Data Protection 27701 Lead Auditor

Live Online Training

This course enables participants to develop the necessary expertise to audit a Data Protection Management System (DPMS) based on ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701 (or PIMS), in compliance with the specified requirements of REGULATION (EU) 2016/679 (GDPR) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

Participants will learn the fundamental concepts and principles of privacy and data protection and an overview and comparison of the main Privacy and Data protection EU and related frameworks, including, the OECD Privacy Framework, the Australian Privacy Management Framework, the ISO 27701 & ISO 29001 Privacy Frameworks for PII, the Canada Privacy legislation, the US Data Privacy legislation, the APEC Privacy Framework and, in detail, the EU Data Protection Framework (GDPR).

During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with the certification criteria as defined on: General Data Protection Regulation (2016/679), Articles 42 and 43; European Data Protection Board (EDPB) guidelines; and, ISO/IEC 17065, ISO 19011 and ISO/IEC 17021 standards. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

This 5-day course prepares the participants for the Behaviour Data Protection Lead Auditor (DPLA) certification. This certification is aligned with ISO/IEC 17024 and therefore valid at international level.

Metodologia

he DPLA training course is based on both theory and practice sessions with:

Lectures illustrated with examples based on real cases

Practical exercises based on a full case study including role-plays and oral presentations

Review exercises that assist in preparation to the certification exam.

To benefit from the practical exercises, the number of training participants is limited.

Destinatários

Internal auditors

Auditors wanting to perform and lead certification audits of Data Protection Management Systems (DPMS) based on GDPR

Project managers, consultants, and designated DPO’s for public organizations or by private companies wanting to master the audit process of Data Protection Management Systems (DPMS) based on GDPR

Privacy and data protection consultants and/or auditors involved or supporting organizations on the compliance with EU data protection requirements

CxO and Senior Managers responsible for the governance of an enterprise and the management of its data protection risks

Members of information security and/or data protection teams

Expert advisors in privacy, data protection and information security

Technical experts wanting to prepare for a Data Protection or Information security audit function

Any professional wanting to acquire the necessary skills to audit an EU GDPR based Data Protection Management System

(DPMS)

Pré-Requisitos

Participants should understand English as the course documentation is in this language.

Objectivos Gerais

At the end of the course students should be able to:

Identify and know how to apply the main privacy and data protection concepts and terminology

Understand the main privacy and data protection frameworks, including the details of EU GDPR regulation and the foundations of related data protection frameworks

Understand the roles and responsibilities of the several stakeholders, including the DPO, on the compliance of the GDPR and their involvement on the audit and certification process

Acquire the expertise to perform an DPMS (or, PIMS) GDPR internal audit following ISO 19011 guidelines

Acquire the expertise to perform an DPMS (or, PIMS) GDPR certification audit following ISO 19011 guidelines, EDPB guidelines and the specifications of ISO/IEC 17065 and ISO/IEC 17021

Acquire the necessary expertise to manage an DPMS (or, PIMS) GDPR audit team

Understand the operation of an GDPR conformant data protection management system

Understand the relationship between a Data Protection Management System, including risk management supported by data protection impact assessments (DPIA), controls and compliance with the requirements of GDPR and the different stakeholders of the organization

Improve the ability to analyse the internal and external environment of an organization, its risk assessment / DPIA and audit decision-making

Acquire the knowledge needed to succeed on the BEHAVIOUR DPLA exam and become a Certified Data Protection Lead Auditor (DPLA) professional

Programa

Day 1: Introduction to privacy and data protection concepts and principles; Privacy and data protection frameworks; Introduction to GDPR the EU data protection framework.

Day 2: EU data protection legislative framework; Audit concepts and principles.

Day 3: Preparation and launching of an audit; On-site audit activities

Day 4: Concluding the On-site audit activities and Closing the audit

Day 5: Data Protection Lead Auditor (DPLA) exam

Exame

The “Data Protection Lead Auditor” exam fully covers the following competence domains:

Domain 1: Concepts and principles of privacy and data protection

Domain 2: EU GDPR and related data protection frameworks

Domain 3: Fundamental audit concepts and principles

Domain 4: Preparation of an GDPR audit

Domain 5: Conducting an GDPR audit

Domain 6: Closing an GDPR audit

Domain 7: Managing an GDPR audit program

The “Data Protection Lead Auditor” exam is available in Portuguese and English language.

Duration: 3,5 hours, passing score 70%.

Exam available on-site and online.

This is a two parts exam, with part one being a 40 multiple choice questions (1 hour, closed book) and part two with 10 essay questions (2,5 hours, open book, i.e. the participants can use all the documentation provided during the course).

The exam result is sent via email to the candidate within two months after the examination, being the exam result graduated in qualitative note: “Pass or Fail”.

In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade.

If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Certificação

Data Protection Lead Auditor (DPLA)

After successfully completing the exam, participants can apply to one of the certification levels: "Data Protection Provisional Auditor", "Data Protection Auditor" or "Data Protection Lead Auditor", depending on their level of experience.

These credentials are available for internal and external auditors.

A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Data Protection Lead Auditor is a certification program aligned with ISO/IEC 17024 standard.

Informçôes gerais

Formação na língua portuguesa ou inglesa.

Recursos materiais da formação online e em Inglês, com acesso online.

Metodologia prática de auditoria passo-a-passo.

Certificado digital de Frequência de Formação Behaviour com 32 créditos CPD/CPE.

Exame de Certificação online, em Português e Inglês. O exame pode ser realizado até 3 meses, após a conclusão do curso.

Diploma digital de Certificação e Insígnia digital de Certificação, após sucesso no exame e conclusão do processo de candidatura. Este registo não tem qualquer custo associado.

Se o candidato não for aprovado no exame, tem o direito a uma nova tentativa gratuita dentro de um período máximo de 12 meses, a contar da data do exame inicial.

https://behaviour-group.com/PT/curso-data-protection-27701-lead-auditor/