role of the DPO course


This course is available at £1,250 + vat per person. Discounts are available for multiple bookings from the same organisation.

April 2021 – 14th, 15th, 20th and 21st



  Our CPD Accredited Data Protection Officer course is an industry recognised course which has been designed by DPO’s with other DPO’s in mind. We pass on our skills and experience to help you undertake your role as an independent, qualified and competent DPO.  The course is perfect for those who are already DPOs, aspire to be DPOs, or are Data Protection Managers or consultants working in the industry. The course is designed using our extensive knowledge of GDPR, the Data Protection Act 2018 and other relevant data protection legislation. We combine our theoretical knowledge with our operating experience as DPOs in public, private and third sectors.   By attending and passing this course you will have a recognised qualification in the role of a Data Protection Officer which has been accredited by the CPD Certification Service.   

In addition to the 4 days of interactive training, we also give you access to added-value products and services that allow you to start or continue your work as a DPO:

  • Peter Careys latest book, a practical guide to UK law (worth £90)
  • DPAS branded folder (sent prior to the course)
  • Pocket size version of the GDPR articles and recitals (sent prior to the course) CPD accredited Role of the DPO certificate (32 CPD credits gained)
  • Trainer with over 20 years of experience in the industry
  • DPO mentor and support for 12 months post course
  • GDPR toolkit
  • All course materials via Microsoft TEAMS
  • Your personalised 12-month action plan to implement the practical skills you picked up during the course.
  • Our latest GDPR Assurance Audit which you can use when you are back in the workplace to assess compliance and develop remediation plans. Within this tool is a great one-page reporting template for your board.
  • A Data Protection Officer policy, job description and business case which you can bespoke to clearly define your role and identify the key resources.
  • A DPO reporting process, template reports and advice forms.
  • An innovative risk model which is designed for you to assess data protection risks in your organisation.
  • Access to all the latest legislation, regulations and Data Protection case studies from the UK and EU.
  • Information security audit tool based upon ISO27001 which you can use to measure 92 security controls you have in your organisation.
  • Access to our full suite of GDPR and Data Protection policies which include Data Breach, Data Protection Impact Assessments, Privacy Notices, Legitimate Interest Assessments,
  • Information Governance and Security Policies and Controller/Processor contractual guidance to name just a few.
  • Access to our full template suite of Individual rights policies, decision trees and template letters, everything you need to deliver Articles 12 – 22 of GDPR.
  • A detailed list of the UK Data Protection Act exemptions in a format for you to apply and associated policies in which you can use when thinking about applying for exemptions.

The course is not all “chalk and talk” delivered by DPOs. Instead we use case studies from our own experience, relevant legal cases, interactive learning, tools we have developed, group sessions and competence-based learning to ensure that DPOs are confident and supported to go back into their organisation and deliver GDPR assurance. 

You leave with an action plan for your role as DPO and the free use of our tools and your own personal DPO mentor. We believe in a sustainable skills transfer.  Every delegate will be assigned a DPAS DPO Mentor & Coach for 12 months post course. The mentor will be available to support the DPO in their role.  

The purpose of the training is to:

  • Understand the role of the DPO – from a legal and ethical perspective. 
  • Have an overview of the people, processes and technology that underpin GDPR and the role of the DPO. 
  • Analyse key legal cases that influence the courts in GDPR Understand the main differences between the Data Protection Act & GDPR – i.e. where the key exemptions are, what the key changes in regulations are, and how this should apply in your organisation. 
  • Assess your current compliance status, analyse data risks and identify the key tasks and actions required to be completed by the DPO on the road to compliance and to develop the toolset you need for delivery in your organisation and with your clients. Recognise the DPO’s role in managing relationships at board and ICO level. 
  • Understand the role of the DPO in a breach, including notification and reporting to the ICO, and stakeholder management. 
  • Understand the role of DPO in the Data Protection Impact Assessment process, including the key components to effective assurance. 
  • Develop your own organisational action plan. 
  • Agree a mentoring plan with your tutor for the next 12 months. 

The course takes 4 days to complete and will be held virtually across 2 weeks.  There is a pre course workbook which will need to be completed before the course begins (8 hours of study).

There will be short exams throughout the course, and a final case study exam which is open book.

You will need access to Microsoft Teams and Onedrive throughout the course. All documents will be shared via Onedrive and sessions will be held via teams.

The course will start at 9:00 am and finish at 4:00 pm daily.

Our course is broken down into 8 units which aims collective to give you these key skills and areas of learning let us look at these key learning outcomes:


We want to ensure delegates understand the context of the GDPR amongst EU Law and each country’s legislation. We take an in-depth look into the role of the DPO in a legal context and the DPO’s responsibility to enforce the GDPR principles. We cover an organisation’s journey to compliance and the role the DPO plays in helping to achieve that.  We also teach you how to manage risk from a DPO perspective.

  • The context of GDPR amongst EU law and each country’s legislation.
  • The consequences of non-compliance with GDPR. Legislation associated to data breaches and other data protection laws.
  •  Expectations of the Data Protection Act 2018 and how it impacts the DPO role in upholding data subjects’ rights. We focus particularly on confidentiality and examining key legal cases and how the courts will interpret GDPR from past judgements.
  • The skills needed to assess the data controller.
  • The role, powers and status of the Supervisory Authority. Key GDPR principles and the DPO’s responsibility to enforce them.
  • How to develop a roadmap to compliance.
  • The DPO’s role of starting the journey to compliance. Developing an organisations action plan.


We cover the basics of what is required to be a DPO. The aim of this session is to simplify and breakdown the steps of setting yourself up as DPO. In this session we also cover off some of the technical terms and breakdown the jargon associated with being the DPO.

  • Appointing a DPO, checklist, key tools and resources you will need.
  • Public Authorities and DPO’s.
  • What do core activities mean in Article 37 of GDPR?
  • What does large scale processing mean in Article 37? What does regular and systematic monitoring mean in Article 37?


We then dive into more detail about the exact requirements of a DPO. We ask what makes a good DPO.

What kind of criteria do you need to meet to be a DPO?

We cover:

  • How the DPO role may differ for processors.
  • Being the DPO for more than one organisation.
  • Accessibility for the DPO.
  • Expertise of the DPO.
  • Professional qualities of the DPO.
  • Publication and communication of the DPO.


Building on the foundations our next stage is to allow the skills to develop that allow the DPO on how to stay independent whilst acting as a DPO. Most DPO’s will have a position/ second job within an organisation and acting as DPO can often be challenging. We aim to teach the delegates how to be neutral and lead on all things data protection, whilst developing a niche and gaining the confidence of the organisation.

  • The DPO’s involvement in all matters data protection.
  • The resources required to be a DPO.
  • Dismissal or penalty for performing DPO tasks.
  • How to handle a conflict of interest. Acting in an independent manner.


We develop your skills required to provide relevant and thorough audit and assurance. We also provide tools. This should allow delegates to act effectively as DPOs. In this section delegates will receive support in:

  • Monitoring compliance.
  • Record keeping.
  • Demonstrating compliance as custodian of the Article 30 record of processing.
  • How to review, challenge and risk assess data processing.
  • Introduce a risk based approach using our risk analysis tools. Enable DPO’s to assess risk, mitigation and planned change within a Data Protection Impact Assessment.


A core skill set and requirement of the DPO is to be able to provide assurance to Controllers and Data subjects when change occurs.  Delegates will be using our DPIA decision tree. We look at DPIA’s in different scenarios within an organisation and work interactively to come up with solutions. We will discuss risks to the data subject, and nine areas of particularly ‘high risk’. We then look at some scenarios, asking the delegate if and when a DPIA may be required in workplace situations.  DPO’s will learn how to analyse DPIA’s and ask the right questions.

  • Understand the need for a DPIA.
  • Be able to create a DPIA using delegate’s own process.
  • Recognise the role of the DPO as an objective risk assessor.
  • Critically assess a DPIA.
  • Review during the project life-cycle.


We give delegates the skills and hands on experience on how to deal with a breach within their organisation and the legal responsibilities that a DPO holds. Data breaches can happen for a number of reasons, we will help the delegates understand what are risks for data breaches and how to avoid this happening. Additionally, we will teach delegate DPO’s how to manage breaches and what the correct processes are to put in place. We will use this session to put in place a scenario and give the delegates the opportunity to deal with a breach using our recommended processes

  • See the benefits of having a strong data breach policy.
  • Understanding what a data breach is.
  • The processes behind data breach.
  • How to manage a data breach.
  • Lessons to take from a data breach.
  • How to demonstrate compliance using a data breach policy.
  • Dealing with a scenario by using a data breach policy.


The purpose of this session is to introduce the concept of creating a Data Privacy Culture.  The DPO plays a key role in facilitating a data protection cultural change within their organisation.  We give examples on how DPOs may wish to embed a plan to deliver this change. In this unit we will also agree the mentoring plan with your DPAS tutor for the next 12 months. Ultimately we:

  •  Identify the key drivers required to enable a culture change within their organisation.
  • Develop an action plan to enable a culture change. Develop a personal development plan to lead culture change within the delegate’s organisation.
  •  Agree a mentoring and action plan between the delegates and the tutor, following on for 12 months after the course.
  • Data Protection Officers 
  • Aspiring Data Protection Officers 
  • Current Data Privacy leads and managers who are aspiring to becoming Data Protection Officers 
  • Information Governance team members 
  • Subject Matter Experts who want to understand the legislation and the role of a DPO