Intensive data protection course
GDPR Data Privacy Professional
Online course on the protection of personal data in accordance with the GDPR (General Data Protection Regulation) from certified information privacy specialist Siarhei Varankevich.
Why should I choose this training?
Our course is based on practice.

Siarhei shares his own methodology with students. Key point of the course is practical knowledge. Together we will solve 32 cases from our clients and world-known corporations.

Our students are forever our partners.

All our students are invited in our virtual networking space where you can communicate with other experts, find answers to your questions, get exclusive offers and grow!

You don't need to have a legal or technical background!

Do not be afraid if you are a beginner. Siarhei can explain everything in simple words and help you to go through difficult moment.

We try to keep our students up to date.

Intensive data protection course GDPR DPP has withstood the test of time and is still relevant to clients' needs. We upgrade the course with new information, news and cases every month.

More than 2000 graduates.

More than 2000 graduates of the course have become DPOs and work in the UK, Germany, Lithuania, Latvia, Estonia and CIS.

Experiance and knowledge.

The author and trainer of the course Siarhei Varankevich, CIPP/E, CIPM, CIPT, MBA, FIP started his journey in the GDPR world in Germany.


Nevertheless, GDPR came into force in 2018, still there are lots of questions and not many qualified specialists that can protect companies from paying fines and data breaches. We are sure, you can find yourself in such questions: 

  • Do I make the right steps in data protection?
  • Don’t I violate the Regulation?
  • Why do clients request to delete data?
  • Why was our app removed from the Google Play Market or the App Store?

These and other situations are a sign that it is time to take the GDPR into consideration. Data privacy is a rather serious topic, any mistake can lead to millions in fines and lose a company’s reputation. But only if the company does not have a professional who can manage the data and make business friendly for clients.  GDPR Data Privacy Professional course is not about separate pieces of information that you should learn. GDPR DPP is about methodology and how it works, it is your step-by-step path to data compliance. We open you a door to the actual and well-paid profession. What are you waiting for? 

By the end of the course, you will:
Understand how to succeed in a privacy sphere
Implement GDPR concepts in your workflow
Help your company save millions EUR avoiding paying fines
Have already made your first step in a new profession - Data Privacy Professional!
For what companies?

First of all, the following companies must comply with the GDPR:

  • Apps and cloud services
  • Pharma and medical companies
  • IT outsourcing companies
  • E-commerce
  • Social networks
  • Banks
data protection

After the course you will be able to answer the following questions:

  1. What is privacy?
  2. How to define personal data under the GDPR?
  3. What legal ground is necessary for collection of personal data and how long you can store it?
  4. Who, how and when should be designated as Data Protection Officer?
  5. How is risk assessment (DPIA) carried out?
  6. What shall you write in your Privacy policy?
Course in numbers
Case studies
MB of additional materials
  • Concepts of privacy, data privacy, data protection. Types of privacy.
  • Review of existing data privacy laws, standards and regulations
  • Сases, court precedents, guidelines in information privacy
  • The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data №108
  • Directive 96/46
  • Overview of present regulatory framework of data protection in EU (GDPR+)
  • History of EU General Data Protection Regulation (GDPR)
  • Territorial and material scope of GDPR
  • Structure of GDPR text (recitals, business related articles etc)
  • Overview GDPR related acts
  • National data privacy legislation
  • Legal precedents
  • Guidelines and opinions of Article 29 Working Group (Art29WP) / European Data Protection Board (EDPB)
  • Guidelines of national supervisory authorities (SAs)
  • Overview of risks, fines, responsibilities related to personal data processing
  • Mapping of the Belarusian, Ukrainian and Russian data protection laws to the rules applicable in EU.
  • The concepts of personal data (PD), identifier, data subject
  • Formula of Persomal Data “(id-x)+info”
  • Cases of (non-)personal data
  • Biometric data
  • Data processing and types of processing.
  • Transparency of processing
  • Purpose limitation
  • Data minimisation
  • Storage limitation
  • Accuracy
  • Integrity and confidentiality
  • Accountability
  • Consent
  • Conditions for consent
  • Getting consent in UX
  • Contract
  • Legal obligation
  • Vital interest
  • Public interest
  • Legitimate interest
  • Balancing test of Legitimate Interest Assessment (LIA)
  • Modalities for exercise of the rights of the data subject
  • Right to information about processing
  • Right to access personal data
  • Right to rectification
  • Right to restriction of processing
  • Right to be forgotten
  • Right to data portability
  • Right to object
  • Right to not be subject of automated decision-making
  • Data subject’ rights restriction
  • Case “Nightmare letter from data subject”
  • Check-box approach vs risk based approach
  • Concept of risk
  • Risk likelihood and severity
  • GDPR terminology related to risks (high risk, likely etc)
  • Data Protection Impact Assessment (DPIA) requirement under GDPR
  • When DPIA is mandatory
  • BIA (Business Impact Assessment) or SIA (Security Impact Assessment) as triggers for DPIA
  • General approach to conduct DPIA
  • Describing processing operations, personal data and supporting assets
  • Legal and risk-treatment controls
  • Risk sources, feared events, threats and risks
  • Tools for Data Protection Impact Assessment
  • GDPR requirements to information security
  • Data breach notification of supervisory authorities and data subjects
  • Technical and organisational measures of managing information security risks
  • Overview of GDPR rules on cross-border data flow
  • Documenting international transfers of personal data
  • Data Processing Agreement
  • Binding Corporate Rules
  • Standard Contractual Clauses
  • Codes of conduct and certifications
  • Derogations relating to cross-border data transfers for specific situations
  • The 7 foundational principles of privacy by design by Ann Cavoukian
  • Privacy by Default
  • Privacy embedded into design
  • Full functionality – positive-sum
  • End-to-End Security – Lifecycle Protection
  • Representative in EU
  • Data Protection Officer / DPO


Training is an organizational measure, and is a duty reflected in the General Data Protection Regulation, Articles 24, 25, 28, 32, and 39. Our recognizable certificate confirmyour knowledge and ability to work as DPO specialist. We also attach the course program to certificate. 

Online format

We use Zoom to organize the training. You can see the trainer and his screen, as well as ask him questions in real time using a mic or a webcam.

We will share with you an invitation link through a group chat in WhatsApp.

Technical requirements:

  • mic and headphones;
  • Internet connection for high-quality video call;
  • Zoom app.

For maximum benefit, we recommend that you dedicate these days exclusively for the training.


Sign up