GDPR Internal Auditor Course

The General Data Protection Regulation (EU) 2016/679 ("GDPR") was adopted on April 2016 and became enforceable beginning on the 25th of May 2018. The Regulation aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR analyses the principles of, and rules on the protection of natural persons with regard to the processing of their personal data. In terms of personal data protection management, internal audits help organizations to detect and prevent issues, test internal control, and monitor compliance with the GDPR .


Acquire the necessary skills and knowledge towards GDPR compliance.

Expand your ability to effectively conduct internal audits and train your company’s auditors to meet the requirements of the General Data Protection Regulation with our GDPR Internal Auditor training course.


Aims & Objectives
  • Identify the key requirements of General Data Protection Regulation
  • Familiarize with the rights of data subjects and their relevance in daily life
  • Application of compliance mechanisms
  • Cover the rules regarding international data transfers under the GDPR
  • Show how to audit GDPR as a data protection management system
  • Interpret GDPR requirements for internal audit application
  • Provide the latest internal auditor techniques and identify appropriate use


Learning Outcomes

Having successfully completed this course you will be able to:

  • Demonstrate knowledge on the principles, roles, responsibilities and processes under the Regulation
  • Demonstrate understanding on the obligations of data controllers and processors
  • Protect your rights as data subject and personal data from unlawful processing
  • Apply control measures and compliance mechanisms
  • Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act, and the 7 management principles
  • Enhance skills to conduct effective audits in any auditing situation
  • Identify easier opportunities to improve the Data Protection of your company
  • Plan, conduct, report and follow up an internal audit in accordance with the GDPR
  • Understand the role of an auditor to plan, conduct, report and follow up an audit in accordance with the GDPR
  • Establish and plan the activities of an audit team
  • Communicate effectively with the auditee and audit client
  • Organise and direct audit team members


Who should attend?
  • Any company, big or small, which processes personal data within the EU
  • Company executives
  • Management representatives
  • HR and IT directors
  • External appointed auditors
  • Company internal auditors
  • Anyone who wishes to understand the GDPR audits and application


Prerequisite skills & knowledge: None required


Available in-house/distant learning? Yes


Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab


Part A:
Introduction to the General Data Protection Regulation
  • General Data Protection Regulation
  • Definitions
  • Why is the GDPR necessary?
Regulations’ analysis
  • Personal Data
  • Controller
  • Processor
  • Principles relating to processing of personal data
Lawfulness of Processing
  • Conditions for Lawful Processing
  • Conditions for consent
  • Processing which does not require identification
Codes of Conduct and Certification
  • Codes of conduct
  • Monitoring of approved codes of conduct
  • Certification
  • Certification bodies
Transfers of personal data to third countries or international organisations
  • General principle for transfers
  • Transfers on the basis of an adequacy decision
  • Transfers subject to appropriate safeguards
  • Binding corporate rules
  • Transfers or disclosures not authorized by Union law
  • Derogations for specific situations
Remedies, liability and penalties
  • Right to lodge a complaint with a supervisory authority
  • Right to an effective judicial remedy against a supervisory authority
  • Right to an effective judicial remedy against a controller or processor
  • Representation of data subjects
  • Right to compensation and liability
  • General conditions for imposing administrative fines
  • Penalties


Part B:
Security of personal data
  • Security of processing
  • Notification of a personal data breach to the supervisory authority
  • Communication of a personal data breach to the data subject
  • Personal Data Hazards
  • Dealing with hazards
  • Information Security Management Systems - ISO 27001
Data Protection Officer (DPO)
  • Designation of the data protection officer
  • Position of the data protection officer
  • Tasks of the data protection officer (DPO)
  • Data protection officer’s skills and education
  • Data protection officer and conflict of interests
  • Internal or external DPO?
GDPR as a Personal Data Protection Management System
  • Data Protection Management System
  • Basic Procedures of a Data Protection Management System
  • Supportive Procedures of a Data Protection Management System


Part C:
The audit
  • What is an audit?
  • Why Audit?
  • Audit Types
Internal Audit
  • Principles of auditing
  • Scheduled and unscheduled Audits
  • What to Audit – Technical Audit
  • Steps involved in internal audit
  • Scope of audit
  • Frequency of audit
  • Internal Audit process
Audit Steps
  • Performing audit activities
  • Audit Plan
  • Developing Checklists
  • Opening Meeting
  • Conducting the Audit
  • Recording Results
  • Non-Conformities & Non-Compliances
  • Closing Meeting (s)
  • Audit Report
  • Audit Follow-up Activities
Audit Programme
  • Establishing the Audit programme objectives
  • Identifying and evaluating audit programme risks
  • Process flow for the management of an audit programme
  • Managing an audit programme
  • Audit programme Implementation
Audit tips & techniques
  • Tips to trained internal auditor
  • Question Technique
  • Competence of the audit programme manager
Auditor’s Performance
  • Auditor’s Quality
  • The Auditors conduct
  • Auditor’s Code of Conduct
  • Auditor Characteristics
  • Auditor's personal behavior
  • Auditee’s conduct
  • Audit team leader skills
  • How to evaluate an Auditor


Exam & Certification
  • Exam on General Data Protection Regulation (GDPR) Internal Auditor
  • “General Data Protection Regulation (GDPR) Internal Auditor” Certificate
Teaching Methods
  • Detailed seminar presentations (available for download)
  • No. of slides: 277


  • Reading lists and resources available in presentations


Study time allocation
  • Private study hours: 33
  • Trainer contact hours: Availability and competence of instructors upon request
  • Enrollment duration: 90 days (from the date of purchase)
  • CPD Points: 33
  • ECTS/ECVET Points: 1.1


Assessment methods


% contribution to final mark

% Minimum passing grade

Exam on General Data Protection Regulation (GDPR) Internal Auditor





Upon successful completion of the course assessment, participants will be issued with a ‘Certificate of Success’.



   100% Online course
   CPD Accredited eCertificate – Global acceptance
   Downloadable course material
   E-learning Mobile App
   Enrolment: 3 months
   Flexible schedule
   Language: English

170,00 € each

© Copyright LiberoGroup  All rights reserved.