CALL US +1 (646) 759 9933

Please register to access the free course

Account Details


EU GDPR Data Protection Officer Course

This free online course is intended for those performing the role of the Data Protection Officer (DPO). As a beginner-level course, no prior knowledge of EU GDPR or experience with the privacy role is necessary. You will learn everything you need to know about EU GDPR as well as the requirements for the DPO.

After completing the course, you will have the option to take an online certification exam. After passing the exam, you will receive a certificate proving that you know all the requirements of EU GDPR and that you are fully competent in performing the role of Data Protection Officer.

This course is organized into 13 modules (content for each module is listed below), and each module has several video lectures and practical activities that will help you learn more quickly.  At the end of each module, a practice test will prepare you for the certification exam. All the video lectures are pre-recorded, conveniently allowing access to the course from anywhere at any time.

  • The total course duration, including the reading of required materials, is approximately 15 hours.
  • Materials provided in the course (video lectures, articles, and activity questions) will teach you all the information you need in order to pass the certification exam.
  • There is no time limit to complete the course, but once you begin, it is recommended that you finish within two weeks’ time.
  • The access to this course and to the practice exams is completely free; the fee for the online certification exam is 449 EUR – after you pass the exam you’ll receive your certificate in a matter of days.
ISO training | EU GDPR Data Protection Officer Course
Course instructor: Tudor Galos
Course language: English
352 students
This course was developed by privacy specialist Punit Bhatia, CIPM, CIPP-E, COP and author of “Be Ready for GDPR,” one of the most popular books on EU GDPR. The course is presented by Tudor Galos, who brings more than 15 years’ experience in marketing compliance roles, including GDPR.

Course Curriculum

Introduction to the course
Module 1: Privacy origins and GDPR basics
Introduction and suggested reading
Short history of privacy legislation
The General Data Protection Regulation
Related frameworks
Key terms
Key roles
Top myths about GDPR
Business activities that are most impacted by GDPR
Related documentation
Practice exam
Module 2: Legitimate purposes and principles
Introduction and suggested reading
Legitimate purposes of processing personal data
GDPR principles
Understanding the principles through an example
Related documentation
Practice exam
Module 3: Transparency through Privacy Notice
Introduction and suggested reading
The basics of Privacy Notices
Requirements and contents of a Privacy Notice
Related documentation
Practice exam
Module 4: Inventory of processing activities and retention
Introduction and suggested reading
Inventory of Processing Activities – why and what?
Retention of personal data – why and what?
Fulfilling inventory and retention requirements – who and how?
Specific information required for controllers
Specific information required for processors
Related documentation
Practice exam
Module 5: Consent and Data Subject Access Requests
Introduction and suggested reading
Consent – the basics
How and when to ask for consent
Data subject rights
Basic rules for data subject access request (DSAR)
DSAR requests
DSAR exemptions and rejections
Related documentation
Practice exam
Module 6: Data Protection Impact Assessment and risk assessments
Introduction and suggested reading
What is Data Protection Impact Assessment (DPIA)?
Step 1: Listing and grouping data processing activities
Steps 2 and 3: The threshold questionnaire & determining if DPIA is needed
Step 4: Answer the Data Protection Impact Assessment questionnaire
Steps 5 and 6: Identify and list key security risks
Step 7: Recording the implementation; maintenance
Related documentation
Practice exam
Module 7: Security of personal data and privacy by design
Introduction and suggested reading
What is privacy by design?
Policies to be implemented to ensure security of personal data
Best practices to implement privacy by design policies
Related documentation
Practice exam
Module 8: Data transfers and managing third parties
Introduction and suggested reading
Introduction to data transfers
How can data transfers be enabled?
Managing third parties
Related documentation
Practice exam
Module 9: Data breaches
Introduction and suggested reading
The data breach basics
Data breach response
Data breach notifications
After a data breach
Related documentation
Practice exam
Module 10: DPO basics
Introduction and suggested reading
Why does a company need a DPO?
The responsibilities of the DPO
Responsibilities towards the DPO
Hiring an external DPO
Related documentation
Practice exam
Module 11: Defining the organisational approach to privacy
Introduction and suggested reading
The first thing to do as a DPO
Getting the buy-in from top management
Identifying the key stakeholders
How do you get buy-in from your key stakeholders?
Define a Personal Data Protection Policy
Setting up privacy governance
Related documentation
Practice exam
Module 12: Setting up a Privacy Program
Introduction and suggested reading
Making a choice about internal or external resources
Choosing an external consultant
Set up the project management
Choosing the right project manager
Key steps in your project
Conducting a Gap Analysis
Advanced risk management
Treating the risks
Awareness and training
Key deliverables for compliance with GDPR
Monitor the implementation
Related documentation
Practice exam
Module 13: Sustaining and improving compliance
Introduction and suggested reading
Methods for sustaining and improving compliance
Internal audit
Handling existing contracts with third parties
Handling new contracts with third parties
Regular reviews and improvement actions
Keep looking forward
Related documentation
Practice exam
Instructions for taking the exam and obtaining the certificate

Course Reviews

  1. GiorgiaV says:

    Great course
    I really enjoyed the course, it gave me a clear picture and helped me improve my understanding of the GDPR. Questions and practice exams should be a little more challenging in order to really assess understanding a preparation.

  2. This is a userful course to prepare the DPO.
    I learned more about GDPR before to follow this course and I say that I can evaluate objective this one. In my opinion this course is the best choice to prepare a DPO.

Frequently Asked Questions

The materials provided in the course – recorded video lectures, quizzes, reading, and other activities – are everything you need to successfully pass the exam and obtain the certificate. The best part is: they are completely free with unlimited access!

You can access the course using your PC, Mac, or mobile device, using any major browser (i.e., Chrome, Mozilla, Internet Explorer, Safari); a broadband Internet link will also be needed. And, of course, enough time to attend the course.

The course is a combination of recorded video lectures, quizzes, reading, and other activities – the course takes you through all these materials in an optimal way.

After you finish attending the course, you can go for the exam – if you finish this exam successfully, i.e., if your score is above the minimum, then you will receive the certificate. By the way, during the exam we use an online proctoring service that will ask for proof of your identity, and make sure that you have taken the exam with no external help. Click here to learn more about online proctoring.

The exam, as well as the whole course, is completely done online, from your office, your home, or any other place convenient for you. For the exam we use an online proctoring service – click here to learn more.

Well, we have to make money somehow :). We have made most of the course freely available, but to access the exam and get the certificate you’ll have to pay a fee – by the way, this fee is by far smaller than the fee for attending the classroom-type course.

None. The course was made in such a way that a beginner in this topic can easily understand it.

You can access it any time – the course is a combination of recorded video lectures, quizzes, reading, and other activities, and because all those materials are readily available, you can access them at a time that is convenient for you.

No, you can attend the course as long as you like; however, you should try to finish it in a couple of weeks because otherwise, you won’t get enough benefits out of it.



  • Exemplar Global (formerly RABQSA) is leading international
    authority in certification of training providers.

  • ITIL® is a registered trade mark of AXELOS Limited.
    Used under licence of AXELOS Limited. All rights reserved.

  • DNV GL Business Assurance is one of the leading providers of
    accredited management systems certification.