GDPR Data Privacy Professional

Data protection training for beginners delivered by CIPP/E, CIPM, CIPT, FIP certified trainer.


Date: January 17 - February 2

Open and corporate formats


English, Russian languages of instruction

Why should I choose this training?

  1. Intensive data protection course GDPR DPP has withstood the test of time and is still relevant to clients' needs. Why? We upgrade the course with new information, news and cases every month. We try to keep our students up to date. 
  2. More than 2000 graduates of the course have become DPOs and work in the UK, Germany, Lithuania, Latvia, Estonia and CIS. 
  1. The author and trainer of the course Siarhei Varankevich started his journey in the GDPR world in Germany. Now he is a Certified Information Privacy Professional/Europe (CIPP/E), Certified Information Privacy Manager (CIPM), CIPT (Certified Information Privacy Technologist) and IAPP Fellow of Information Privacy (FIP). 
  2. Our course is based on practice. Of course, you will learn theory but only using modern technologies like diagrams, flowcharts. Siarhei shares his own methodology with students. Key point of the course is practical knowledge. Together we will solve 32 cases from our clients and world-known corporations. 
  3. One man, no man. Making first steps alone in the privacy sphere can lead you to many mistakes and misunderstanding. Our course is recognized by our clients because of unique knowledge and strong network, which you can get. Once you are our student - forever our partner. All our students are invited in our virtual networking space where you can communicate with other experts, find answers to your questions, get exclusive offers and grow! 
  4. You don't need to have a legal or technical background! Do not be afraid if you are a beginner. Siarhei can explain everything in simple words and help you to go through difficult moment


Nevertheless, GDPR came into force in 2018, still there are lots of questions and not many qualified specialists that can protect companies from paying fines and data breaches. We are sure, you can find yourself in such questions: 


  • Do I make the right steps in data protection? 
  • Don’t I violate the Regulation? 
  • Why do clients request to delete data? 
  • Why was our app removed from the Google Play Market or the App Store? 

These and other situations are a sign that it is time to take the GDPR into consideration. Data privacy is a rather serious topic, any mistake can lead to millions in fines and lose a company's reputation. But only if the company does not have a professional who can manage the data and make business friendly for clients.  GDPR Data Privacy Professional course is not about separate pieces of information that you should learn. GDPR DPP is about methodology and how it works, it is your step-by-step path to data compliance. We open you a door to the actual and well-paid profession. What are you waiting for? 


By the end of the course, you will: 

  • Understand how to succeed in a privacy sphere 
  • Implement GDPR concepts in your workflow 
  • Help your company save millions EUR avoiding paying fines 
  • Have already made your first step in a new profession - Data Privacy Professional! 

For which companies?

First of all, the following companies must comply with the GDPR:


  • Apps and cloud solutions;
  • Outsourcing companies in IT;
  • E-shops;
  • Social networks;
  • Banks;
  • Medical and pharmaceutical companies;
  • Event agencies;
  • Apps and cloud solutions;
  • Outsourcing companies in IT.


Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

On LinkedIn

After the course you will be able to answer the following questions

privacy student
What is privacy?
How to define personal data under the GDPR?
privacy student
privacy student
What legal ground is necessary for collection of personal data and how long you can store it?
Who, how and when should be designated as Data Protection Officer?
privacy student
privacy student
How is risk assessment (DPIA) carried out?
What shall you write in your Privacy policy?
privacy student
privacy student
What should you do in case of data breaches?


Click on"" to see details.

Concepts of privacy, data privacy, data protection. Types of privacy.
History of data privacy
Taxonomy of privacy by Daniel Solove
Social implications of data privacy
Overview of evolution of privacy laws
Review of existing data privacy laws, standards and regulations
Сases, court precedents, guidelines in information privacy
The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data №108
Directive 96/46
Overview of present regulatory framework of data protection in EU (GDPR+)
History of EU General Data Protection Regulation (GDPR)
Territorial and material scope of GDPR
Structure of GDPR text (recitals, business related articles etc)
Overview GDPR related acts
National data privacy legislation
Legal precedents
Guidelines and opinions of Article 29 Working Group (Art29WP) / European Data Protection Board (EDPB)
Guidelines of national supervisory authorities (SAs)
Overview of risks, fines, responsibilities related to personal data processing
Mapping of the Belarusian, Ukrainian and Russian data protection laws to the rules applicable in EU.
The concepts of personal data (PD), identifier, data subject
Formula of Persomal Data "(id-x)+info"
Cases of (non-)personal data
Biometric data
Data processing and types of processing.
Processing of special categories of personal data
Processing of children's data
Data controller, joint controllers or separate controllers
Data processor
Responsibilities distribution between data controllers and processors
Transparency of processing
Purpose limitation
Data minimisation
Storage limitation
Integrity and confidentiality
Conditions for consent
Getting consent in UX
Legal obligation
Vital interest
Public interest
Legitimate interest
Balancing test of Legitimate Interest Assessment (LIA)
Modalities for exercise of the rights of the data subject
Right to access personal data
Right to rectification
Right to restriction of processing
Right to be forgotten
Right to data portability
Right to object
Right to not be subject of automated decision-making
Data subject' rights restriction
Case “Nightmare letter from data subject”
Check-box approach vs risk based approach
Concept of risk
Risk likelihood and severity
GDPR terminology related to risks (high risk, likely etc)
Data Protection Impact Assessment (DPIA) requirement under GDPR
When DPIA is mandatory
BIA (Business Impact Assessment) or SIA (Security Impact Assessment) as triggers for DPIA
General approach to conduct DPIA
Describing processing operations, personal data and supporting assets
Legal and risk-treatment controls
Risk sources, feared events, threats and risks
Tools for Data Protection Impact Assessment
GDPR requirements to information security
Data breach notification of supervisory authorities and data subjects
Technical and organisational measures of managing information security risks
Overview of GDPR rules on cross-border data flow
Documenting international transfers of personal data
Data Processing Agreement
Binding Corporate Rules
Standard Contractual Clauses
Codes of conduct and certifications
Derogations relating to cross-border data transfers for specific situations
The 7 foundational principles of privacy by design by Ann Cavoukian
Privacy by Default
Privacy embedded into design
Full functionality - positive-sum
End-to-End Security - Lifecycle Protection
Data Protection Officer (DPO) and EU representative
Representative in EU
Data Protection Officer / DPO

Training format

9 hours per week
8 practical exercises
32 real cases
Individual mentoring support
700 additional materials
87 test questions
1 GDPR DPP certificate for everyone, who passed the test

Online format

We use Zoom to organize the training. You can see the trainer and his screen, as well as ask him questions in real time using a mic or a webcam.

We will share with you an invitation link through a group chat in WhatsApp.

Technical requirements:

- mic and headphones;

- Internet connection for high-quality video call;

- Zoom app.

For maximum benefit, we recommend that you dedicate these days exclusively for the training.



Training is an organizational measure, and is a duty reflected in the General Data Protection Regulation, Articles 24, 25, 28, 32, and 39. Our recognizable certificate confirmyour knowledge and ability to work as DPO specialist. We also attach the course program to certificate. 

Certificate GDPR_DPP

Trained by us



    The course is loading, wait a few seconds