European Association for Public Administration Accreditation

EVENTS from Other Institutions

GDPR and How to Conduct a Data Protection Audit

GDPR and How to Conduct a Data Protection Audit

September 18, 2019 - September 19, 2019

Venue: EIPA Maastricht (NL), OLV plein 22, NL 6211 HE Maastricht, Netherlands

Organizer(s): EIPA Maastricht (NL), OLV plein 22, NL 6211 HE Maastricht, Netherlands; www.eipa.eu

Language: English

Contact: Ms Eveline Hermens
Programme Organiser
Tel.: +31 43 3296 259
E-mail: e.hermens@eipa.eu

Info link: https://www.eipa.eu/product/gdpr-data-protection-audit-sept/

Respect for fundamental rights, such as the right to the protection of one’s personal data, affects everyone. The extent to which measures must be taken to protect personal data against misuse or improper use depends on the information, the amount of data, the purpose of the processing, the processing methods and the eco-system surrounding the processing of the information. The EU General Data Protection Regulation (GDPR) has imposed many new obligations on organisations that process personal data. An audit will assess whether your organisation is meeting these obligations. Additional factors such as technological developments and social and personal vision also play a role. This complex whole affects the method of implementing GDPR in organisations and in particularly in the IT-related environment.

This course will provide you with the insights and techniques to successfully plan and execute an audit as well as assure your organisation’s compliance with the GDPR. You will learn about the key aspects of the GDPR and how to ensure they are being implemented within your organisation. During the course, you will gain an understanding of how to plan an audit, identify the scope of an audit, how to conduct a successful audit within that scope and how to present the report assessing your organisation’s compliance with GDPR.

At the end of the course, you will leave with an understanding of why effective audits are key to maintaining compliance with the GDPR and how such audits can be planned, conducted and reported to the highest decisional roles of the organisation.
Who is this course for:

Anyone, in both the public and private sector, who has a responsibility for assuring their organisation’s compliance with the GDPR;
Anyone who is involved with the assurance and continuous improvement of the GDPR in their organisation;
DPOs, internal and external auditors, the audit committee, risk managers, Chief Information Security Officers;
Anyone involved with managing an audit programme.

What will you learn

The key elements of the GDPR;
Understanding risk assessment and risk management, which are key to the GDPR;
The importance of an effective audit to assess an organisation’s level of compliance with the GDPR;
Audit responsibilities;
The techniques to define the scope of the audit;
Determining the audit assignment;
Developing an audit plan;
Audit preparation;
Conducting an audit;
Possible barriers;
Evaluating and reporting the findings of an audit;
The audit deliverable;
Integrating the audit within your organisation’s management system;
Maintaining compliance, dealing with issues and continuous improvement.

By the end of the course, you will:

be able to assess your organisation’s compliance with the GDPR;
be able to facilitate the development of an effective audit plan;
be able to conduct a fair, impartial and unbiased audit;
be able to present a report of the organisation’s level of compliance with the GDPR to members at managerial level;
have exchanged experiences with colleagues from other organisations and countries;
have developed (and continue to develop) your professional international network in the field of data protection.

Course methodology and highlights

We believe practical know-how is the key to effective learning. This course therefore includes:

Individual preparation for the course: you are invited to bring along any information about the mission, vision, values and data protection (GDPR) framework and governance within your organisation for case study;
Detailed explanations of the key concepts and principles of the GDPR, as well as its actors and their roles;
Group and individual assignments;
Practical exercises on how to plan, prepare, conduct and report on an audit;
Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainer and other participants;
Room for note taking on what you learn, so you can apply it to your own situation.


Relevance: EIPA has direct insight into the workings of the European Union;
Never alone: you will be part of a growing network of colleagues and professionals throughout Europe;
Quality insurance: all of our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate;
Combine fun and facts: this course is held in one of the most charming cities of Europe. Discover plenty opportunities to relax and experience what this region has to offer.

NISPAcee Press

  NISPAcee eNewsletter




Public Administration for Well-being and Growth


   Price: 0 € Order

Efficiency in Local Service Delivery (English)

Juraj Nemec

   Price: 0 € Order

  1 2 3 4 5 of 73 

On-line payments

mastercardMaestroVISAVISA ElectronDiners club