacy audit
- Prepare adequately for the control of the supervisory body
- How to prepare organizational, process and technical changes
- Get valuable advice on reviewing contracts and internal processes
- Enhance your position in the market, you can defend yourself with criminal accusations and unfair competition
The adoption of Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as the Regulation) a new institute has been introduced, namely the issue of a certificate on the protection of personal data (certificate) (Article 42 of Regulation 1).
Pursuant to the above-mentioned Regulation (Article 42 (1)), certification is applied to processing operations carried out by the controller or processor and is to certify compliance with the Regulation. This approach is also supported by the text of the next provision (Article 42 (2)), which states that when transferring personal data to third countries, the issue of the certificate (certificate) is one of the possibilities as proven by the controller or processor (especially from outside EU) that it provides appropriate guarantees of an adequate level of protection of personal data. This implies that the issue of the certificate should primarily concern the processing of personal data (which includes one or more operations) or the personal data protection management system of the controller or processor. However, the recital (explanatory memorandum) in paragraph 100 also states that the issue of the certificate (certificate) requires data subjects to rapidly assess the level of protection of personal data for the products and services concerned. The certification (certificates) should also apply to products (sw and hw) and services.
Evaluation - the activity of the certification body (the certification body) to assess whether the compliance of the evaluated product with the requirements of the European Parliament and Council Regulation (EU) 2016/679 of the European Parliament and of the Council is ensured in the given case. The assessment shall include an assessment of whether the applicant has analyzed the risks to the rights and freedoms of individuals in relation to the processing of his or her personal data, taking into account the state of the art, the cost of execution, the nature of the scope, the context and the purposes of the product under consideration, their limitations.
Subject and scope of the audit
As part of the assessment (audit), you will learn how to ensure that the product in question meets the requirements of (EU) 2016/679 in the given case.
You will learn how to properly analyze the process of assessing whether the client (client), taking into account the state of the art, costs, nature of scope, context and purposes, has analyzed the risks associated with the processing of personal data and has put in place adequate technical measures to limit them. You will be ready for certification audits in all areas that GDPR offers.
Agenda
Day 1Hide agendaOpen agenda
09:00 - 10:30
** GDPR from the Auditor's point of view **
- Fundamental rights and freedoms
- Principles of legal processing
- Overview of basic principles from the point of view
- GDPR Audit Framework - introduction
10:30 - 10:45
Coffee break
10:45 - 12:15
** GDPR I accreditation. **
- GDPR compliance
- ISMS ISO / IEC 27001
- Principles of audit, preparation
12:15 - 13:15
Lunch Lunch menu
13:15 - 14:45
** GDPR II accreditation **
- Instructions for initiating the audit
- Review of documentation
- Audit activity at the client's site
- Closing the audit, report, final report
14:45 - 15:00
Coffee Break
15:00 - 17:00
** Requirements of the certification body **
- Audit process
- Purpose and benefits of the audit
- Structure and requirements
- Audit as a tool to ensure compliance
** Auditor's role **
- Code of ethics
- Audit methodology
- Auditor's critical skills
- Communication with the client within the audit
- Creation and administration of the audit program
Day 2Hide agendaOpen agenda
09:00 - 10:30
** Types of audits ** Tent categorization WP29
- SW, HW
- Organizational measures
- Related services for OU processing
- Protection management at the administrator, processor
** Preparation of practice simulated audits **
- Division into work teams
- Allocation of team topics for audit
- Types and focus of the scope of the simulated audit
- Special rules for performing a simulated audit
10:30 - 10:45
Coffee Break
10:45 - 12:15
** Preparation of audit documentation **
Teamwork
- Preparation of the Audit Plan
- Division of audit roles
- Work with company documentation
- Preparation of working documentation for the audit
- Discussion - summary of key findings and experiences
12:15 - 13:15
Lunch Lunch menu
13:15 - 14:00
** Practical audit **
- Simulation
- Team work
14:00 - 14:45
** Revision of GDPR Lead Auditor I. **
- Simulated audit under the supervision of an experienced Lead Auditor
- Fulfillment of the defined task of the simulated audit record on the video camera
14:45 - 15:00
Coffee Break
15:00 - 17:00
** Revision of GDPR Lead Auditor II. **
- Simulated audit under the supervision of an experienced Lead Auditor
- Fulfillment of the defined assignment; recording a simulated audit on a video camera
Day 3Hide agendaOpen agenda
09:00 - 10:30
** Audit analysis **
- Summary of findings from the previous day
- Analysis of records from simulated audits of individual teams
- Feedback from an experienced Lead Auditor Discussion of knowledge and experience
10:30 - 10:45
Coffee Break
10:45 - 12:15
** End of audit **
Preparation of final reports from simulated audits - teamwork. Presentation and defense of final reports from simulated audits
** Analysis of conclusions **
- From output messages
- Confrontation from audit
- Discussion of knowledge and experience
12:15 - 13:15
Lunch Lunch menu
13:15 - 14:45
** Rules for Auditors **
- Summary of acquired knowledge
- Rules for issuing certificates
- Adherence to the principles of proper auditing
- Method of evaluation and assessment of auditors
14:45 - 15:00
Coffee Break
15:00 - 17:00
Final exam
- GDPR Auditor certification test
The GDPR Auditor course will teach you all the necessary principles, procedures and processes needed for the actual implementation of the audit.
Based on practical exercises, you will learn audit techniques and you will be ready to manage the audit program and compile the final report, which is the basis for issuing the certificate.
- Block duration 45 minutes
- Hours 24 hours
- Refreshments Yes
- Exam Yes
Prerequisites
The minimum criterion for participation in this course is successful completion of Data Protection Officer
František Nonnemann
Frantisk has been dealing with the issue of law and practice of processing and protection of personal data for more than ten years. After graduating from the Faculty of Law of Charles University in Prague, he worked for many years in leading positions at the Office for Personal Data Protection, including as the head of the legal department.
He also participated in the preparation of the accredited course Commissioner for Personal Data Protection, is the author of the Handbook for Commissioners, is also involved in the development of other GDPR services, sample documents, methodologies, created an online free tool for GDPR Audit and now collaborates in the working group for GDPR certification Compliance.
Active activities in European working groups for personal data protection as well as in international control activities cannot be neglected either. He is a co-author of a commentary on Act No. 101/2000 Coll., On the protection of personal data, as well as a commentary on the GDPR, as well as a number of professional articles.
- 2016 - present| TAYLLORCOX: GDPR Auditor
- 2016 - present| Moneta
- 2006 - 2016 | ÚOOÚ
- 2000 - 2006 | Law faculty, Charles Univerisity
Lucie Balýová
Problematice ochrany osobních osobních údajů se věnuje již více než 10 let, a to zejména s ohledem denní užívání v praktické aplikaci, provádění auditů ochrany osobních údajů, lektorské a poradenské činnosti. V advokátní praxi se zaměřuje nejen na ochranu osobních údajů, ale také na IT právo a kybernetickou bezpečnost, kdy se jednotlivé specializace zásadně doplňují pro řešení konkrétních případů.
Lucie hojně publikuje v odborných periodikách, je členkou odborného spolku gdpr.cz a autorkou několika odborných knih, a často se vyjadřuje k dotazům problematiky osobních údajů, IT práva či kybernetické bezpečnosti a vyučuje i na několika vysokých školách.
Jan Cuřín
Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.
- Cyber Security standard author
- Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
- Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067
Graduate ratings
Excellent review ☆☆☆☆☆ from 1426 reviewers
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
- Lenka V.
- 27.04.22
- ☆☆☆☆☆
- Český úřad pro zkoušení zbraní a střeliva
Velice přínosný kurz s přidanou hodnotou, celkově kurz hodnotím jako výborný.
- GDPR Anonymizováno
- 27.04.22
- ☆☆☆☆☆
Výborný kurz, kladně hodnotím především reakci na dotazy.
- GDPR Anonymizováno
- 04.06.20
- ☆☆☆☆☆
- Freelancer
Velmi dobré.
- Eva V.
- 24.10.19
- ☆☆☆☆☆
- Sokolovská Uhelná
Výborný.
- GDPR Anonymizováno
- 24.10.19
- ☆☆☆☆☆
- Letiště Praha
Výborný.
- GDPR Anonymizováno
- 24.10.19
- ☆☆☆☆☆
- Letiště Praha
Výborný.
- GDPR Anonymizováno
- 29.05.19
- ☆☆☆☆☆
- Freelancer
Spokojena.
- GDPR Auditor
- 29.05.19
- ☆☆☆☆☆
- SŠ Gastronomie, oděvnictví a služeb
Vynikající.
- GDPR Anonymizováno
- 29.05.19
- ☆☆☆☆☆
- FN Motol
Výborný.
- Vladislav Š.
- 29.05.19
- ☆☆☆☆☆
- iXperta
Výborný.
View the next 10 reviews of our graduates
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
