GDPR and How to Conduct a Data Protection Audit

08/05/2019 - 09/05/2019
Location: Maastricht (NL)
Project number: 1911501

GDPR and How to Conduct a Data Protection Audit

Rated 4.67 out of 5 based on 3 customer ratings
(3 customer reviews)

From:  900,00

This course will provide you with the insights and techniques to successfully plan and execute an audit of your organisation’s compliance with the EU General Data Protection Regulation (the GDPR).

This course will provide you with the insights and techniques to successfully plan and execute an audit of your organisation’s compliance with the EU General Data Protection Regulation (the GDPR).  You will learn about the key aspects of the GDPR and how to ensure they are being implemented within your organisation.  During the course you will gain an understanding on how to identify the scope of an audit and how to conduct a successful audit within that scope. At the end of the course, you will leave with an understanding as to why effective audits are key to maintaining compliance with the GDPR and how such audits can be planned and conducted.

What you will learn in this course:
  • The key elements of the GDPR
  • The importance of an effective audit
  • The techniques to define the scope of the audit
  • Understanding Risk assessment and risk management, which are Key to GDPR
  • Data Protection Impact Assessments (DPIA) and their importance to GDPR
  • Developing an audit plan
  • Conducting an audit
  • Presenting the findings of an audit
  • Integration of the audit with your organisation’s management system
  • Dealing with issues and continuous improvement
By the end of the course, you will:
  • Be able to assess your organisation’s compliance with the GDPR
  • Be able to facilitate the development of an effective audit plan
  • Be able to conduct a fair, impartial, and unbiased audit
  • Have exchanged experiences with colleagues from other organisations and countries
Who is this course for:
  • Anyone, in both public and private sector, with a responsibility for the compliance of their organisation with the GDPR
  • Anyone who’s involved with the assurance and continuous improvement of the GDPR in their organisation
  • (Future) internal auditors
Course methodology and highlights

We believe learning happens best with practical knowledge. So this course includes:

  • Individual preparation for the course: you are invited to bring along any information about the mission, vision, values, and data protection (GDPR) framework within your organisation for casework
  • Detailed explanations of the key concepts, principles, its actors and roles in the field of GDPR
  • Group and individual assignments
  • Interactive approach. The module’s structure will give you the possibilities to ask questions, share experience, knowledge, needs and challenges with the trainer and other participants
  • Room for note making of the learning with respect to your own situation



Trainer: Brian Honan, BH Consulting, Dublin (IE)


Auditing GDPR




Introduction to the course




Introduction of GDPR basics
A general introduction to the EU General Data Protection Regulation and its key principles




Threats to Data
An overview of the threats posed to data and how they can be protected against




Coffee break




Risk Management
Overview. The various methodologies used to conduct risk assessments and risk management. Risk management is key to GDPR




Assignment: conducting a risk assessment








Data Protection Safeguards
An overview of the key protections that should typically be in place to protect data entrusted to your organisation. This will look at the areas of:

  • Policies and procedures
  • Technical safeguards for electronics and physical data
  • The safeguards relating to people that should be in place




Assignment:  identifying data protection safeguards for a particular use case




Coffee break




Data Breach Management
An overview of what should be in place to enable an organisation respond to a data breach within the requirements of the GDPR




Assignment: Analyze a recent publicly known data breach




End of the day




Dinner in a restaurant in town









Key Audit Principles
An overview of what an audit is and how audits are performed. This will include:

  • Roles and responsibilities
  • An overview of the different types of audit
  • Definition of audit findings




Coffee break




Planning an Audit
The key to a successful audit is to have a solid plan. This should entail:

  • Defining the Scope of the Audit
  • Determining who should be present at the audit
  • Agreeing timelines




Assignment: Plan an audit of your organisation




Conducting an Audit
Auditing the Effectiveness of controls

Audit Interview techniques, which ones to use and when




Assignment: conduct a mock audit interview








Conducting an Audit
Auditing the controls for GDPR in the areas of:

  • People
  • Process
  • Technology
  • Physical




Coffee break




Assignment: conduct a mock audit




Audit Findings
Documenting and Presenting Findings of Audit
How to rate a finding
Items to include in the report to support your findings




End of the GDPR Audit Course

Course venue
European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE, Maastricht
the Netherlands

Programme Organiser
Ms Eveline Hermens
Tel.: + 31 43 3296259

The fee includes documentation and refreshments. Lunches, a reception or dinner are included if mentioned in the programme. Accommodation and travel costs are at the expense of the participants or their administration.

EIPA offers a 10% discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Lunches and the reception will be served at a restaurant in town. Special dietary requirements (e.g. vegetarian, diabetic) can be indicated once you receive the confirmation of the seminar.

Hotel reservations
EIPA has special price arrangements with a number of hotels. All hotels are within 10 minutes walking distance from EIPA. Should you wish to make use of this possibility, please book directly via the links below. Payment is to be made directly and personally to the hotel upon checking out. At the time of booking, please mention in the requested field the EIPA project number for your course.

Confirmation of registration will be forwarded to participants on receipt of the completed online registration form.

Prior payment is a condition for participation.

Cancellation policy
For administrative reasons you will be charged €150 for cancellations received within 15 days before the activity begins. There is no charge for qualified substitute participants.

EIPA reserves the right to cancel the activity up to 2 weeks before the starting date. In that case, registration fees received will be fully reimbursed. EIPA accepts no responsibility for any costs incurred (travel, accommodation, etc.). 

3 reviews for GDPR and How to Conduct a Data Protection Audit

  1. Rated 4 out of 5

    Marios Theophanous

    This was a very constructive and useful course.
    It helps Auditors to acquire a general knowledge of the GDPR and how they can exercise internal audit on one business.
    It helps the DPOs to consider GDPR from a different perspective and, on one hand, how to exercise internal control within the scope of their duties to monitor compliance with the GDPR, on the other hand, how to approach the issues of auditing and staff involved in their business.
    Concerning the organization of the seminar, it was excellent.

  2. Rated 5 out of 5

    Jean-Pierre Heymans (verified owner)

    Very interesting 2-day course . Content very helpful for all DPOs in planning and executing Data Protection Audits

  3. Rated 5 out of 5


    An useful introduction to the future of checking the compliance with the data protection legislation.

Add a review

Your email address will not be published. Required fields are marked *