GDPR Masterclass

GDPR Masterclass



This 3-day course provides a comprehensive practical overview of the General Data Protection Regulation [(EU) 2016/679]. As a practitioner course, you’ll study the regulation itself, including GDPR basics and risk management.

You’ll also study GDPR’s relationship to current data protection and privacy legislation in Europe and elsewhere and learn the multi-jurisdictional consequences for the collection, retention and processing of Personal Data.

Rather than learning “by rote”, you’ll learn how to interpret and apply the GDPR to practical situations. So this is a “deep dive”. For example you’ll appreciate from a recent case why choosing the correct legal basis for personal data processing is fundamental to avoid a “cascade” of many other breaches; the logical and practical connections of “monitoring” and “profiling”, and why this typically is misunderstood by lawyers and business alike; why recruiting DPOs like other employment candidates necessarily assumes substantial risk; and the pros and cons of the international transfer regimes.

Recent additions to the course include practical examples of fines and the reasoning behind them; the differing effects of Brexit on GDPR compliance, depending on whether you are a UK an EU, or a third-country enterprise; why the GDPR cannot be affected by whatever trade deals entered into by the UK, or not; why many national enactments of opt-outs (including the UK’s post-Brexit) will fail; and how the risks of data trade war with the USA have played out in Court.

Finally you’ll discover what the integrated Personal Data environment would look like in your organisation. You’ll then be able to develop, integrate and manage the changes required by GDPR in your organisation’s governance, business and data processing.

Ideal for

  • Senior executives responsible for process and governance
  • Contractors wishing to capitalise on this new area of process
  • Governance, risk and compliance (GRC) practitioners
  • Lawyers wishing to understand the whole context of GDPR
  • Data privacy, security and compliance consultants
  • Auditors, risk and compliance practitioners

What you'll get

  • GDPR workshop material
  • Supplementary documentation
  • Links to the GDPR and other relevant material

Learning objectives

  • Understand how GDPR concepts fit into the legal context
  • Overview of legal systems and their interrelationships
  • Embedding GDPR within organisations under common law, civil law and other legal systems
  • Major required changes in corporate governance standards and processes
  • Subtle effects of ‘Big Data’
  • How to succeed under the self-reporting model of GDPR


  • Foundations of Modern Privacy Law
  • GDPR Basics
  • Personal Data and Consent: the six pathways to lawful business models
  • Key Data Subject Rights
  • Monitoring, Profiling, IT, the business, the GDPR, and case law
  • Key Controller Obligations – principles, “tick-boxes”, pseudo-rights, etc.
  • Exemptions, Member State Opt-outs
  • Risk Management and the EU Data Protection Officer – who, what, why, how?
  • International Transfers / Adequacy Regimes – BCRs, SCCs, Privacy Shield
  • Non-compliance – the new legal and technological routes to legal enforcement
  • GDPR’s new legal defences against Foreign Governments
  • Effect of Brexit on the GDPR – and vice versa
  • Business Impacts: Security, Cloud, out-sourcing / Data Processors, IoT, Big Data
  • Next Steps – practical enterprise approaches to GDPR compliance
  • PIAs, BCRs, Enterprise Privacy Architecture basics
  • Project / Privacy Office Organisation and Workflow Management
  • Information Architecture, Data Mapping, and Privacy Dataflow Mapping
  • Enterprise Privacy Architecture as metadata
  • Multi-jurisdictional Legal Architecture
  • Automated Privacy Impact Assessment as core Project Initiation subprocess
  • The Future: Embedding Transactional EPA Metadata into Operational Systems


  • 40 multiple choice questions
  • 50% pass rate required
  • 1 hour in duration
  • Closed book
  • On-line
  • On-site exam


  • Only the written content of the slide modules will be examined
  • You will be given Practice Exam Questions both within the body of the instruction and as self-study aid
  • The exam is ‘open book’ and you will be provided with a printed copy of the Recitals and Articles of the GDPR
  • The language of the exam and supporting materials is English (United Kingdom)