European Certified Data Protection Officer (ECDPO ) Training Spring 2018 Dublin

Following the feedback from the National Data Protection Conference, the Irish Computer Society, along with the Association of Data Protection Officers, have developed a suite of Advanced Data Protection courses which may be taken individually or as a pathway to achieving Certified Data Protection Officer accreditation.

The programme is delivered over a period of up to two years (minimum six months). Candidates are required to complete at least six modules from a choice of eight specially tailored Advanced Data Protection modules:

  • ECDPO 1 - Preparing for the EU General Data Protection Regulation
  • ECDPO 2 - Subject Access Requests
  • ECDPO 3 - Data Protection Impact Assessment’
  • ECDPO 4 - Managing a Data Breach
  • ECDPO 5 - How to conduct a Data Protection Audit
  • ECDPO 6 - Understanding Data Protection by Design & Default
  • ECDPO 7 - Records & Policy Management
  • ECDPO 8 - Data Governance & Accountability
  • As ‘Advanced’ courses, they move beyond core legislation and terminology, examining in greater detail the issues that impact your organisation daily. Content is highly focused, practical and relevant to current data protection concerns, particularly the impact the EU GDPR will have on your organisation.

    Who should attend

    The ECDPO programme is ideally suited to anyone currently fulfilling a Data Protection Officer role within an organisation or looking to develop a career in Data Protection. Candidates are expected to have at least a working knowledge of current Data Protection & Privacy legislation in order to ultimately achieve "expert level knowledge" (as specified by EUGDPR) and hold an accredited Data Protection Practitioner Certificate qualification.

    Courses are aimed at individuals responsible for ensuring that their organisation is compliant with data protection and privacy law. This includes Data Protection Officers, IT Managers or Directors, Human Resources Managers, Heads of Compliance, Operations Managers, Risk Managers, etc. The programme is particularly relevant for individuals who require a broader perspective on the EU GDPR, such as those responsible for policy implementation, or anyone that processes a large amount of personal data (financial institutions, charities, universities, government departments, etc.).

    Please note, candidates are expected to have at least a working knowledge of current Data Protection & Privacy legislation and hold an accredited Data Protection Practitioner Certificate qualification or equivalent.

    What you will learn

    ECDPO 1 - Preparing for the EU General Data Protection Regulation

    This 1-day advanced course provides participants with a detailed insight into the main provisions of EU GDPR, as well as practical guidance on what organisations should start doing to ensure that they are prepared for the changes.

    • An overview of Irish data protection legislation and the regulation
    • Rights of the Data Subject, Data Breach Notification, Codes of Conduct
    • The role of the supervisory Authority and the Supervisory Board
    • Data Profiling, Anonymisation, Pseudonymisation
    • Processing, consent, legitimate business interest
    • International data transfers
    • Infringements and penalties

    ECDPO 2 - Subject Access Requests

    We all have a right to request a copy of all information an organisation retains about us, provided the data exists. This is known as a Subject Access Request (SAR).

    This 1-day advanced course covers all aspects of Subject Access Requests including how a SAR is defined, how to respond to a request, what legal obligations an organisation has, and how to respond efficiently. In particular, it covers how SARs have changed under the latest Regulation.

    • Subject Access Request features and definitions
    • Processing, exceptions, SAR complaints
    • SAR exceptions and exemptions
    • How to deal with SAR complaints
    • Enforced Subject Access
    • Data portability and its impact on SAR
    • SAR complexities, challenges and best practices

    ECDPO 3 - Data Protection Impact Assessment (DPIA)

    This 1-day advanced course thoroughly outlines how to develop and implement a Privacy Risk Impact Assessment (also known as a 'Data Protection Impact Assessment'), monitor outcomes and take corrective action if needed. It teaches organisations how to identify and resolve issues early, reduce costs and potentially mitigate reputational damage.

    Outline topic include;

    • Difference between a risk and crisis
    • Data Protection Impact as a GDPR requirement
    • Why DPIAs are required
      • The DPIA process - Conducting a DPIA from group up
    • Privacy by Design/Default
    • Analysis of DPIA tools
    • Risk-based approach
    • Monitoring outcomes and responding to privacy risk
    • Cost of non-compliance

ECDPO 4 - Managing a Data Breach

    Data Breaches are an increasingly common occurance. Your organisation's likelihood of a data breach occurring only increases over time. While not inevitable, building contingency for a data breach is an investment in the future safety of your organisation's data and reputation.

    This 1-day advanced course covers the main factors which may lead to a data breach and a process to follow in the event of occurrence.

    Outline of topics include;

    • What is a data breach
    • How does a breach occur?
    • Data breach defined under GDPR
    • Types of data breaches
    • Anatomy of a data breach
    • Role of Management in Data Breach Management
    • Data Breach Management Process

    ECDPO 5 - How to conduct a Data Protection Audit

    The ability to conduct your own Data Protection Audits is an invaluable skill when ensuring your organisation's level of data protection compliance.

    This 1-day advanced course covers the areas which your organisation should monitor on a regular basis and your readiness in the event of an audit by the Data Protection Commissioner's Office.

    Outline of topics include:

    • Why is a data protection audit necessary?
    • Data Audit as an accountability tool
    • Data Audit under GDPR
    • Data Audit and Risk Management
    • Data Protection Audits: Internal, External and Regulatory
    • Data Audit Tools
    • The Data Audit Process
    • Data Protection Certification
    • Best Practices

    ECDPO 6 - Understanding Data Protection by Design & Default

    Data Protection by Design is an approach to system design which takes privacy into account throughout the whole design process.

    This 1-day advanced course explains the concept of 'Privacy by Design' and how your organisation can include the safe development of data systems by taking into account your responsibilities as data processor/controller and your responsibility to data subjects.

    Outline of topics include:

    • The case for Data Protection by Design and Data Protection by Default
    • Introducing Data Protection by Design
    • Data Protection by Design under GDPR
    • Concepts of Data Protection by Design / Default
    • Application of key Data Protection by Design concepts to real life projects
    • Role of Data Protection / Privacy Impact Assessments in ensuring the effectiveness of DPBD / DPBDF
    • Introduction to Privacy Enhancing Technologies (PETs)
    • Profiling, anonymization and Pseudonymisation

ECDPO 7 - Records & Policy Management

    With the rapid growth in data storage solutions, many organisations no longer see data retention as a high-cost item. They therefore retain manual and electronic records indefinitely.

    But with this comes increased exposure to the risk of data loss, unauthorised access, and ultimately, reputational damage.

    This 1-day advanced course will enable you to assess the following elements:

    • Records Management Audit: Do your organisation's records management policies and practices meet regulatory and legislative obligations?
    • Electronic Document and Records Management System: How do you select and manage your organisation's Electronic Document and Records storage solution?
    • Reduction of off-site storage costs: Enable your organisation to analyse current cost and service offerings and learn best practice for vendor selection of records management procurement solutions.

Outline of topics include:

    • A brief overview of records management
    • Records management under GDPR
    • Records processing and mapping
    • Accountability and records governance
    • Implementing a records management program
    • Archiving & Retention
    • Best Practices

    ECDPO 8 - Data Governance & Accountability

    GDPR comes packaged with requirements that encourage accountability and governance for the protection of personal data for organisations involved in the processing of such. Accountability is now an important and explicit requirement under GDPR. Simply put, accountability requires that organisations process personal data lawfully and accurately in a transparent manner. There must be one or more legitimate reasons why personal data is effectively processed and where appropriate, minimally retained.

    Outline of topics include:

    • Accountability as a compliance tool
    • Accountability and Governance under GDPR
    • Stakeholder Management
    • Data Security & Quality
    • Organisational culture
    • GDPR & Role of Leadership
    • Cost of non-compliance
    • Liabilities
    • Best Practice

    For more information please contact training@ics.ie


    This programme will enable you to fully meet the legislative requirements as a Data Protection Officer under EU GDPR. Use the knowledge you have gained about data protection legislation to make influential changes to your organisation’s data protection policies, helping you remain competitive and compliant. This will increase your organisation’s confidence in its ability to:

    • Protect and manage data
    • Interpret contemporary legislation in the specific areas of data protection
    • Implement a data protection framework within your organisation
    • Design, complete and report on major data protection projects which may be required to enhance your organisation’s positioning within the sector
    • Justify the rationale behind recommendations in relation to data protection
    • Maintain, develop and apply Data Protection best practice
    • Professional Designation

    Members who complete the European Certified Data Protection Officer Programme, and who commit to completing Continuing Professional Development hours, will be entitled to use the designation ECDPO – European Certified Data Protection Officer.

    If for any reason you need to cancel your place on the course, please ensure you are aware of our cancellation policy.

    If you are not a member of this organisation and have not yet availed of our multi-society membership offer, you can still claim any available discount on this event.

    Click below on the logo of the society of which you are member to sign in and avail of the discount.


Members – book your place at this event for the special price of just €3295.00  €2965

Membership means more than saving on events. You can also network with like-minded professionals, and gain recognition of your experience and expertise. Learn more about membership benefits.

Members' price:




8th Jan (Mon) to 20th Apr (Fri)


Begins at 09:30 and ends at 17:00


  • Price:


Share this event!