DPO Masterclass

DPO Masterclass



This 3-day course provides a comprehensive practical overview of the Data Protection Officer – not only the first significant statutory company officer to be created in centuries, but by far the most onerous of all.

Through a practical course for non-lawyers, this course is delivered only by qualified data protection lawyers with court litigation experience.

In the course you’ll learn what it means in law to be a DPO. You’ll learn the methodology of how to approach the office as the law changes underneath your feet. You’ll discover a number of the analytical techniques required to perform the job, including how quantitatively to measure your own and your enterprise’s GDPR compliance and to quantify its mirror image, GDPR financial risk. And you’ll practice your new learning with practical class exercises, creation of processing records, analysis of consequences including context-specific subject right implementations. and production of processing-specific Notices and statutory High Risk Testing. Finally you’ll see examples of the legal cases that law firms representing your data subjects might draft against your chosen solutions.

There are special sections devoted to Brexit (all scenarios), and how to handle the Merger and Acquisition risks associated with the office of DPO.

At the end of this course you demonstrably will have acquired theoretical and practical knowledge of how to create solutions to the privacy issues that affect virtually every business.

Ideal for

  • Students
  • Professionals
  • Those who wish to understand, aspire to, or prepare for entry to the DPO office
  • Existing DPOs (or lawyers performing Continuing Professional Development) wishing to update themselves on law and associated techniques
  • Staff who work with DPOs
  • Board Directors who are considering Mergers and Acquisitions and/or tasked with DPO oversight
  • Senior executives (including the Board of Directors/Commissioners, Audit Committee and the Risk Management Committee)

What you'll get

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material

Learning objectives

  • Understand how GDPR concepts fit into the legal context
  • Appreciate how DPO concepts fit into the GDPR
  • Translate GDPR legal concepts to practical requirements
  • Justify DPO appointment and especially non-appointment
  • Identify content/breadth/depth of DPO skills against statutory abilities
  • Discover how DPOs personally can and have triggered GDPR breach
  • Understand where DPO liability falls
  • Identify/avoid/mitigate GDPR breach arising from the DPO
  • Assess GDPR compliance of a DPO advertisement, Notices, etc
  • Understanding Supervisors and Phone a Friend
  • Assess current enterprise compliance
  • Understand how to report to the Board
  • Align enterprise and Group governance strategy to the GDPR
  • Appreciate and solve DPO-connected Merger and Acquisition ‘deal-killers’


Part 1 – GDPR Theory Refresher

  • Introduction
  • Brief coverage of all non-DPO examinable material
  • Brexit and the three types of jurisdictions
  • Brief class exercises on interdependent GDPR concepts

Part 2 – DPO Theory

  • Basic Concepts
  • Appointment tests
  • Appointment and GDPR breach
  • Non-appointment and GDPR breach
  • External versus Non-external
  • M&A – GDPR Pitfalls in General
  • M&A – DPO-specific Pitfalls
  • Meaning of Breach
  • Notices and Breach
  • Legal case study on Notice

Part 3 – DPO Compliance Methodology in Practice

  • Class exercises against case studies, illustrating theory

Part 4 –Practicing DPO Compliance Skills

  • Processing Records Case study
  • Delegate creation of privacy metadata
  • Delegate creation of Notifications
  • Delegate creation of High Risk Tests (DPIA prerequisite)
  • Generation of legal risk assessments
  • Generation of quantified financial risk assessments


  • 40 multiple choice questions
  • 50% pass rate required
  •  1 hour in duration
  • closed book
  • on-line
  • on-site exam