GDPR Implementation

A new version of the workshop. A unique case study will, like GDPR, work with the project in a practical way. Graduates will be in charge of the obligations of the General Regulation on the Protection of Personal Data. On the second day, you will check the effectiveness of the Office for Personal Data Protection simulation of control.

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target audience

We pass on experience from 1000+ large and small GDPR implementation projects

This includes Dataset Mapping, GAP Analysis, Risk Analysis, and Privacy Impact Assessment. And also know how to integrate these outputs into an organization's management system.

  • Statutory authority, procurators
  • Legal advisers, staff and internal managers
  • Employees in the sales department, but also marketing
  • Employees of public administration, non-profit organizations
  • Data administrators, databases, operators. Head of IT, security
  • Internal and External Data Protection Officers Data Protection Officer's (DPO)
Target audience

Get ready for the check

What does it mean to be in line with the GDPR Regulation? Manage a potential check
from the Office for the Protection of Personal Data

Knowledge objectives

  • We will show you what to actually control and how
  • We will use real audit checklists. We fix the essentials
  • You will try the position of an inspector in your own company
  • You prepare the final report with the auditor (what do you have for the dates, why do you have, how do you fill)

František Nonnemann

Frantisk has been dealing with the issue of law and practice of processing and protection of personal data for more than ten years. After graduating from the Faculty of Law of Charles University in Prague, he worked for many years in leading positions at the Office for Personal Data Protection, including as the head of the legal department.

He also participated in the preparation of the accredited course Commissioner for Personal Data Protection, is the author of the Handbook for Commissioners, is also involved in the development of other GDPR services, sample documents, methodologies, created an online free tool for GDPR Audit and now collaborates in the working group for GDPR certification Compliance.

Active activities in European working groups for personal data protection as well as in international control activities cannot be neglected either. He is a co-author of a commentary on Act No. 101/2000 Coll., On the protection of personal data, as well as a commentary on the GDPR, as well as a number of professional articles.

  • 2016 - present| TAYLLORCOX: GDPR Auditor
  • 2016 - present| Moneta
  • 2006 - 2016     | ÚOOÚ
  • 2000 - 2006     | Law faculty, Charles Univerisity 

Vít Lidinský

Ing. Vít Lidinský, Ph.D. is the head of the GDPR accreditation commission in the field of products, processes, services as well as the Data Protection Officer certification.

He is active as a Lead Auditor for ISO/IEC 27001 (Information Security Management System), BS 10012 (Personal Information System) GDPR and eIDAS standards. Last but not least, Vit works as a forensic expert in the field.

  • Since 2012, he has been working as a forensic expert in the field of economics, prices and estimates, with a special specialization in information systems and personal data protection.
  • For more than 5 years he was the head of the department. and Chief Executive Officer at the Ministry of Informatics, the Ministry of Foreign Affairs of the Czech Republic and the State Treasury Shared Services Center (ICT Departments).
  • He graduated from the Faculty of Business and Economics, majoring in information management - CULS. Here he gradually obtained a master's (Ing.) And doctoral degree (Ph. D.)


Day 1
Hide agenda
Open agenda

09:00 - 12:30

Stream mapping The input information audit identifies the areas falling under the GDPR.

How to map correctly

  • Form requirements
  • Output requirements
  • Consent is not always required
  • Elaboration of analysis of purposes and titles

Level mapping

  • Data flows
  • Separate processes

Mapping by topics

  • Role mapping
  • IS / IT mapping
  • Process mapping
  • Consent mapping
  • Documentation mapping

12:30 - 13:30


13:30 - 16:30

GAP Analysis - Procedure Evaluation of the impact of EU Regulation 679/2016 on the organization.

  • Data definition
  • The way they are led
  • Assessment of the Commissioner's position
  • Scopes of necessary interventions (IT, Law, HR ..)

GAP Analysis - outputs You will learn to identify inconsistencies between the requirements set out in GPDR and the processes in your organization.

  • Appointment of DPO
  • ICT and necessary changes
  • Law and necessary changes
  • Managed documentation and changes
  • The scope of the GDPR on the organization

16:30 - 17:00


Summary of implementation day I.

Day 2
Hide agenda
Open agenda

09:00 - 12:30

GDPR Risk Analysis

  • Incident characteristics
  • Threats and vulnerabilities of GDPR
  • Identification and valuation of assets
  • Qualitative and quantitative risk estimates
  • How to proceed in the analysis (determination) of risks


  • How to compile a management report
  • List of risks by size and characteristics
  • Evaluation and reporting of findings

Methods of risk treatment

  • reduction
  • patience (acceptance)
  • avoidance and transfer of risk

GDPR Risk Management

  • Context with the GDPR risk management system
  • Possibilities and advantages of comparison with other risks in the organization in order to make the necessary decisions.

DPIA Data Protection Impact Assessment - Analysis of Impacts on Personal Data Protection


  • When the risk is acceptable
  • Legal requirements for DPIA
  • Guidelines for regulators
  • Principles of personal data protection assessment

DPIA Assessment

  • How to create DPIA procedures
  • Practical models of risk analysis
  • Generic threats and vulnerabilities
  • Derivation of risk and its evaluation

12:30 - 13:30


13:30 - 16:30

Office for Personal Data Protection

  • Incidents
  • Office for Personal Data Protection check
  • What, how and why to prove

You are facing offers such as "buy this GDPR product", "order our GDPR audit", "we have software that GDPR will solve for you".

But what do you really need? It is not another bureaucratic burden ...

You want to be prepared for the risks that really affect you. And that is exactly what this workshop is about.

Graduate ratings

Excellent review from 1337 reviewers

What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

  • GDPR Anonymizováno
  • 03.02.20
  • Metropolnet

Výborně připravené s možností praktických řízení.

  • Eva V.
  • 03.02.20
  • Sokolovská Uhelná


  • Pavla T.
  • 17.06.19
  • Ministerstvo kultury

ABS. kurz byl přínosný z hlediska odb. obsahu a praktických příkladů.

  • GDPR Anonymizováno
  • 14.06.19
  • Ministerstvo financí

Kurz mi přinesl nadhled na oblast ochrany a údajů a jeho zasazení do širšího kontextu. Jakož i vztah k oblasti bezpečnosti informací, kybernetické bezpečnosti a řízení rizik. 

  • Mária H.
  • 15.02.19
  • Penta Hospitals


  • GDPR Anonymizováno
  • 15.02.19
  • my Solutions


  • GDPR Implementace
  • 15.02.19
  • Mann+Hummel

Výborný kurz, včetně podkladů mnoho závěrů z praxe.

  • GDPR Anonymizováno
  • 29.08.18
  • Pozpra

Velká spokojenost.

  • Blanka Ž.
  • 29.08.18
  • Zápodočeská univerzita Plzeň

Skvělý kurz, spousta příkladů z praxe, praktické procvičení.

  • Zdenka T.
  • 29.08.18
  • Freelancer

Velká spokojenost. 

View the next 10 reviews of our graduates

View the full list of reference clients.

Your rating

Not sure if this is the right courese for you? Get in touch!

For assistance please give us a call.

We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

*items marked with an asterisk are mandatory

Would you like a gift for your birtday?