• June 15, 2021 - June 18, 2021
    9:00 am - 12:30 pm
  • September 13, 2021 - September 16, 2021
    9:00 am - 12:30 pm



You will receive a link to the training the day before.

We're sorry, but all tickets sales have ended because the event is expired.
Duration :  4 half days (14 hours) + 2h30 exam

The General Data Protection Regulation (GDPR), is an European Union regulation that constitutes the reference text for the protection of personal data. It introduces new rights for individuals and new obligations for all companies that must comply with them.

This  first-level training is suitable for professionals who are considering certification as well as those who wish to deepen their theoretical knowledge of personal data protection in a European environment.

Ageris GROUP has been chosen by the International Association of Privacy Professionals(IAPP) as an official partner for its certification courses in France.

About IAPP: Established in 2000, IAPP is a non-profit, non-profit, non-political association whose mission is to support and improve the knowledge of data protection professionals worldwide. Headquartered in Portsmouth, New Hampshire, with an office in Brussels for Europe, IAPP currently has more than 52,000 members in 110 countries around the world. It provides its members with data protection training, certifications, publications, research, monitoring, events and networking opportunities.


Training objectives

  1. Preparing for the CIPP/E IAPP certification exam
  2. Understanding the regulatory changes imposed by GDPR
  3. Identifying the impacts on organizational aspects within the company
  4. Prepare your compliance action plan


Concerned audience

DPO, DPO of international companies, GDPR consultants.





Organization of the training

  • This training is led by a CIPP/E certified trainer.
  • The trainee will have access to their MyIAPP account prior to the training: access to the digital manual, sample questions and their exam registration voucher.
  • The review must be planned and completed within one year in a presentation at a Pearson VUE test centre: 6,000 centres worldwide
    • You can pass the exam online as well!
  • Each participant receives a summons giving all the necessary information on the material organization of the training 2 weeks before the start of his training.

Other information

  • Your registration leads to the establishment of a vocational training agreement upon request.
  • Each participant receives a summons giving him all the necessary information on the material organization of his training 2 weeks before the start of his training.
  • Training organization No. 4157 02486 57 of 16/05/2006
  • DataDock No. 0034584



CIPP/E Body of Knowledge (BOK) – Detailed program (pdf)

I.     Introduction to European Data Protection

 Origins and Historical Context of Data Protection Law

  1. Rationale for data protection
  2. Human rights laws
  3. Early laws and regulations
  4. The need for a harmonized European approach
  5. The Treaty of Lisbon
  6. A modernized framework

European Union Institutions

  1. Council of Europe
  2. European Court of Human Rights
  3. European Parliament
  4. European Commission
  5. European Council
  6. Court of Justice of the European Union

Legislative Framework

  1. The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
  2. The EU Data Protection Directive (95/46/EC)
  3. The EU Directive on Privacy and Electronic Communications (2002/58/EC) (ePrivacy Directive) – as amended
  4. The EU Directive on Electronic Commerce (2000/31/EC)
  5. European data retention regimes
  6. The General Data Protection Regulation (GDPR) (EU) 2016/679 and related legislation

II.   European Data Protection Law and Regulation

 Data Protection Concepts

  1. Personal data
  2. Sensitive personal data
  3. Pseudonymous and anonymous data
  4. Processing
  5. Controller
  6. Processor
  7. Data subject

Territorial and Material Scope of the General Data Protection Regulation

  1. Establishment in the EU
  2. Non-establishment in the EU

Data Processing Principles

  1. Fairness and lawfulness
  2. Purpose limitation
  3. Proportionality
  4. Accuracy
  5. Storage limitation (retention)
  6. Integrity and confidentiality

Lawful Processing Criteria

  1. Consent
  2. Contractual necessity
  3. Legal obligation, vital interests and public interest
  4. Legitimate interests
  5. Special categories of processing

Information Provision Obligations

  1. Transparency principle
  2. Privacy notices
  3. Layered notices

Data Subjects’ Rights

  1. Access
  2. Rectification
  3. Erasure and the right to be forgotten (RTBF)
  4. Restriction and objection
  5. Consent, including right of withdrawal
  6. Automated decision making, including profiling
  7. Data portability
  8. Restrictions

Security of Personal Data

  1. Appropriate technical and organizational measures
    1. protection mechanisms (encryption, access controls, )
  2. Breach notification
    1. Risk reporting requirements
  3. Vendor Management
  4. Data sharing

Accountability Requirements

  • Responsibility of controllers and processors
    • joint controllers
  • Data protection by design and by default
  • Documentation and cooperation with regulators
  • Data protection impact assessment (DPIA)
    • established criteria for conducting
  • Mandatory data protection officers
  • Auditing of privacy programs

International Data Transfers

  • Rationale for prohibition
  • Adequate jurisdictions
  • Safe Harbor and Privacy Shield
  • Standard Contractual Clauses
  • Binding Corporate Rules (BCRs)
  • Codes of Conduct and Certifications
  • Derogations
  • Transfer impact assessments (TIAs)

Supervision and enforcement

  • Supervisory authorities and their powers
  • The European Data Protection Board
  • Role of the European Data Protection Supervisor (EDPS)

Consequences for GDPR violations

  • Process and procedures
  • Infringements and fines
  • Class actions
  • Data subject compensation

III.Compliance with European Data Protection Law and Regulation

Employment Relationship

  • Legal basis for processing of employee data
  • Storage of personnel records
  • Workplace monitoring and data loss prevention
  • EU Works councils
  • Whistleblowing systems
  • ‘Bring your own device’ (BYOD) programs

Surveillance Activities

  • Surveillance by public authorities
  • Interception of communications
  • Closed-circuit television (CCTV)
  • Geolocation
  • Biometrics / facial recognition

Direct Marketing

  • Telemarketing
  • Direct marketing
  • Online behavioural targeting

Internet Technology and Communications

  • Cloud computing
  • Web cookies
  • Search engine marketing (SEM)
  • Social networking services
  • Artificial Intelligence (AI)
    • machine learning
    • ethical issues