SECO - Data Protection Practitioner



This SECO Institute�course is a five-day session aimed at enhancing a candidates understanding of data protection responsibilities and equipping candidates with the necessary skills and knowledge to translate GDPR requirements to their own work environment, apply the translated concepts�to their own work practices, and advise management on issues related to privacy and data protection.


  • Call center employees, help desk employees and other first-line customer-oriented services
  • Staff members in charge of designing, developing or managing processes or services in which personal data are involved
  • Consultants who need to advise customers on handling the personal data of European citizens

Learning Objectives

Module 1: Strategic Considerations
Module 2: Impact and Risk Assessment
Module 3: Operations
Module 4: Design and Implementation
Module 5: Governance

Module 1: Strategic Considerations

  • Translating corporate goals and needs to a vision on handling personal data
  • Transforming vision into an effective implementation strategy
  • Defining data protection principles and develop a data protection policy
  • Understanding the importance of creating a data inventory and are able to summarize the principles that govern the creation of such an inventory
  • Understanding the importance of publishing a privacy notice and are able to draft a privacy notice

Module 2: Impact and Risk Assessment

  • Understanding the concepts of risk management, risk analysis and Data Protection Impact Assessment (DPIA)
  • Performing a (basic) risk analysis related to data protection
  • Performing a (basic) DPIA
  • Identifying threats to data protection and list effective measures to mitigate the resulting risks
  • Defining data protection requirements based on the data protection policy and the outcome of the DPIA for the business processes, the internal organization, and the technology used by the organization (both internally and outsourced)

Module 3: Operations

  • Understanding the impact of data protection on regular operations
  • Summarizing relevant legal and regulatory requirements, with special regard to those set out in the GDPR
  • Incorporating data protection requirements in new and existing procedures in a pragmatic but effective manner
  • Knowing what is required and/or allowed when it comes to policies, laws and regulations in an organization

Module 4: Design and Implementation

  • Using technological tools to support data protection, without having to understand the details of how exactly these work
  • Understanding implementing privacy-enhancing technologies (PET) and, in particular, cryptography
  • Understanding the concepts of privacy by design/default
  • Translating privacy by design/default to practical policies and procedures
  • Instilling awareness at an organization
  • Constructing an awareness program
  • Defining generic data protection requirements for projects

Module 5: Governance

  • Assessing data is needed for reporting to support good governance and well-considered decision-making
  • Contributing to the establishment of a reporting system
  • Translating the concept of management systems to a Data Protection Management System (DPMS)
  • Preparing for an (external) audit on GDPR-compliance
  • Defining and implement a basic 3rd-party assurance process