Data Protection Practitioner

This certificate is aimed at professionals who are or expect to become involved in data protection, such as:

• Privacy officers
• Data protection officers
• Security consultants / officers

Finally, this certificate is intended to be an important career milestone for privacy and data protection professionals, as it constitutes the second level of a complete and extensive Certified Privacy & Data Protection Officer certification track. Achieving the Privacy & Data Protection Practitioner certificate provides candidates with a solid knowledge to advance their career path to become a Data protection or Privacy Officer. The Expert level of this certification track is currently under development.

A theoretical framework provides practical insight into the way in which your organization can organize its processes and roles in such a way that the requirements set by law and regulations are met. After this course you can advise process and project managers on what they can do best to deal with privacy and data in a “neat” way. 

In addition, in your role as DPO you can act as a discussion partner for the various (management) layers within your organization and for third parties outside your organization.

Module 1 - Strategic Considerations

Learning objectives:

• Candidates understand how to translate the goals and needs of the organization into a vision on handling personal data
• Candidates are able to transform this vision into an effective implementation strategy
• Candidates are able to define data protection principles and develop a data protection policy to support and govern the execution of the strategy
• Candidates understand the importance of creating a data inventory and the principles guiding the creation of such an inventory
• Candidate understand the (possible) need for a published privacy notice and the implications thereof

 

Module 2 - Impact and Risk Assessment

Learning objectives:

• Candidates understand the concepts of a DPIA
• Candidates are able to perform a (basic) DPIA
• Candidates understand the concepts of risk management and risk assessment
• Candidates are able to identify threats to data protection and effective measures to mitigate the resulting risks
• Candidates are able to perform a (basic) risk analysis related to data protection
• Candidates are able to define data protection requirements based on policy and the outcome of the DPIA for business processes, the internal organization, and the technology used by the organization (both internally and outsourced)

 

Module 3 - Operations

Learning objectives:

• Candidates understand the impact of data protection on regular operations
• Candidates know the specific requirements of laws and regulations (in this case the GDPR in particular)
• Candidates are able to incorporate data protection requirements in new and existing procedures in a pragmatic but effective manner
• Candidates know what is required and / or allowed when it comes to upholding policies, laws and regulations in an organization

 

Module 4 - Design and Implementation

Learning objectives:

• Candidates know what technological tools are available to support data protection, without having to understand the details of how exactly they work
• Candidates should have a basic understanding of how to implement PET and, in particular, cryptography
• Candidates understand the concepts of privacy by design / default
• Candidates are able to translate privacy by design / default to practical policies and procedures
• Candidate know how awareness works and demonstrate knowledge of instilling and enhancing awareness in an organization
• Candidates are able to define generic data protection requirements for projects

 

Module 5 - Governance

Learning objectives:

• Candidates understand what data is needed for reporting that supports good governance and decision-making
• Candidates are able to translate the concept of management systems to a Data Protection Management System (DPMS)
• Candidates are able to prepare for an (external) audit on compliance to the GDPR
• Candidates are able to define and implement a basic 3rd-party assurance process

Basic knowledge of privacy and / or data protection is recommended. If you do not yet have this, we recommend that you first take the Privacy & Data Protection Foundation entry- level course prior to this course  . The level of this course is MBO / HBO.