• Home
  • Technology

By Roland Costea, Cybersecurity & Privacy Leader

Build EU GDPR Data Protection & Privacy compliance from scratch (CIPT)

Language: English
All Levels

Course description

**** Updated**** 12+ hours of GDPR content and 61 templates !!!!

No prior GDPR knowledge is needed.

We have added new content related to GDPR for HR, GDPR for Cloud Service Providers, DPO role and how to initiate it, PSD 2 and GDPR relationship + more EXAMPLES

CIPT, CIPM and CIPP/E certification preparation in a complete learning plan

This is the 1st course in a 5 course series that will drive you to Data Privacy expert and will allow you to go for all IAPP certifications

Learn what GDPR regulation is and what is needed in order to achieve GDPR compliance.

The course starts with GDPR foundations, explains data privacy concepts and what GDPR compliance means and also offers documents, policies and procedures that can be reused and adapted for your own organization in order to start GDPR programme.

Part of the documents include GDPR assessment tool, GDPR Data Privacy Impact, GDPR Implementation Guide, GDPR Data Breach Procedure etc

Learn how to hire a DPO (Data Privacy Officer) and what are the needed skills for the job. Also learn how to initiate the role.

You will be able to analyze a company GDPR compliance programme and to think properly by step by step examples. You will be able to use our templates and provide step by step recommendations.

We have included new topics related to GDPR for HR, GDPR for Cloud Service Providers and the DPO role in an organization + how to initiate it.

The course is a complete A to Z GDPR training, so we will cover everything that you need to know.

In the end of the learning PATH, you will learn how to pass all IAPP certifications, CIPT, CIPM and CIPP/E, not only CIPT, by practicing on real questions!

Every report will end up with recommendations that usually involve technology that can solve GDPR challenges. In this way I will demonstrate some security concepts by using different cloud technologies and we will use Azure cloud as a matter of experiment for this course.

The course is delivered in a mix of over the shoulder lessons and powerpoint presentations. So, either I show you clicks on the screen and how exactly you do different actions, or I present you the full concept using slides. On top of that, you will get downloadable resources that will help you in your journey.

I strongly recommend that you go through every lecture one time and then go back to the beginning and start to take action – in this way everything will get much more sense.

As a student of this course, you will also get regular updates and access to new additional lectures as they are added.

Related Skills

Course overview - 130

  • Why start learning privacy with me

  • What is included in this course

  • Course Resources

  • Learning Plan

  • Evolving compliance requirements

  • Major risks to a company's IT framework

  • Application related RISKS

  • Network related RISKS

  • Storage related RISKS

  • Stakeholders expectations for privacy

  • Privacy vs Security

  • IT Governance vs Data Governance

  • The role of the IT professional & other stakeholders in preserving privacy

  • Privacy Foundational elements - Organizational Privacy Notice

  • Privacy Foundational elements - Organizational Privacy Policy

  • Privacy Foundational elements - Organizational Security Policies

  • Incident Response - Security and Privacy Perspectives

  • System Development Lifecycle and Enterprise Architecture

  • GDPR Privacy Impact Assessments (PIA)

  • Common Privacy Principles

  • The Collection Process - GDPR Notice

  • The Collection Process - Choice, Control & Consent

  • Other topics related to Collection

  • Use

  • Security Practices and Limitations on Use

  • Disclosure

  • Retention - Records, Limitations, Access

  • Retention - Security Considerations

  • Destruction

  • Identity and Access Management (IAM)

  • Limitations of Access Management & Least Privilege principle


  • Context of Authority

  • Cross Site Authentication & Authorization Models

  • Credit card information & Processing


  • Remote Access & BYOD - Privacy & Security Considerations

  • Remote Access & BYOD - Access to Computers & Architecture controls

  • Data Encryption - Design Considerations

  • Application, Record and Field Encryption

  • File & Disk Encryption

  • Encryption Regulation & Crypto Standards

  • Other Privacy enhancing Technologies

  • Software Notifications and Agreements

  • GDPR short intro

  • Format & Definitions

  • Principles

  • Lawfulness

  • Gap Assessment Tool

  • Management Commitment

  • Preparation Project Plan

  • GDPR_Roles

  • How to capture Personal Data in a Form

  • GDPR Privacy Data Protection Policy

  • Data Subject Request Procedure

  • Data Protection Impact Assessment (DPIA)

  • How to treat international transfers

  • Data Breach and Incident Response Procedure

  • ISO and GDPR

  • Privacy by design

  • Organizational Privacy Strategy for Social Media

  • Consumer Expectations

  • Children's Online Privacy

  • Social media - personal information collected

  • Social media - personal information shared and ownership

  • E-commerce personalization

  • Online Advertising

  • Key considerations when posting ADs on your website

  • Understanding cookies, beacons and other tracking technologies

  • Web Browser Privacy and Security Features

  • Wireless Technology - RFID

  • Wireless Technology - NFC, Bluetooth & WiFi

  • Location Based Services (LBS) - generalities

  • Location Based Services (LBS) - GPS

  • Location Based Services (LBS) - GIS

  • Surveillance of Individuals

  • Data surveillance & Biometric recognition

  • Data Protection & Direct Marketing

  • The concept of Direct marketing

  • The right to opt-out

  • Marketing Requirements under e-Privacy Directive

  • Postal Marketing

  • Telephone Marketing

  • Electronic Marketing

  • Location Based Marketing

  • Online Behavioral Advertising (OBA) and GDPR

  • Where do privacy &HR meet

  • More difficult to rely on Consent

  • Data Protection Principles from HR perspective

  • Consent, no longer an option for HR

  • Legitimate interests

  • Pseudonymisation

  • Cross Border HR Data Transfers under GDPR

  • Changes to employee data management under GDPR

  • DPOs and DPIAs from HR perspective

  • Data breaches and what to take away from that

  • Action Steps from HR perspective

  • HR related policies and procedures

  • Contracts of employment - what to look for

  • Data Protection Policy

  • GDPR terms and how they relate to recruiting

  • Map your recruiting data

  • Create a privacy policy for recruiting

  • Source candidates online with care

  • Ensure you job application process complies with GDPR

  • Ensure your software vendors are compliant

  • Looking at GDPR the right way

  • Controllers and Processors

  • CSP as a processor and GDPR

  • Technical and organisational measures

  • Subcontracting

  • Detailed impact on cloud contracts

  • Clauses between a processor and a sub-processor

  • Codes of conduct, certifications and compliance

  • Important steps to compliance

  • Choosing a hosting provider

  • What businesses need to do

  • Advices for CSPs and Software providers

  • GDPR and IoT approach

  • There is far more in this space

  • GDPR requirements in an IoT context

  • Robots, AI, IoT and BigData

  • Introduction - what you will going to see in this section

  • Identity Protection demo (AAD IP)

  • Privileged Identity Management demo (PIM)

  • Mobile Productivity policies demo (Intune)

  • Classification, Labelling and Protection of Information demo (AIP)

  • Cloud App visibility

  • Security in Cloud environemnts

  • ATP Incident Response

Learners who have already enrolled in this course

Meet your instructor

Roland Costea
Roland CosteaCybersecurity & Privacy Leader
CyberSecurity + Privacy Leader & Strategist with demonstrated experience in Leading Cybersecurity & Privacy Business Units, practices, divisions from zero to maturity with year over year quality growth and quota over-achievement (projects of more > 100 million euro/year).