Training Privacy and Information Security

2.399 Exclusive of VAT

Privacy and information security are more than just protecting personal and company data. The point is that individuals and companies can participate in groups to which they want to belong. That parties can exercise their rights and that they are accountable for compliance with legal and contractual obligations. All this in such a way that companies can bear the costs.

Business activities are central to the training. The aim is to integrate legal compliance into business activities. The translation of obligations into organizational and technical measures is discussed. And on organizing “privacy by design” and “privacy by default”. Then the rights of the data subject are discussed, how do you work this out in your organization?

The training consists of five webinars of one half day (13:00 to 17:00) that are given consecutively over two weeks.

The European General Data Protection Regulation (GDPR) has been in effect for a number of years and a company often has to deal with additional laws and regulations. Observation shows that companies (and institutions) have made a modest implementation; that the attention in the organizations is waning, that the data subjects (for example persons, citizens, individuals) are increasingly submitting serious complaints to the supervisory authority, the Dutch Data Protection Authority (AP) or are going to court.

Group mores and target groups

Individuals wish to belong to groups and are willing to conform to group mores. Companies also want to belong to target groups of their customers and their suppliers and use these target groups to market their products and services. If a company does not adhere to the group mores, the people will withdraw and start a new group. Individuals can achieve this – based on their rights – with a few mouse clicks. A dubious reputation (for example caused by a data breach) can be the reason that a company is excluded by the (target) group. This immediately creates a continuity risk.

Companies want (or may have to) connect with target groups to sell products and services and need company and personal data for this. A company will therefore have to make agreements with people about the use of their data.

Facilitating rights and accountability

Adequately facilitating the rights of partners and accountability for the effectiveness of the control measures, especially to the chain partners, is essential in order to be and remain connected to target groups. Knowing partners (customers, employees or suppliers) offers the company opportunities to organize the organization more effectively and cost-efficiently. A data-centric data processing is necessary for organizing a people-centric organization.

Application Transition

The transition from application to data-centric data processing requires management and employees to adopt a different attitude/ “view” on data processing and protection. The transition has a chance of success if there is sufficient knowledge and support among management and employees about the legal and business necessity, the approach and the ability to realize the transition. This training connects to this and creates a common knowledge base in an organization.

Your business activities are central

The training takes you – from your main business activities – along with legislation, additional legislation and regulations and case law. Next, the rights of the data subject (the persons, individuals, citizens or patients) are discussed. The data subject has the tools to exercise control over his (or her) data. Within this context, we deal with the translation of the obligations into appropriate organizational and technical measures. With this we are in line with the discussions about organizing “privacy by design” and “privacy by default”. Together we look at how you can focus on those involved and what you need to arrange for this, how you can integrate the legislation into your regular business activities and systems, what benefits this brings for people and for your company or organization and how you can use it to take the next steps towards digital transformation.

A business situation has been described for this training and will be sent to you in advance. This business situation is a guideline during the training.


You will have access to the e-learning environment and you will keep this access for two years after the training.

By successfully passing the exams of the six modules, it is possible to make a flying start with the DPO training program. After the training, the participants receive a certificate of participation.

Webinar 1: Legal framework, current affairs and international developments:

  1. Introduction / proposals from the participants and teachers, expectations of the training. Training structure and current events.
  2. Legislation, additional laws, rules and case law.
  3. International developments, the transfer of personal data outside the EU.

Webinar 2: Governance & compliance, rights of data subjects, role of the Data Protection Officer

  1. Governance and Compliance What are a company’s legal and contractual obligations?
  2. Organizing the rights of data subjects.
  3. The DPO is an advanced post of the AP: he answers questions from those involved and advises internally on legislation and regulations. But what is a professional DPO?

Webinar 3: Supervision and DPIA

  1. Supervision, the modern supervisory arrangement of the GDPR.
  2. DPIA, the importance of a DPIA and the integration of a DPIA in the business processes.

Webinar 4: Code of Conduct, Information Exchange and Discussion Round

  1. Code of Conduct and Compliance with It.
  2. Data exchange discussed using MedMij.
  3. Discussion round: What will we see after two years of GDPR? What are the expectations?

Webinar 5: Smart contracting, evaluation and closing

  1. Smart contracting and the legal operations.
  2. Evaluation and review of the training privacy en information security.
  3. Closing and agenda follow-up session

Workshop (webinar)

The next training will be organized on:

After registration you will have direct access to the six modules in our learning environment.



The total costs for the company training data protection are € 2,399 (excluding VAT and per person). An additional € 150 will be charged for taking an exam. Duthler Academy works with several platforms:

  • Participants of the Center for Information Security and Privacy Protection (CIP) receive a 15% discount on the entire training offer.
  • Private individuals and government institutions are exempt from VAT.