The CIPP/E and CIPM courses have provided you with a good theoretical foundation in a short time. Now it's important to stay up-to-date!

For a privacy professional, it is essential to be able to apply the legislation practically. It is often still a challenge to translate theory into practice. It requires research and experience to make that translation. You can gain that experience in your daily work: learning by doing. But especially when it comes to the new and/or tightened requirements in the General Data Protection Regulation (GDPR), it is good to be well-prepared.

The GDPR requires, in some cases, the execution of data protection impact assessments for high-risk processing (better known as Privacy Impact Assessment, or PIA). This term encompasses all methods by which one can (in advance) map out how privacy is affected and where risks or other points of concern lie. You should not only conduct a PIA because the law requires it. After all, a PIA allows you to clearly and systematically identify privacy risks of a project at an early stage. Only then is it truly possible to apply other core principles from the regulation, such as privacy by design. This course provides you with a solid foundation to start working on this within your organization.

In the first part of the training, we will focus on the theory of privacy impact assessment. We will look at standard PIA models and risk analyses and work towards an assessment of whether a PIA needs to be conducted under the law at all. We will also examine the methods for conducting a PIA.

The second part of the training consists of several practical matters, depending on what participants bring in. Participants will work individually or in small groups. Options include designing your own PIA questionnaire, assessing existing PIAs, drafting PIA communication for implementation, or developing a risk analysis. You will be guided and assisted by our experienced trainer.