PART I  - JUMP START: Privacy Fundamentals


  • The legal framework (including GDPR)
  • Key data protection concepts, principles and obligations
  • Actors, roles and responsibilities
  • Data subjects’ rights
  • Processing sensitive personal data
  • Data security
  • Third country data transfers
  • The supervisory authority

PART II – Setting up and implementing a GDPR compliance framework in practice

Tuesday: Essential GDPR principles and requirements

  • The role of the DPO and the interaction with the rest of the organisation
  • Grounds for processing, including legitimate interest and consent
  • The rights of data subjects and how to handle them

Multiple Choice Test

Wednesday: Getting technical

  • Data protection by design and default
  • Data protection impact assessments
  • Data security management
  • Responsibility of controllers and processors and data in the cloud
  • Data privacy breach management, notifications and communication

Thursday: Data transfers

  • Adequacy decisions
  • EU-U.S. Privacy Shield
  • Standard Contractual Clauses
  • Binding Corporate Rules
  • Derogations and exceptions, including data subject consent
  • Transfer personal data safely

Graded group assignment

Friday: Demonstrating compliance

  • Accountability requirements
  • Setting up policies and procedures
  • Evidence collection
  • Privacy Audits
  • Supervision, enforcement action and sanctions
  • Cooperation with the DPAs

Final Exam

Are you tired of the traditional classroom training? Join us for a full problem-based learning experience. This complete one-week certification training gives you the "do's and don'ts" and the most effective methodology to comply with GDPR requirements and perform effectively the role and tasks of a DPO.

Join the training, take the examination and get your Maastricht University Professional DPO Certificate!


  • 3-7 September 2018, Brussels
  • 5-9 November 2018, Vilnius
  • 19-23 November 2018, Brussels