0800 435 772

The Role of the Data Protection Officer under GDPR

New Full-day course

£ 329 +VAT per person

£329 +VAT
per person

This course can be presented in-house at your premises. You can find out more about our in-house training here.

If you would like to make an enquiry simply fill in the quick contact form below and a member of our in­house team will be in touch shortly.

Fields marked with an * are mandatory

Home > Courses > The Role of the Data Protection Officer under GDPR

The Role of the Data Protection Officer under GDPR

Full-day course

Course prices:

Classroom: £329 +VAT per person

Course overview

One of the least understood aspects of the new EU General Data Protection Regulation (GDPR) is the mandatory requirement for many organisations to appoint a Data Protection Officer (DPO). There are very specific rules regarding the role and the requirement applies to many more organisations than originally thought.

During this practical and comprehensive full-day course, our expert presenter will explain everything you need to know about the DPO requirements and how they apply to your organisation. The course will also clearly explain where the DPO should fit in the organisational structure, what you need to consider when appointing and the duties of the DPO as set out in the GDPR.

The presenter will also take the opportunity to demonstrate the use of different tools and techniques that can help the designated DPO to undertake detailed data mapping and data audit exercises.

What will you learn?

  • What are the key definitions under GDPR?
  • What are ‘special categories’ of personal data?
  • What is the background to the GDPR DPO requirement?
  • Which organisations must appoint a DPO?
  • What is defined as a Public Authority or body?
  • How can you decide whether the scale of data you handle is large enough to fall within scope?
  • Who can and who cannot act as a DPO?
  • What are the options for using an external consultant or agency as your DPO?
  • What support and protections must an organisation provide to their DPO?
  • What qualifications must a DPO hold?
  • What experience should a DPO have?
  • If you already have a DPO, how can you be sure they meet the minimum criteria set out by GDPR and can therefore legitimately continue in their role?
  • To whom should the DPO report and how do they fit into the organisational structure?
  • What are the DPO’s general responsibilities?
  • What are the DPO’s responsibilities in relation to data mapping and what techniques are available?
  • What is the DPO’s role in Data Protection Impact Assessments and how can these be established?
  • What are the rules around Records of Processing Activities?
  • What are the DPO’s specific responsibilities regarding training and education?
  • How can a DPO create a data protection culture?
  • What obligations does a DPO have to customers, clients or business partners?
  • What procedures need to be in place to effectively deal with Data Subject’s exercising their rights?
  • What does GDPR say about the relationship between the DPO and the Information Commissioner’s Office?
  • How should a DPO deal with requests from the ICO?
  • How might other duties of a DPO create a conflict of interest?
  • Who should be responsible for developing your organisation’s data protection policies and procedures?
  • What policies and procedures should an organisation have in place as a minimum requirement?
  • What are the DPO’s specific responsibilities regarding security and data audits?
  • What must a DPO do in the event of a data breach?
  • What are the new penalties for a data breach under GDPR?
  • What are the personal liabilities of the person holding the office of the DPO?

Who needs to appoint a DPO?

Under the GDPR, you must appoint a data protection officer (DPO) if you:

  • Are a public authority or body, including schools, academies, libraries, utility companies and many more
  • Carry out large scale processing that requires systematic monitoring of data subjects
  • Carry out large scale processing of sensitive data (such as health, religion or race) or data relating to criminal convictions and offences

Even if you do not fall under one of the above categories, you may still wish to appoint a DPO or data protection co-ordinator, as you are still required to ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.

You may find this article helpful if you are unsure about the legal position of your own organisation.

Who should attend?

This course will help those who aspire to the role of DPO as well as those who need to understand why and how they should recruit a DPO for their organisation.

Extra benefits

  • course pack containing the information presented on the day
  • certificate of attendance
  • Complimentary refreshments and lunch provided

Course presenters

  • Peter Blenkinsopp

    Peter is a highly qualified privacy professional with a background in law, technology and business.  He has helped many organisations across the globe to successfully deliver business change within heavily regulated environments.  He runs his own consultancy practice specialising in helping companies achieve data privacy compliance. He holds an LL.B and LL.M along with professional certifications from the International Association of Privacy Professionals (IAPP).

Course dates