What is Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course?
The Certified EU GDPR Practitioner Course is designed to provide in-depth training on implementing and managing the EU General Data Protection Regulation (GDPR) requirements. This course builds on foundational GDPR knowledge, focusing on practical application and advanced compliance techniques to safeguard personal data and mitigate risks.
Participants will learn how to design GDPR-compliant policies, conduct Data Protection Impact Assessments (DPIAs), manage data breaches, and ensure ongoing compliance through audits and governance frameworks. Real-world scenarios and hands-on exercises prepare learners to lead GDPR initiatives confidently.
This intensive 2-day Certified EU GDPR Practitioner Course by Oakwood International provides the expertise required to take a leading role in GDPR compliance efforts and achieve recognition as a GDPR Practitioner.
Course Objectives:
- Understand advanced GDPR principles and their organisational impact.
- Learn how to implement GDPR-compliant policies and procedures.
- Conduct practical Data Protection Impact Assessments (DPIAs).
- Develop and maintain a GDPR-compliant data protection framework.
- Gain expertise in managing data breaches and reporting requirements.
- Prepare for audits and demonstrate GDPR compliance to regulatory authorities.
- Establish and sustain a culture of data privacy within organisations.
Upon completion, participants will possess the advanced knowledge and practical skills required to ensure GDPR compliance and effectively lead data protection strategies.
Course Outline
Certified EU General Data Protection Regulation (EU GDPR) Practitioner Course
Module 1: Data Subject Rights
- Must I Always Obey a Right?
- Rights and Third Parties
- Requests Made on Behalf of Other Data Subjects
- Guidelines for Children's Maturity
- Responding to a Rights Request
- What is a Month?
- Rights Request Flow Chart
- Right to be Informed
- When Should Information Be Provided?
- Best Practice Guidance
- Right of Access
- Right to Rectification
- Right to Erasure
- When can I Refuse to Comply with a Request for Erasure?
- Erasing Children's Data
- Right to Restrict Processing
- When Processing Should be Restricted?
- Protecting PII
- Other Issues about Restricting Processing
- Right to Data Portability
- Right to Object
- Complying with the Right to Object
- Rejecting the Right to Object
- Processing for Direct Marketing Purposes
- Processing for Research Purposes
- Rights Related to Automated Decision Making and Profiling
- When does the Right not apply?
- When does the Right not apply?
Module 2: Subject Access Requests
- Provenance
- Overview: SARs
- SAR is an Activity, Not a Title
- How can a SAR be Submitted?
- What Information Should the Response to a SAR Contain?
- Additional Information
- Replying to a SAR
- Confirming a Data Subject’s Identity
- Scope
- Electronic Records
- Non-Electronic Records
- SARs Involving 3rd Party PII
- Fees
- Refusing a Subject Access Request
- Access Requests from Employees
- Credit Reference Agencies
- Best Practice for SARs
Module 3: Lawful Processing
- Lawful Processing: A Reminder
- User Rights Change Depending on the Justification
- Lawfulness of Processing Conditions
- Lawfulness for Special Categories of Data
- UK ICO Tool
- Consent
- Key Points About Consent
- Affirmative Action and Explicit Consent
- Introduction of Affirmative Action
- What is Not Affirmative Action?
- Examples of Affirmative Action from the ICO
- Introduction of Explicit Consent
- Explicit Statement
- Obtaining Explicit Consent
- ICOs View of a Poor Form of Explicit Consent
- Obtaining Consent for Scientific Research Purposes
- Getting Consent
- What Should Go into the Consent Request?
- Consent Granularity
- Right to Withdraw Consent
- Children
- Consent Records
- ICOs Examples of Record Keeping
- Key Points When Establishing Consent
- Legitimate Interests
- Getting the Balance Right
- Consent or Legitimate Interest?
- What Lawful Basis Can be Used for Processing Marketing PII?
Module 4: Third Country Data
- Cross Border Transfers
- Transfer Mechanisms
- Derogations
- Adequacy
- Adequate Ways to Safeguard Transfers of PII
- Consent
- One-Off or Infrequent Transfers
- Who is Responsible?
- Transferring PII Between EEA Members
- Adequate Countries Outside of the EEA
- Binding Corporate Rules (BCR)
- What a BCR Must Cover?
- Authorisation for BCRs
- EU-US Privacy Shield
- Privacy Shield Overview
- Privacy Shield: Mechanics
- Model Clauses
- Public Authority Agreements
Module 5: Introduction to Protecting Personal Data
- Need to Secure
- What is Appropriate?
- Protecting PII – 3 Key Areas
- Coverage
- Defensive Design
- Single Point of Failure (SPOF)
- Incident Response
- Data Breach Reporting Requirements
- Incident Response Team
Module 6: Data Protection Impact Assessments (DPIA)
- Introduction
- What Triggers a Data Protection Impact Assessment?
- Cases Where DPIA is Not Required
- Benefits of DPIA
- Processes to be Considered for a DPIA
- Responsibilities
- DPIA Decision Path
- DPIA Content
- How Do I Conduct A DPIA?
- Signing Off the DPIA
- Mitigating Risks Identified by the DPIA
Module 7: Need Want Drop
- Overview
- Need-Want-Drop: Concept Diagram
- Need-Want-Drop: Categorising Data
- Need/Want/Drop Methodology
Module 8: Dealing with Third Parties and Data in the Cloud
- What is Cloud Computing?
- Myths of Cloud
- Cloud Challenges
- Controller-Processor Contract
- Checklist
- Data Controller - Summary
Module 9: Practical Implications: GDPR
- Brexit and its Impact on the GDPR
- Adequacy
- What does this Mean in Practice?
- EU and UK Representatives
- Exemption Rule
- One-Stop Shop
Module 10: Legal Requirements of the GDPR
- Lawful, Fair, and Transparent Processing
- Limitation of Purpose, Data and Storage
- Data Subject Rights
- Consent
- Personal Data Breaches
- Privacy by Design
- Data Protection Impact Assessment
- Data Transfers
- Data Protection Officer
- Awareness and Training
Module 11: Privacy Principles in GDPR
- Lawfulness, Fairness, and Transparency
- Purpose Limitation
- Data Minimisation
- Accuracy
- Storage Limitation
- Integrity and Confidentiality
Module 12: Common Data Security Failures, Consequences, and Lessons to be Learnt
- Common Data Security Failures
- Consequences
- Fines Relating to Data Breaches
- Litigation from Customers Relating to Data Breaches
- Directors, Officers, and Professional Advisors
- Reputational Damage
- Lesson Learned
- Knowing When and How to Communicate with Affected Individuals is Not Easy
- GDPR is Important, as are Other Legal Frameworks
Included
Included
- No course includes are available.
Offered In This Course:
-
Video Content
-
eLearning Materials
-
Study Resources
-
Completion Certificate
-
Tutor Support
-
Interactive Quizzes
Learning Options
Discover a range of flexible learning options designed to meet your needs. Select the format that best supports your personal growth and goals.
Online Instructor-Led Training
- Live virtual classes led by experienced trainers, offering real-time interaction and guidance for optimal learning outcomes.
Online Self-Paced Training
- Flexible learning at your own pace, with access to comprehensive course materials and resources available anytime, anywhere.
Build your future with Oakwood International
We empower you with the skills, knowledge, and confidence to excel in your career. Join us and take the first step towards realising your professional goals.
Frequently Asked Questions
Q. What topics are covered in the Certified EU GDPR Practitioner Course?
The course covers GDPR
principles, DPIAs, data protection frameworks, breach management, audits, and
certification preparation.
Q. How can this training benefit my career?
This training enhances your
ability to lead GDPR compliance efforts, making you a highly valued data
protection and privacy professional.
Q. Is this certification recognised globally?
Yes, GDPR Practitioner
certification is widely respected and applicable to organisations processing
the personal data of EU citizens worldwide.
Q. What support is provided during the training?
Participants receive
comprehensive study materials, hands-on exercises, and expert instructor
guidance to ensure effective learning and exam readiness.
Q. Is this course suitable for beginners?
No, this course is designed
for professionals with foundational GDPR knowledge or experience, providing advanced
skills for GDPR compliance leadership.