GDPR Data Privacy Manager


Intensive course GDPR DPM (Data Privacy Manager). How to implement GDPR in practice and organize the work of the project team.


⚡ 3 times a week

⚡ Online (Zoom)

⚡ 180 minutes/session


Dear colleagues, do you know these problems?


  1. You took the DPP course, but there were no real changes after the training. You don't know what work tools to use or how to convince your colleagues to make changes. You are afraid to act, because you think that you still don't know something or don't know how, and the price of error is high.
  2. Some steps have already been taken to implement the GDPR, but the work has not been completed and the enthusiasm has disappeared. The practices that you have implemented are not fixed. For example, the treatment register was created once and has not been updated for a year. Many instructions and policies remain on paper and do not translate into real life.
  3. You are aware that you are violating the rules for personal data protection, but you don't have enough time and human resources, power and support of management. Or the company is in chaos (the so-called “startup culture”), and you need order to comply with the regulations. As a result, the resources invested in GDPR training are wasted.
  4. You are concerned about the release of ISO 27701 and realize that soon your competitors may have a certification that you don't have.
  5. You are think for carefully working with your customers' personal data. But you have the feeling that the boss doesn't hear you or appreciate your ideas, and you don't have enough power and influence to make a real difference?


All these problems can be solved by taking our DPM course (Data Privacy Manager).

Trained by us


🗹 You will learn to apply the knowledge gained in the GDPR DPP course with confidence.


You don't need a lot of power and influence in order for the practices you implement to take root and become regular. You should not try to force people to protect their personal data. But you don't need to wait for the written GDPR instructions to start executing themselves.

On the GDPR DPP course, we reviewed the rules. The DPM course is about creating conditions, circumstances, and procedures that will help your colleagues follow the rules more easily and naturally.

The DPM course will help you master practical tools or remember the tools you already have. You will start using the same frameworks and tools (Nymity accountability framework) that we use in working with our corporate clients to bring their organizations into compliance.


🗹 You will be one of the first to understand ISO27701 and be able to meet the requirements of this standard.


For many years, our company has worked with the Nymity accountability framework and helped many companies, but the use of this framework will never serve as an official confirmation of compliance with the Regulations. This is despite the fact that it has a lot of working tools (scorecards, workbooks) that have been developed over the 15 years of this framework's existence.

ISO 27701, which is an add-on to the ISO 27001 information security management standard, is much more likely to become an official confirmation under article 42 of the GDPR.

This is a new document that few people are familiar with yet and that is difficult to apply in practice, since no tools have yet been developed for it. There is only ISO text, but no working files, templates, or algorithms.

We have solved this problem. We took the content from ISO27701 and moved it to the effective working tools that are available in Nymity. This is why you will get our unique two-in-one model for the first time in the DPM course: learn the standard and get working tools to implement it.


🗹 You will feel more confident and inspired to complete the process.


You will learn how to create a plan and matrix of responsibilities, and evaluate resources for their implementation.

After all, perhaps the company's management doesn't accept your ideas because they are bad. It simply did 't see a clear plan of action and didn't understand the amount of resources required. Or what you offer is unprofitable for business or seems too labor-intensive and expensive.

To avoid this, it is better to first diagnose the current situation and “prescribe treatment” based on what is most relevant for your business now. In the DPM course, you will master the diagnostic method and will be able to correctly prioritize the most effective measures.

Management will take you more seriously if you come with more than just an idea, but have a well-developed plan and are ready to take leadership and responsibility for its implementation.

For whom?


For employees of the company who are responsible for organizing the protection of personal data, in particular, for:

  1. DPOs (Data Protection Officers).
  2. Head of information security, legal or compliance departments.
  3. Line and project managers. 

Our advantage


dpo Our company doesn't just offer separate GDPR services, but provides a complete Roadmap (implementation roadmap) and guides companies through all steps of implementing GDPR requirements.


dpo During the course, we provide not just theory, but also real-world cases, practical examples, and best practices from our GDPR Roadmap+ experience in companies of various sizes (from startups to international corporations), industries (from IT and FinTech to manufacturing), and maturity levels.

After the course you will:

  1. You can organize processes within the company according to ISO27701. This will give you unique competencies and give your company a marketing advantage. This means that you will stand out from the competition and will be able to get more orders and loyal customers.
  2. Previous investments (including training and practical steps) will not be in vain, and the initiatives started in the company will lead to results and multiply.

  3. Instead of independently searching for methods, trial and error, you will get a ready-made algorithm of actions in 4 days. This is not the only way to reach the goal, but you will know it well. After all, as they say, the fastest road is the road that you know well.

  4. If this is your first experience with standards or frameworks, or if you feel that your knowledge is fragmented and this prevents you from using them, then we will learn how to apply them in practice. All this system will be reflected in the clear schemes that our coach Siarhei Varankevich is famous for. And in the future, looking at them, it will be easy for you to navigate what to do and how.

  5. You will be able to organize the work on personal data protection so that it does not be only on paper, but also implemented at the level of specific actions and processes.

  6. Stop worrying that someone will find a discrepancy between what you have written on paper and what is happening in reality.

  7. You will stop feeling that you are not being heard or taken seriously by your recommendations. You will feel the significance of your contribution and satisfaction with the results.

  8. You will be able to put your work with personal data in order, and thus not only comply with the Regulations, but also speed up business processes, increase efficiency, and protect the company and customers from risks.

  9. When you have a clear understanding of what to do and have all the tools you need, it will give you more inspiration and motivation. This will make it easier to engage other employees and get support from management.

  10. The DPM certificate is a recognition of your higher level of competence in the field of personal data protection. And when you can launch a working system in your company and really come to compliance, it will really set you apart from your competitors, who still remain only at the level of documents and instructions that no one follows.

  11. This training will make you a unique specialist in the labor market, who can choose the company and conditions for work.

At the end of the course, you will be able to organize the work of the project team to implement GDPR, create and maintain a full-fledged personal data protection system, and bring your company to compliance with the regulations.


After the course you can answer the following questions

privacy student
What systems and processes are necessary to implement in order to comply with the GDPR?
How to find the necessary resources?
privacy student
privacy student
How to put a project team together?
What measures should you take in the first place?
privacy student
privacy student
How to assess the effectiveness of the project team and the process of implementing the GDPR?

The schedule:

Siarhei Varankevich
Open format
24 October - 9 November 15:00-18:00
900 EUR


Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

On LinkedIn


Standards and frameworks
Implementation of the accountability principle of the GDPR
Overview of the ISO27K Standards
ISO 27001 and ISO 27701
Nymity Privacy Management Accountability Framework
NIST Privacy Framework
AICPA/CICA Privacy Maturity Model
Management system and its context
Analysis of information assets, business needs, and regulatory and contractual requirements
Organizational entity dealing with data protection
Needs and expectations of stakeholders
Scope of privacy programme
Governance models of privacy programme
Planning and management
Nymity Accountability Status Workbook
Nymity Data Privacy Accountability Scorecard
Assessment and treatment of the data privacy risks
Selection and implementation of controls
Internal policies
Policy types
Organizational roles, responsibilities and authorities
Support of management and other stakeholders
Role and Responsibility Matrix for GDPR implementation
Distribution of responsibilities with RACI Chart
Privacy Team
Data Protection Officer
Processes and procedures
Process approach
Maintaining the records of processing activities (Data register) under the GDPR
Conducting Data Protection Impact Assessment (DPIA)
Assessing vendors
Processing requests from personal data subjects (DSARs)
Data breach notification
Measures and controls of ISO 27701
Conditions for collection and processing
Obligations to data subjects
Privacy by design and privacy by default
Sharing, transfer and disclosure of personal data
Determination of the necessary resources and their allocation
Acquisition and maintenance of competencies
Raising Awareness
Internal communication
External communication
Performance evaluation and improvement
Monitoring, measurement, analysis and evaluation
Audits, their stages and types
Nonconformity and corrective action

Training format

4 full training days lasting 8 academic hours
Real cases and additional materials
GDPR DPM certificate

Certificate on completion

Attachment to certificate include the course program. Training is an organizational measure, and is a duty reflected in the General Data Protection Regulation, Articles 24, 25, 28, 32, and 39

DPM (пример сертификата)



    The course is loading, wait a few seconds