The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a Regulation by which the European Authorities framework, intend to strengthen and unify data protection for all individuals within European Union market. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for International Business, by unifying the regulation within the EU.


The General Data Protection Regulation come into effect on 25 May 2018 and provides a modernised, accountability-based compliance framework for data protection in European Union Countries. The figure of Data Protection Officers (DPO’s) will be at the heart of this new legal framework for many organisations, facilitating compliance with the provisions of the GDPR.


Under the GDPR, it is mandatory for certain controllers and processors to designate a DPO. This will be the case for all Public Authorities and Bodies (irrespective of what data they process), and for other organisations that – as a core activity – monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale.


Even when the GDPR does not specifically require the appointment of a DPO, Organisations may sometimes find it useful to designate a DPO on a voluntary basis. The Article 29 Data Protection Working Party encourages these voluntary efforts.


The concept of DPO is not new. Although Directive 95/46/EC3 did not require any organisation to appoint a DPO, the practice of appointing a DPO has nevertheless developed in several Member States over the years. DPOs act as intermediaries between relevant stakeholders (e.g. supervisory authorities, data subjects, and business units within an organisation).


DPOs are not personally responsible in case of non-compliance with the GDPR. The GDPR makes it clear that it is the controller or the processor who is required to ensure and to be able to demonstrate that the processing is performed in accordance with its provisions (Article 24). Data protection compliance is a responsibility of the Controller or the Processor.


Swiss Approval International, offers Training Course in order to increase the sensitivity of involved personnel in the field of GDPR and also to prepare participants to become successfully DPO’s, covering the needs of the specific DPO role.


The seminar is addressed to the following stakeholders:

  • Executives of enterprises / organizations that have or will be assuming the position of the Personnel Protection Officer
    Data (DPO)
  • Lawyers
  • Business Councils
  • Informatics & Communications Executives
  • Administrative Executives


At the end of the seminar, participants will acquire basic knowledge and skills regarding the following major issues:

  • The necessary knowledge to undertake DPO’s duties for business / organization protection.
  • The ability to cover not only the theoretical part of the Regulation, but also the practical (technical) part at all levels of application of the Regulation through the case studies violation of Personal Data.
  • The ability to design and take data protection measures by selecting the most suitable for the Enterprise / Organization.

Course Syllabus

Module 1: Introduction

  • Aim of the Data Protection Policy | Private
  • Scope and amendment of the Data Protection Policy | Private
  • Data protection incidents | Private

Module 2: Data Protection Legislation

  • European Data Protection Laws | Private
  • European Data Protection Standards | Private
  • Application of national laws | Private
  • GDPR towards a harmonized legislative framework | Private

Module 2: Personal Data

  • Definitions | Private
  • Differentiations | Private

Module 3: Processing Managers and Processing Assistants

  • Role of Data Processing Manager | Private
  • Role of Data Processing Assistants | Private
  • Relationships between Data Processing Managers and Data Processing Assistants | Private

Module 4: Processing of personal data

  • Principles for processing personal data based on the new European Regulation | Private
  • Implementation of the European Regulation (GDPR) | Private
  • Legal bases for the processing of personal data | Private

Module 5: Provision of information

  • Holding and processing of personal data | Private
  • Responsibilities and sanctions | Private

Module 6: Rights of data subjects (individuals)

  • Right of access | Private
  • Right to rectification | Private
  • Right to erasure | Private
  • Right to restrict processing | Private
  • Right to data portability | Private
  • Right to object | Private
  • Right not to be subject to a decision based solely on automated processing | Private

Module 8: Reliability of data processing

Module 9: Transmission of personal data

  • Data transfer capabilities outside the European Economic Area | Private
  • Data transfer obligations outside the European Economic Area | Private

Module 10: Supervision and Enforcement

  • Role, Powers and Procedures of the Supervisory Authorities | Private
  • Duties of the European Data Protection Board | Private
  • Role of the European Data Protection Supervisor and Remedies | Private
  • Responsibilities and sanctions | Private

Module 11: Supervision and Enforcement

  • Compliance requirements for the processing of employee data | Private
  • Compliance requirements for monitoring | Private
  • Compliance requirements for direct marketing | Private
  • Compliance requirements for internet technology | Private
  • Compliance requirements for communications | Private
  • Compliance requirements for outsourcing | Private

Add Your Review