Image of privacy professionals working on their laptops. This image is featured on the GDPR training page provided by DPO Consultancy, highlighting our comprehensive training sessions on GDPR compliance and data privacy

GDPR and DPO Training

Knowledge and awareness at the right level

The importance of a Data Privacy Training Plan

GDPR and Data Privacy compliance are human work. Privacy policies can be successful only if the knowledge is shared at the right level and employees are aware of risks and procedures. Permanent education of everyone in the organization is therefore essential. It is not without reason that this is prescribed by law. Therefore, your organization cannot do without a well-developed and organization-wide education plan to work on knowledge and awareness.

Education, not only documentation, is the core of a good privacy and data protection policy. Without knowledge and awareness, all plans are made in vain.”

Johan Martens – Partner at DPO Consultancy | Privacy & Data Protection Consultant

DPO-as-a-Service at Jaguar Land Rover | Senior Lecturer at the DPOC Academy

CIPP/E | CIPM

Portrait of Johan Martens, Senior Lecturer at the DPOC Academy. Johan leads data privacy training programs and ensures the quality of all the e-learning materials. He exemplifies DPO Consultancy's commitment to excellence in data protection education

Our GDPR courses and e-learning

The DPO Consultancy training courses give privacy and data protection professionals the skills to face the challenges of today and tomorrow. Our training program is built on a solid theoretical basis, supplemented with practical experience. The teachers are able to combine theory and practice so that the acquired knowledge can immediately be put into practice. Our range of courses varies from basic to in-depth training in privacy legislation and data protection. We also offer tailor-made training, while our e-learning solution is the ideal way to demonstrably provide permanent education for all employees.

 

Our courses Our e-learning

Expand your knowledge on GDPR and Privacy with our latest publications

e-Privacy Regulation Unveiled: Decoding the Regulatory Realm of ePR

4 July 2024
In the complex world of healthcare and data protection, the Health Insurance Portability and Accountability Act (HIPAA) provides crucial guidelines for safely handling patient data. Our latest whitepaper, authored by experts Johan Martens, Emine Bilsin, and Deniz Naz Kaya, offers in-depth analyses and practical advice for navigating the challenges and opportunities HIPAA presents.

Algorithms and discrimination are a core component of this year’s privacy monitoring

3 July 2024
In 2023, the benefits scandal (Toeslagen affaire) advanced with hearings led by the parliamentary committee on Fraud Policy and Services. Despite these sessions, it became evident that little had changed. This lack of progress was unexpected, especially given the frequent summoning of the Dutch Data Protection Authority (AP) by the committee to address previous shortcomings. However, the AP continued to confront challenges related to algorithms and discrimination, as outlined in their 2023 annual report.

Critical Role of Judges Needed in Algorithm Use

26 June 2024
Judges and appeals committees must be vigilant regarding government decisions where algorithms have played a role. Additionally, the government should proactively be transparent about its use of algorithms. This was advocated by Aleid Wolfsen, chairman of the Dutch Data Protection Authority (AP), during a meeting in the Week of the Rule of Law on artificial intelligence (AI) in the judiciary.

AP: More Clarity Needed on Approaching People Entitled to Benefits or Allowances

19 June 2024
The draft law allowing government agencies to proactively approach individuals eligible for benefits or allowances requires further modifications, according to the Dutch Data Protection Authority (AP). Specifically, individuals should receive clear information in advance about which personal data will be exchanged between agencies. The AP’s findings come after reviewing the proposed Law on Proactive Service Provision by the Ministry of Social Affairs and Employment (SZW), which amends the Implementation Structure Act on Work and Income (SUWI).

More AI Guidance and Recommendations published by Data Protection Authorities

13 June 2024
Since the introduction of the European Artificial Intelligence Act (“AI Act”) in March this year, guidance and recommendations by various Data Protection Authorities (“DPAs”) has been published. The most recent recommendations of the French Data Protection Authority (“CNIL”) are no different.

European Health Data Space (EHDS) Regulation: 5 Key Points

30 May 2024
In April 2024, the European Parliament approved the European Health Data Space (EHDS) regulation, which is expected to be ratified by EU member states soon. The aim of these data spaces is to unlock extensive repositories of existing data and facilitate their accessibility for research, innovation, and development, while ensuring compliance with pertinent data protection regulations.

Governments and Facebook in the EU

22 May 2024
New problems arise for Facebook (and its owner Meta) in the EU. After receiving a fine of €390 million from the Irish Data Protection Commission (DPC) over the legal basis for targeted advertising, the Dutch Data Protection Authority questioned the use of Facebook by governmental bodies.

Dutch Data Protection Authority releases Facial Recognition Guidance

10 May 2024
Due to the number of frequently asked questions the Dutch Data Protection Authority has received about the use of facial recognition, the AP has released a guidance about the use of facial recognition.

Privacy Concerns Surrounding Tracking Traffic Lights: An Urgent Call for Action

17 April 2024
In recent years, the deployment of “tracking traffic lights” in the Netherlands has raised significant privacy concerns among both policymakers and citizens. These innovative traffic lights, designed to communicate with mobile phones of road users, have the capability to gather vast amounts of personal data, prompting intervention from the Dutch Data Protection Authority (AP). With the AP sounding the alarm once again, it is imperative for the Ministry of Infrastructure and Water Management (IenW) to take decisive action to address these privacy risks. 

The US unveils new draft Federal Privacy Bill

8 April 2024
The American Privacy Rights Act (“APRA”) has been unveiled. This comprehensive draft legislation sets clear, national data privacy rights and protections for Americans, eliminates the existing patchwork of state data privacy laws and establishes robust enforcement mechanisms to hold violators accountable, including the private right of action for individuals.

Employee Monitoring through facial recognition in attendance control fine

3 April 2024
In April 2024, the European Parliament approved the European Health Data Space (EHDS) regulation, which is expected to be ratified by EU member states soon. The aim of these data spaces is to unlock extensive repositories of existing data and facilitate their accessibility for research, innovation, and development, while ensuring compliance with pertinent data protection regulations.

The AI Act and the GDPR: what does it mean for companies?

15 March 2024
On the 13th of March 2024, the AI Act passed the scrutiny of the European Parliament and is ready to become a law of the Union. This comprehensive regulatory framework aims to govern the development and use of artificial intelligence (AI) across the European Union (EU). The AI Act’s primary aim is to ensure that AI technologies are developed and used in a manner that is ethical, transparent, and respects fundamental rights, and covers a wide range of AI systems used in various sectors, including healthcare, transport, and finance.

EDPS finds European Commission’s use of Microsoft 365 infringes EU data protection law

13 March 2024
After its inquiry, the European Data Protection Supervisor (EDPS) found that the European Commission breached numerous essential data protection rules while using Microsoft 365. As a consequence, the EDPS has mandated that the Commission implement specific corrective actions.

HIPAA: Safeguarding Health Data in the Data Protection Landscape

29 February 2024
In the era where data breaches are not just a possibility but also an unavoidable threat, the Health Insurance Portability and Accountability Act (HIPAA) positions as a ray of hope and security for the healthcare industry. HIPAA is more than just a regulatory requirement.

Navigating HIPAA – Protecting Health Data in the Data Protection Landscape

26 February 2024
In the complex world of healthcare and data protection, the Health Insurance Portability and Accountability Act (HIPAA) provides crucial guidelines for safely handling patient data. Our latest whitepaper, authored by experts Johan Martens, Emine Bilsin, and Deniz Naz Kaya, offers in-depth analyses and practical advice for navigating the challenges and opportunities HIPAA presents.

Embracing the Google Consent Mode V2

21 February 2024
Consent Mode v2, developed by Google, enables the transmission of consent signals from websites cookie banners directly to Google. This ensures that user consent preferences of the user are, in fact, honored. In practice, this tool provides a direct line of communication between the websites, where the user has given their preference to agree to share personal data, directly with Google for advertising purposes and personalization. It is an effective and efficient tool that streamlines procedures while at the same time providing users with more control regarding their personal data. When the user does opt to provide consent, Google can utilize these tools for detailed analytics. Conversely, if the user chooses not to consent, Google restricts the use of cookies and identifiers respectively.

Not answering to DSAR causes serious fines

13 February 2024
In a recent development, the Italian DPA has taken decisive actions against Autostrade per l’Italia and Amazon Italia, fining them €100,000 and €40,000 respectively for having mishandled Data Subjects Access Requests (DSARs) from (former)employees. Article 15 GDPR outlines the Data Subject’s right to access, and its pivotal role has also been acknowledged by the European Data Protection Board (EDPB) guidelines 01/2022 on the right of access as updated on the 28th of March 2023. In particular, this right allows individuals to confirm the processing of their data, access personal information, and obtain details about the processing, including:

The Dutch Data Protection Authority focus on Cookie Banners

7 February 2024
On 2024, the Dutch Data Protection Authority (AP) plans to increase its scrutiny of cookie consent practices to ensure compliance with regulations. Practice has shown that organizations quite often make use of misleading cookie banners, such as hidden rejection buttons or requiring the consumer to go through various clicks before rejecting cookies.

Dutch Data Protection Authority Initiates European Procedure on Privacy and Personalized Ads

31 January 2024
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens or AP), in collaboration with the privacy watchdogs of Norway and Germany, is set to launch a European procedure addressing privacy concerns related to personalized advertisements. The regulators aim to present a clear stance, in conjunction with their EU counterparts, on how online platforms obtain user consent for displaying personalized ads.

Amazon France fined €32 million for unlawful employee monitoring

24 January 2024
On 23 January 2024, the French Data Protection Authority (“CNIL”) published its decision, which was issued on 27 December 2023, regarding the fine it imposed upon Amazon France for numerous violations of the General Data Protection Regulation (“GDPR”) following an investigation. The fine imposed amounts to €32 million. The CNIL investigated Amazon France after press articles were published on the practices implemented by Amazon France and after receiving numerous complaints from employees.

Importance of DPIAs for the Dutch DPA: how to avoid fines

17 January 2024
The Dutch Data Protection Authority (AP) has fined International Card Services B.V. (ICS) 150,000 euros for not conducting a required Data Protection Impact Assessment (DPIA), as mandated by the General Data Protection Regulation (GDPR). DPIAs are crucial for organizations to systematically identify and mitigate privacy risks associated with processing personal data.The CNIL investigated Amazon France after press articles were published on the practices implemented by Amazon France and after receiving numerous complaints from employees.

Data Controller Liability and its Limits according to the CJEU

11 January 2024
In December 2023, the Court of Justice of the European Union (CJEU) ruled on the matter of data controller liability for processing activities carried out by its processor. In case C-683/21, the Court stated that there are limits to this. In other words, the controller-processor relationship is not by itself sufficient, if:

Five crucial steps towards a GDPR-proof Clinical Trial

1 March 2023
Are you ready to tackle the challenges of GDPR compliance in your clinical trials? Our latest whitepaper, “Five Crucial Steps Towards a GDPR Proof Clinical Trial”, offers an in-depth look at the essential steps your organization must take to meet the stringent requirements of the GDPR.

Transferring personal data to countries outside the EU: 5 key questions

23 January 2023
Due to globalization and rapid technological developments, the distances between countries and continents are becoming smaller and smaller. As a result, the personal data of millions of people are part of multiple international data transfers in different time zones and continents almost every second of the day.

AML vs. GDPR: the dilemma of every financial institution explained

21 December 2022
On 20 July 2021, the European Commission adopted a proposal for an anti-money laundering (AML) legislative package that has a major impact on financial institutions. This package aims to harmonize the existing AML legal framework in the European Union and to increase the effectiveness of the fight against money laundering and terrorist financing. In May 2022, the European Data Protection Board (EDPB) raised concerns about the proposed legislation. Specifically, the proposed AML package contains a Regulation for the prevention of money laundering and terrorist financing for the financial sectors (the Proposed Regulation) which appears to contradict with the GDPR on several counts and poses challenges for financial institutions in terms of data protection and GDPR compliance. On the one hand, you have a regulation which compels financial institutions to collect vast amounts of (special) personal data on a person in the name of combatting money-laundering and terrorist financing, while on the other hand, the GDPR compels those same institutions to collect as little personal data as possible. This blog aims to assess what the implications of the opinion of the EDPB are and what steps you can take as a financial institution to comply with seemingly contradictory legal obligations.

Legitimate Interest Assessment (LIA) Checklist

31 October 2022
As an organization, you must determine which lawful basis you are relying on to ensure that your proposed processing is lawful. This checklist will help you assess whether you can invoke the legitimate interest basis for certain processing activities.

Operationalizing Privacy by Design

16 June 2022
Privacy by Design (or “PbD”) originated in the early 1990s and is an engineering and strategic management approach that allows you to selectively and sustainably minimize information system’s privacy risks through technical and organizational controls. Since the introduction of the GDPR, the philosophy of PbD is also reflected in article 25, requiring organizations as data controllers to implement data protection by design and by default.

A practical example of how to apply Privacy by Design

11 February 2022
Since the introduction of the European Artificial Intelligence Act (“AI Act”) in March this year, guidance and recommendations by various Data Protection Authorities (“DPAs”) has been published. The most recent recommendations of the French Data Protection Authority (“CNIL”) are no different.

Transfer Impact Assessment (TIA) Checklist

22 December 2021
In some cases, companies are required by law to perform a Transfer Impact Assessment (TIA). In this road map we outline which steps you have to go through with a TIA.

Connected Vehicles: How to create value and reduce costs while complying with the GDPR?

15 October 2021
Self-driving cars, connecting your smartphone to your vehicle, updating software remotely, automatic route planning based on real-time conditions, or commanding your car to park itself. These are just a few examples of technology we rely on in connected vehicles today. Our Data Privacy Expert, Dounia van de Weerd ‑ Skalli, delves into all the privacy issues related to connected vehicles and provide a useful guideline for GDPR-compliance.

Get in touch!

We respond to your question within 24 hours

Ask your question

This field is for validation purposes and should be left unchanged.

Do you have a question?

We look forward to help you!