Sign up to our mailing list

Sign up for more info including course updates,
upcoming courses and the latest news from GTA


Data Protection

GDPR Foundation and Practitioner

Course details

CPD Points





5 full days (09:00-17:00)

Course Overview

This combined course offers the Foundation and Practitioner level GDPR (General Data Protection Regulation) courses. The Foundation course provides a complete introduction to the Regulation, and an overview of the implications and legal requirements for organisations, including responding to individuals (data subjects) exercising their rights, DPIAs (data protection impact assessments) and data breach reporting (1 day).

The Practitioner course is at advanced-level and builds on the GDPR Foundation qualification to give you the knowledge and operational skills to build, implement and manage a GDPR compliance programme, and to fulfil the DPO (data protection officer) role.

This programme is primarily aimed at professionals working in the field of data protection and data privacy. It is also suitable for individuals with little experience but who wish to enter the field of data protection with a professional qualification.

Course Content

The GDPR provides a single, harmonised data privacy law across the EU, and Guernsey has updated its own law to reflect these new rules. All organisations need to respond to fast changing risk in this area – with cyber-attacks and poor information governance featuring heavily in recent times.

The GDPR tightens up on rules around data security and information handling and will require a comprehensive risk-based approach by all those handling personal data.

This Foundation element of the course provides a complete introduction to the EU GDPR, and an overview of the key implementation and compliance activities.

Guernsey’s Assistant Data Protection Commissioner, Rachel Masterton, will be joining the second day of each 5-day course for 1 hour to explore the local implications of the GDPR.

Day 1 focuses on:

  • Bands of penalties for breaches
  • Lawfulness of processing and consent
  • The six data protection principles
  • Special categories of personal data
  • The rights of data subjects, including data access requests
  • Controllers and processors
  • Data protection by design
  • Securing personal data
  • How to perform a DPIA (Data Protection Impact Assessment)
  • Reporting data breaches
  • The DPO role
  • Transferring personal data outside the EU
  • Certification against the GDPR
  • The powers of supervisory authorities
  • Lead supervisory authorities
  • The role of the EDPB (European Data Protection Board)

On the Practitioner element of the course (days 2-5) you will understand how to implement an effective privacy and information security compliance programme in line with the GDPR, which is essential for anyone involved in implementing and maintaining GDPR compliance in their organisation.

Days 2 – 5 focus on:

  • The role of the DPO (data protection officer)
  • What constitutes personal data
  • Accountability, the privacy compliance framework and a PIMS (personal information management system)
  • Lessons to be learned from common data security failures
  • The six data protection principles – how to apply them and demonstrate compliance
  • The security of personal data
  • An organisational risk management framework
  • Legal requirements for a DPIA
  • How to conduct a DPIA with a DPIA tool
  • Why and how to conduct a data mapping exercise
  • The rights of data subjects
  • Giving and withdrawing consent
  • Handling DSARs(data subject access requests)
  • The roles of controllers and processors, and the relationships between them
  • Transferring personal data outside the EU and the mechanisms for compliance
  • How to become GDPR compliant using a compliance gap assessment tool

Who should attend this course:

  • Privacy managers
  • Data protection managers
  • Information security managers
  • IT managers
  • Project managers
  • Corporate governance managers
  • Risk and compliance managers
  • General or privacy counsels
  • Individuals with little experience but who wish to enter the field of data protection with a professional qualification

Read the States of Guernsey's draft legislation document The Data Protection (Bailiwick of Guernsey) Law, 2017(published in November 2017).

Virtual Learning (Option) This course is also available virtually through the GTA, tutor led in real time but with the benefit of accessing it from the comfort of your office or your own home and these courses run regularly. The length of the course and the content are exactly the same as with the classroom option. Please email us on [email protected] if you would like to receive the cost, which can vary, depending on available dates for your chosen professional qualification.

Or if you are interested in a shorter course on data protection, please see the GDPR one day Foundation Classroom Training.

Course Benefits

By attending this course you will get a comprehensive introduction to the GDPR, its implications and what it means for your organisation.

You will also benefit from a comprehensive learning experience, from specialist consultants, on the GDPR (General Data Protection Regulation), developing a practical understanding of the implications and legal requirements for your organisation.

You will have attended a IBITGQ and CIISec (The Chartered Institute of Information Security) accredited, five-day training course.

Successful completion of the course and included exams leads to the ISO 17024-certificated EU GDPR Foundation & Practitioner (EU GDPR) qualification.


GDPR Foundation Exam (end of day one)

Attendees take the ISO 17024-certificated EU GDPR Foundation exam set by IBITGQ (International Board for IT Governance Qualifications).

There is no extra charge for this exam.

  • Duration: 60 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

GDPR Practitioner Exam (end of day 5)

You will take the ISO 17024-certificated EU GDPR Practitioner exam set by IBITGQ.

There is no extra charge for this exam.

  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%


We recommend purchasing and reading EU GDPR - A Pocket Guide, and one or both of the following:

  • EU GDPR - An Implementation and Compliance Guide
  • GDPR Toolkit

Next Steps

If you would like to book a place on this course please click on the ‘Book Course’ button to the right of this page and login or register for a user account to complete your booking(s). Any queries please do not hesitate to contact us via [email protected] or call us on 01481 224570.

If no date is scheduled for this course at the present time please click on the ‘Register Interest’ button and login or register for a user account so that we can add you to our course interest register. This register allows us to contact our tutors and finalise dates for a course as soon as we have a few people who have expressed their interest, so the more delegates who register their interest, the sooner we can schedule a particular course.

Course Tutor

  • IT Governance

    IT Governance is a professional services company, founded in 2002, with a wealth of consultancy skills that originally focused on information security/cybersecurity standards, notably ISO27001. Their consultants have extensive practical experience of designing and implementing management systems and help to develop the skills needed to deliver best practice and compliance in an organisation.

    The company has an impressive track record having helped well over 130 clients over the years to successfully gain the coveted ISO27001 certificate, proving their compliance with one of the most demanding management system standards. They have since developed their offerings into various other management disciplines and now provide a comprehensive single source of information, advice, books, tools, consultancy and training for IT governance, risk management, compliance and IT security objectives.

Upcoming Courses

Some courses we run are scheduled based on demand. Please ensure you register your interest to ensure we know which courses you would like to attend.