0800 435 772

The Role of the Data Protection Officer (DPO)

6-hour course  |  6 CPD hours

£329 +VAT per person

This course can be presented in-house at your premises. You can find out more about our in-house training here.

If you would like to make an enquiry simply fill in the quick contact form below and a member of our in­house team will be in touch shortly.

Fields marked with an * are mandatory

Home > > The Role of the Data Protection Officer (DPO)

The Role of the Data Protection Officer (DPO)

6-hour course

Course overview

The law sets out specific responsibilities and obligations for the DPO and the organisation and it is important that these are understood by all. During this practical and comprehensive full-day course, our expert presenter will explain everything you need to know about the DPO requirements and how they apply to your organisation.

The course will define which organisations must appoint a DPO, where they fit in the organisational structure and what needs to be considered when recruiting for the role. It will clearly explain the statutory duties set out in the GDPR and will guide you through the best practice principles, not just for the DPO but for anyone acting as the data protection lead in their organisation.

Our presenter will also demonstrate how to produce a Data Flow Map and how to conduct a Data Protection Impact Assessment. The course is illustrated with practical, real-world examples and exercises that help to demonstrate how a DPO should handle the numerous challenges associated with the role.

Who needs to appoint a DPO?

Since GDPR came fully into force in May 2018, privacy and data protection has become such an important issue that even organisations that are not mandated to appoint a statutory Data Protection Officer are choosing to adopt the role or create an equivalent position with a different title.

Under the GDPR, you must appoint a data protection officer (DPO) if you:

  • Are a public authority or body, including schools, academies, libraries, utility companies and many more
  • Carry out large scale processing that requires systematic monitoring of data subjects
  • Carry out large scale processing of sensitive data (such as health, religion or race) or data relating to criminal convictions and offences

Who should attend?

This course will help those who are new to the position of DPO as well as those who are experienced but need to know how the recent changes to the law affect the role. It will also benefit those acting as the data protection lead for their organisation, even if they are not legally required to appoint a DPO. This course will also help to inform anyone needing to recruit a DPO for their organisation or wishing to confirm that they are fully compliant with the mandatory GDPR requirements.

What will you learn?

  • Which organisations must appoint a DPO?
  • Should you appoint a DPO, even if you are not required to do so?
  • How can you decide whether the scale of data you handle is large enough to fall within scope?
  • How can you determine whether your data processing activities constitute ‘regular and systematic’ monitoring?
  • Which data processing activities are ‘core’ and ‘ancillary’ and why is it crucial to know the difference?
  • Who can and who cannot act as a DPO?
  • What support and protections must an organisation provide to their DPO?
  • What qualifications must a DPO hold?
  • What experience should a DPO have?
  • If you already have a DPO, how can you be sure they meet the minimum criteria set out by GDPR and can therefore legitimately continue in their role?
  • To whom should the DPO report and how do they fit into the organisational structure?
  • What are the DPO’s general responsibilities?
  • What are the DPO’s responsibilities in relation to data mapping and what techniques are available?
  • What is the DPO’s role in conducting Data Protection Impact Assessments?
  • What are the DPO’s specific responsibilities regarding training and education?
  • How can a DPO create a data protection culture?
  • What obligations does a DPO have to customers, clients or business partners?
  • What procedures need to be in place to effectively deal with Data Subject’s exercising their rights?
  • What does GDPR say about the relationship between the DPO and the Information Commissioner’s Office?
  • How should a DPO deal with requests from the ICO?
  • How might other duties of a DPO create a conflict of interest?
  • Who should be responsible for developing your organisation’s data protection policies and procedures?
  • What policies and procedures should an organisation have in place as a minimum requirement?
  • What are the DPO’s specific responsibilities regarding security and data audits?
  • What must a DPO do in the event of a data breach?
  • What are the new penalties for a data breach under GDPR?
  • What are the personal liabilities of the person holding the office of the DPO?

Extra benefits

  • course pack containing the information presented on the day
  • certificate of attendance
  • A DPO checklist to help you confirm your compliance with the GDPR requirements.
  • Complimentary refreshments and lunch provided