Jul 30 2019

How to become a data protection officer

Category: GDPR,Information PrivacyDISC @ 3:28 pm

As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines. In this latest blog discover what a DPO’s tasks are and how to become one.

For many organizations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection officer). 

The demand for DPOs makes it an ideal job role for those looking to advance their career. You need plenty of experience, as well as demonstrable soft skills, but it provides an opportunity with plenty of room for growth. Let’s take a look at how you can get started. 


It’s worth summarising exactly what a DPO’s tasks are because you’ll see that they are responsible for more than simply reviewing GDPR compliance. 

Yes, they are broadly tasked with advising organizations on how to comply with their legal requirements concerning data protection. But that doesn’t just include things like monitoring policies and looking into the need for DPIAs (data protection impact assessments). 

It also involves helping staff understand their data protection obligations and serving as a point of contact for individuals who contact the organization with data protection and privacy queries. 

This means that DPOs will be regularly discussing the GDPR to people who aren’t technically minded. As such, they must have strong communication skills and be capable of explaining complex issues without using jargon. 

It’s much harder to teach skills like that than to train someone on the ins and outs of the GDPR, but still eminently possible. 



If you’re interested in becoming a DPO, you will benefit massively from taking a training course dedicated to the role. It will help you understand the technical requirements of the GDPR and how they apply to each part of your job role and give you practical experience of the tasks you’re responsible for. 

For example, you can understand exactly what’s required when performing, say, a DPIA, but you need to be aware of your boundaries. DPOs must operate independently and without any conflict of interest. Taking too active a role in tasks like this jeopardize your status as an advisor and violate the GDPR’s requirements. 

Certified Data Protection Officer (C-DPO) Masterclass Training CourseIT Governance’s Certified Data Protection Officer (C-DPO) Masterclass Training Course gives you the technical and spatial expertise you need to become a DPO. 

Over four days, our expert trainers will help you hone your knowledge of the GDPR and show you how to use that knowledge appropriately while fulfilling your tasks as a DPO. 



Certified Data Protection Officer (C-DPO) Upgrade Training Course

If you already have a strong understanding of the GDPR, you might prefer our Certified Data Protection Officer (C-DPO) Upgrade Training Course. 

This two-day course builds on the knowledge you would have gained from passing the GDPR Practitioner exam, focusing on the practical application of the Regulation in the workplace.


Source: How to become a data protection officer


GDPR Training

Enter your email address:

Delivered by FeedBurner

Tags: data protection officer, DPO, GDPR Privacy

Jul 29 2019

5 ways to avoid a GDPR fine

Category: GDPRDISC @ 10:04 am

After the ICO issues $450 million of GDPR fines in a week, be sure you’re not next.
Source: 5 ways to avoid a GDPR fine

GDPR For Consultants – Training Webinar


What You Need to Know about General Data Protection Regulation

DISC InfoSec – Previous articles in GDPR category

Enter your email address:

Delivered by FeedBurner

Tags: #GDPR #DataBreachNotification, gdpr compliance, GDPR Privacy

May 21 2019

Microsoft wants a US privacy law that puts the burden on tech companies

Category: Information PrivacyDISC @ 8:56 am

On the first anniversary of #GDPR, Microsoft calls for a similar privacy law in the US that puts the burden on the companies that collect and use sensitive data.

Europe’s privacy law went into effect nearly a year ago. It’s time for the US to catch up, the tech giant says.

Source: Microsoft wants a US privacy law that puts the burden on tech companies



 Subscribe in a reader

Tags: California Consumer Privacy Act, data privacy, GDPR Privacy

Sep 25 2018

Privacy notice under the GDPR

Category: GDPRDISC @ 8:58 pm


A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is accessible by individuals.

Articles 12, 13 and 14 of the GDPR outline the requirements on giving privacy information to data subjects. These are more detailed and specific than in the UK Data Protection Act 1998 (DPA).

The GDPR says that the information you provide must be:

  • Concise, transparent, intelligible and easily accessible;
  • Written in clear and plain language, particularly if addressed to a child; and
  • Free of charge.

Help with creating a privacy notice template

The privacy notice should address the following to sufficiently inform the data subject:

  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Below is an example of a customisable privacy notice template, available from IT Governance here.

GDPR Privacy Notice Template - Example from the EU GDPR Documentation Toolkit

Example of the privacy notice template available to purchase from IT Governance

If you are looking for a complete set of GDPR templates to help with your compliance project, you may be interested in the market-leading EU GDPR Documentation Toolkit. This toolkit is designed and developed by expert GDPR practitioners, and has been used by thousands of organisations worldwide. It includes:

  • A complete set of easy-to-use and customisable documentation templates, which will save you time and money and ensure GDPR compliance;
  • Helpful dashboards and project tools to ensure complete GDPR coverage;
  • Direction and guidance from expert GDPR practitioners; and
  • Two licences for the GDPR Staff Awareness E-learning Course.

Tags: GDPR Privacy, GDPR Privacy Notice