GDPR Lead Auditor Course

The General Data Protection Regulation (EU) 2016/679 ("GDPR") was adopted on April 2016 and is now in force since the 25th of May 2018. The Regulation aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR is an important tool to assist organizations to enhance their performance, increase customer satisfaction and acquire a competitive advantage.


Acquire the necessary skills and knowledge in order to be GDPR compliant.

Gain the knowledge and skills to audit a company’s Personal Data Protection Management System with our GDPR Lead Auditor training course.




Aims & Objectives
  • Identify the key requirements of General Data Protection Regulation
  • Familiarize with the rights of data subjects and their relevance in daily life
  • Application of compliance mechanisms
  • Cover the rules regarding international data transfers under the GDPR
  • Show how to audit GDPR as a data protection management system
  • Interpret GDPR requirements for audit application
  • Provide the latest lead auditor techniques and identify appropriate use


Learning Outcomes

Having successfully completed this course you will be able to:

  • Demonstrate knowledge on the principles, roles, responsibilities and processes under the Regulation
  • Know how to prepare your company to be GDPR compliant
  • Demonstrate knowledge on the obligations of data controllers and processors
  • Protect your rights as data subject and personal data from unlawful processing
  • Apply control measures and compliance mechanisms
  • Grasp the main concepts such as risk-based thinking, process approach, Plan-Do-Check-Act, and the 7 management principles
  • Gain the skills to plan, conduct, report and follow up an audit in accordance with GDPR
  • Explain the role of an auditor to plan, conduct, report and follow up an audit in accordance with GDPR
  • Conduct effective audits in any auditing situation
  • Establish and plan the activities of an audit team
  • Communicate effectively with the auditee and audit client
  • Organise and direct audit team members
  • Prepare and complete the audit report
  • Use remote auditing methods


Who should attend?
  • Any company, big or small, which processes personal data within the EU
  • Company executives
  • HR and IT directors
  • Appointed auditors
  • Anyone who wishes to understand the GDPR audits and application
  • Anyone involved in the planning, implementing, maintaining, supervising, or auditing of a Personal Data Protection Management System
  • Anyone interested in Personal Data Protection Management Systems


Prerequisite skills & knowledge: None required


Available in-house/distant learning? Yes


Created by: LiberoAssurance Continuous Professional Development Training Centre Level 1 - Accredited by Univab


Part A:
Introduction to the General Data Protection Regulation
  • General Data Protection Regulation
  • Definitions
  • Why is the GDPR necessary?
Regulations’ analysis
  • Personal Data
  • Controller
  • Processor
  • Principles relating to processing of personal data
Lawfulness of Processing
  • Conditions for Lawful Processing
  • Conditions for consent
  • Processing which does not require identification
Codes of Conduct and Certification
  • Codes of conduct
  • Monitoring of approved codes of conduct
  • Certification
  • Certification bodies
Transfers of personal data to third countries or international organisations
  • General principle for transfers
  • Transfers on the basis of an adequacy decision
  • Transfers subject to appropriate safeguards
  • Binding corporate rules
  • Transfers or disclosures not authorized by Union law
  • Derogations for specific situations
Remedies, liability and penalties
  • Right to lodge a complaint with a supervisory authority
  • Right to an effective judicial remedy against a supervisory authority
  • Right to an effective judicial remedy against a controller or processor
  • Representation of data subjects
  • Right to compensation and liability
  • General conditions for imposing administrative fines
  • Penalties


Part B:
Security of personal data
  • Security of processing
  • Notification of a personal data breach to the supervisory authority
  • Communication of a personal data breach to the data subject
  • Personal Data Hazards
  • Dealing with hazards
  • Information Security Management Systems - ISO 27001
Data Protection Officer (DPO)
  • Designation of the data protection officer
  • Position of the data protection officer
  • Tasks of the data protection officer (DPO)
  • Data protection officer’s skills and education
  • Data protection officer and conflict of interests
  • Internal or external DPO?
GDPR as a Personal Data Protection Management System
  • Data Protection Management System
  • Basic Procedures of a Data Protection Management System
  • Supportive Procedures of a Data Protection Management System


Part C:
The audit
  • What is an audit?
  • Why Audit?
  • Audit Types
Audit Steps
  • Audit Plan
  • Developing Checklists
  • Opening Meeting
  • Conducting the Audit
  • Closing Meeting
  • Audit Report
  • Audit Follow-up Activities
Audit Programme
  • Establishing the Audit programme objectives
  • Identifying and evaluating audit programme risks and opportunities
  • Process flow for the management of an audit programme
  • Managing an audit programme
  • Audit programme Implementation
  • Process of collecting and verifying information
  • Monitoring audit programme
  • Improving audit programme
Accreditation & Certification
  • Accreditation & Certification Bodies
  • Certification Process
Auditor’s Performance
  • Auditor’s Quality
  • The Auditors conduct
  • Auditor’s Code Conduct
  • Auditor Characteristics
  • Auditor's personal behavior
  • Auditee’s conduct
  • Selecting the audit team members
  • Skills of audit team leaders
  • How to evaluate an Auditor
  • Maintaining and improving auditor competence
Psychological factors during an audit
  • Attitudes and relationships
  • Obstacles & communication
  • Space & Time issues
  • Body language
  • Cultural factors
  • Principles of Listening
  • Questions & questioning
Audit tips & techniques
  • Tips to trained internal auditor
  • Question Technique
  • Competence of the audit programme manager


Exam & Certification
  • Exam on General Data Protection Regulation (GDPR) Lead Auditor
  • “General Data Protection Regulation (GDPR) Lead Auditor” Certificate
Teaching Methods
  • Detailed seminar presentations (available for download)
  • No. of slides: 289


  • Reading lists and resources available in presentations


Study time allocation
  • Private study hours: 34
  • Trainer contact hours: Availability and competence of instructors upon request
  • Enrollment duration: 90 days (from the date of purchase)
  • CPD Points: 34
  • ECTS/ECVET Points: 1.1


Assessment methods


% contribution to final mark

% Minimum passing grade

Exam on General Data Protection Regulation (GDPR) Lead Auditor





Upon successful completion of the course assessment, participants will be issued with a ‘Certificate of Success’.





   100% Online course
   CPD Accredited eCertificate – Global acceptance
   Downloadable course material
   E-learning Mobile App
   Enrolment: 3 months
   Flexible schedule
   Language: English

195,00 € each

© Copyright LiberoGroup  All rights reserved.