GDPR Training Programme for Data Protection Officers | Databasix

Training Programme for Data Protection Officers / Leads

A complete Programme of training sessions, delivered in convenient schedule, to support individuals with overall responsibility for data protection in their organisation.

£945.00 plus VAT per person.

Course detail at a glance


  • Duration: 6 modules on separate dates (approx. 14 hours in total)
  • LIVE online
  • Also available as a private session for your team. Ask for details.
  • Certificated training
  • Copy of the course materials to take away
  • Interactive session delivery
  • Intended for all sectors

Course description

Keeping data protection on the organisational agenda is often a challenge for Data Protection Officers or Data Protection Leads, particularly if this is an additional responsibility to their main role.

Databasix provides a complete Programme of training sessions to support individuals with overall responsibility for data protection in their organisation. The Programme provides training on key operational aspects and responsibilities for the role, and promotes a healthy understanding of the practical implementation of those responsibilities.

The Programme modules are delivered in separate manageable blocks of time, to allow individuals time to reflect on what they’ve learnt and so as to fit in with other demands on their diary.

Throughout the modules of the Programme, delegates are asked a questions to ensure that the course material is understood. Delegates are provided with a copy of the module materials. Upon completion of the Programme, delegates receive a PDF Diploma certificate.

Who is this course intended for?

Roles include:

  • Private, Public, Charity and Voluntary sectors
  • Data Protection Officers
  • Data Protection Leads
  • Operations Directors
  • HR Directors
  • IT Directors / IT Managers
  • Business Owners
  • Practice Managers and Partners

The training course includes the following modules

The six modules, at a glance


1. Course syllabus; The Role and Duties of a DPO

  1. The circumstances in which a DPO needs to be appointed
  2. The knowledge, qualifications and qualities need to fulfil DPO tasks
  3. The duties of a DPO
  4. The tasks/duties that could result in a conflict of interest
  5. The relationship between the DPO and senior management/board of directors
  6. Raising the profile of data protection with employees
  7. Communicating with data protection regulators
  8. When a data protection impact assessment is requirement
  9. The requirement for the DPO to be 'independent’
  10. Why it is important for the DPO to be approachable
  11. The organisation's responsibility to support the DPO by providing necessary resources
  12. The organisation's obligations to involve the DPO in key decisions

2. Course syllabus; Managing Personal Data Breaches

  1. The definition of a personal data breach
  2. The processes for incident response
  3. How to assess the risks to Data Subjects
  4. Communication messages to Data Subjects and other relevant stakeholders
  5. What steps to take when notifying the supervisory authority (i.e. UK's ICO)
  6. Record keeping requirements for personal data breaches
  7. Evaluating the appropriateness of the technical and organisational controls in place to prevent personal data breaches
  8. Data Controller and Data Processor responsibilities in the case of a breach
  9. Consequences for failing to notify a supervisory authority of a personal data breach
  10. Implication for the right to compensation

3. Course syllabus; Handling Subject Access Requests

  1. Defining the 'Right of Access' under GDPR
  2. Discussing the importance of the 'fair, lawful and transparent' principle under GDPR
  3. How to determine whether a DSAR is valid or not
  4. How to liaise with an individual when seeking to clarify the DSAR
  5. How and when to verify the identification of the Data Subject
  6. What are the timescales for responding to a DSAR, and when is it possible to extend the response period
  7. How to deal with third-party information
  8. What exemptions can be applied and when is it appropriate to apply them
  9. What to consider when redacting personal data
  10. How to respond to the Data Subject, and what should be included
  11. How to deal with unfounded and excessive requests

4. Course syllabus; Data Protection Impact Assessment (DPIA) Training

  1. What is a DPIA
  2. When is a processing activity likely to result in a high risk to individuals’ rights and freedoms
  3. When should a DPIA be carried out
  4. What should a DPIA contain
  5. The stages of a DPIA, including the initial assessment
  6. Roles and responsibilities associated with the completion of a DPIA
  7. How a DPIA fits with the project lifecycle

5. Course syllabus; GDPR Training: Storage Limitation, Retention Schedules and Disposal

  1. The risks of keeping data for too short a period versus too long
  2. The importance of data mapping to inform your data retention policy & schedule
  3. Understanding your legal obligations to retain personal data
  4. Understanding ‘what is necessary’ for the organisation to keep when there is no statutory retention period
  5. What should be included in a data retention policy
  6. How to create a retention schedule, including the importance of stakeholder engagement
  7. Obligations for Data Controllers, Processors and sub-Processors, including contractual instructions
  8. How to manage data destruction
  9. Winning hearts and minds: implementing your retention policy & schedule
    And, either

6.1. Course syllabus; GDPR ‘refresher’ training

  1. Processing personal data for a specific purpose(s)
  2. Processing only personal data that enables you to make decisions
  3. Processing personal data for only as long as is necessary
  4. Ensuring that you are being fair, lawful and transparent with the personal data you are processing
  5. What needs to be considered when the person whose data you want to collect needs to give their consent
  6. Understanding and respecting the rights of the person whose data you are collecting
  7. What operational and technical security measures need to be considered when processing personal data
  8. Storing data securely
  9. How and when to report a personal data breach


6.2. Course syllabus; Data Protection Training: GDPR for Beginners

  1. An overview of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018
  2. Explanation of personal data and special/sensitive categories of personal data
  3. Explanation of the difference between a Data Controller and Data Processor
  4. Accountability, governance and controls
  5. Introduction to the principles of the GDPR, including relevant examples
  6. Overview of individual rights including relevant examples
  7. Recognising and reporting Data Subject Access Requests
  8. Explanation of a personal data breach and the process of reporting breaches

Click to download a PDF of the learning outcomes.

View PDF

Programme cost: £945.00 (+VAT)

(Buying each session separately would usually cost £1182.00 +VAT)

GDPR for Marketing Teams

Marketing Bolt-on!

Enhance your package by adding one place on our popular ‘GDPR for Marketing Teams’ for just £62.50 (50% of the usual delegate rate).

One of the biggest challenges when choosing a training course is knowing whether it will be worthwhile. Will it teach you what you need to know and will it be worth the time and money?

Our clients certainly think so! Take a look at a selection of recent independent customer testimonials.

Call us to book your place

Please call us to book your place onto the programme. We’ll invoice you for the total amount and arrange which sessions you’d like to book onto.

Our Courses

If you’d prefer to focus on just one aspect of the programme or the role of the DPO itself, each individual session is available to book directly via the website.

View all courses

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Contact Databasix

Tel 01865 346080

Get Data Protection Services t/a Databasix
is a registered company in England & Wales.
Registration No. 15292208

Unit B Oakwood
Oakfield Industrial Estate
OX29 4TH

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business