Skip to content
Training Program Data Protection Officer

Training Program Data Protection Officer

15.000

In Articles 37 to 39 of the GDPR, the legislator has elaborated on the role and necessity of appointing a Data Protection Officer (DPO) by controllers (companies and institutions) and processors (companies to whom work has been outsourced). In short, a DPO monitors the effective protection of personal data by controllers and processor(s). The DPO is also the point of contact for data subjects (employees, citizens, patients and consumers, for example) whose personal data are processed. The DPO also has an important advisory role towards the controller and processor.

The role description of the DPO is broad, which is confirmed by case law and the guidelines of the European Data Protection Board (EDPB). It is the responsibility of the controller and processor to appoint a DPO appropriate to the business activities and the resulting data protection risks.

The two-year post-bachelor level data protection officer training is in line with this broad role description in the GDPR. In addition to theoretical and legal knowledge, this training also provides practical skills aimed at taking effective management and security measures in a risk-oriented manner and organizing compliance with legal and contractual obligations.

Category:

We recognize the following categories of courses:

In consultation with the Duthler Academy training coordinator, the student determines a learning path for taking the 30 courses from the categories mentioned above. After this, the student, or rather the aspiring DPO (ADPO), starts the DPO training program. Every time a course is completed, the ADPO takes an exam and the teacher assesses the answers or papers.

An overview of the training:

Formal Legal

The GDPR came into effect in 2016. The GDPR became applicable in 2018. Case law, fine decisions from supervisors and guidelines from the EDPB now provide further details on the GDPR. The development of European and national related legislation and regulations does not stand still. We note that the formal legal framework for protecting personal data is continuing to develop.

An overview of the category of Formal Legal courses.

  • Overview of current privacy laws and regulations
  • Case law, decisions and guidelines
  • Monitoring and enforcement of the GDPR
  • The GDPR in an international perspective: Europe and transfers to third countries
  • The GDPR in an international perspective: tools for transfers to third countries
  • Privacy and related national legislation
  • Privacy and related international law

Governance & Compliance

Organizing the effective protection of personal data requires the continuous attention of company management, management and employees. The legal role of the DPO fits the company management into the organization of the existing governance. The nature and scope of the business activities and how they are effectively organized with business processes that include internal control measures have an impact on the tasks of the DPO. The GDPR assumes that a risk analysis is carried out on business activities and the associated data processing. We also call this a DPIA. The results of the DPIA determine the structure of an organization’s governance and compliance.

An overview of the category of Governance & Compliance courses:

  • The DPO: position, duties, powers and responsibilities
  • Peer consultation
  • The GDPR, the privacy policy, the standards framework and privacy framework
  • Internal and external privacy policy
  • Governance and compliance: legislation in a broader perspective
  • Governance and compliance: further elaborated
  • A data breach and being prepared for it
  • How can and should I act after a data breach?

Organizing business activities

This section focuses on the impact of the GDPR on the organization of business activities. Business activities are carried out with business processes. Business processes are supported by IT systems and controlled by management and employees. The internal controls, or “non-functional requirements” are included “by design” in the IT systems and employees are aware and trained to ensure that personal data is effectively protected. There is “compliance by default” with legal and contractual obligations, in particular the protection of personal data. These legislator requirements for controllers require new organizational concepts, IT architectures and IT systems. With the arrival of cloud service providers that systematically and rigidly apply the “zero trust” architecture, a good step in the right direction is to ensure that the processing of company and personal data is compliant with legal obligations.

An overview of the category of courses Organizing business activities:

  • Overview and insight into responsibilities & liabilities
  • Transparency and rights of data subjects
  • Information security, the basis for privacy protection
  • Information security, detailed
  • Lifecycle data protection management
    • Architectures and principles
    • Models and Attribute Based Credentials
    • Setting up an appointment complex
  • Privacy by design and privacy by default
  • Retention periods
  • Data portability
  • Profiling

Assessments & Audits

The legal context of data protection affects the social accountability framework of financial and tax reporting. How can company management justify the effective operation of management and security measures when processing personal data? Generally accepted accounting is needed. A practical set of instruments is needed for carrying out assessments (Data Privacy Impact Assessment, DPIA). The effective protection of personal data will be included in the social accountability of the company management and the confirmation of this by a certified auditor.

An overview of the category of courses of Assessments and Audits.

  • Privacy accounting
  • DPIA, theoretical framework
  • DPIA, practical application
  • From assessments to auditing