Build EU GDPR data protection compliance from scratch (CIPT)

Data Protection Compliance
from Scratch (CIPT)

Make your organization GDPR complaint!



Build EU GDPR data protection compliance from scratch (CIPT)

Every business requires a strong implementation of privacy principle adhering to international privacy laws and a requirement for data protection. Organizations that administer strict enforcement of privacy laws, as a result, have reduced number of data breaches.


This Course Will Help You To

Learn how to improve consumer confidence.
Learn to protect your ecosystem with better data security.
Learn to align your organization with evolving technologies.

Who is it for?

Anyone interested in GDPR compliance.
Any security enthusiast willing to learn about GDPR.
Anyone interested in how to start a GDPR program.
Anyone interested in technologies that can help achieving GDPR compliance.


You will be able to analyze a company’s GDPR compliance program and to think properly through step by step examples.
We have included new topics related to GDPR for HR, GDPR for Cloud Service Providers, and the DPO role in an organization + how to initiate it.
The course is a complete A to Z GDPR training, so we will cover everything that you need to know.

About the Course

icon box image


12.5 hours

icon box image



icon box image



Build EU GDPR data protection compliance from scratch (CIPT)

The course provides a basic understanding about GDPR foundations, explains concepts of data privacy and GDPR compliance and its documentation process that can be reused and adopted for your own organization. From this course you will be able to identify vulnerabilities and take measures to maintain privacy. It includes implementation of GDPR design via assessment tools. It provides insights about online privacy issues through social media and other technologies. The understanding about how GDPR can be used for HR, Cloud Service Providers acts like a leverage. The course also explains the role of Data Privacy Officer and its importance. By developing basic knowledge of the GDPR and understanding how it affects you, you will learn about the first steps for making your organization compliant.




Why start learning GDPR Data Privacy with me?



Course Outline

Section 1: Introduction

Video 1.1: Why start learning GDPR Data Privacy with me?

Video 1.2: What is included in this course?


Section 2: Understanding the need for privacy in IT environment

Video 2.1: Evolving compliance requirements

Video 2.2: Major Risks to a Company’s IT Framework

Video 2.3: Application Related Risks

Video 2.4: Network Related Risks

Video 2.5: Storage Related Risks

Video 2.6: Stakeholder’s expectations for privacy

Video 2.7: Privacy vs Security

Video 2.8: IT Governance vs Data Governance

Video 2.9: The role of the IT professional & other stakeholders in preserving


Section 3: Core Privacy Concepts

Video 3.1: Privacy Foundational elements – Organizational Privacy Notice

Video 3.2: Privacy Foundational elements – Organizational Privacy Policy

Video 3.3: Privacy Foundational elements – Organizational Security Policies

Video 3.4: Incident Response – Security and Privacy Perspectives

Video 3.5: System Development Lifecycle and Enterprise Architecture

Video 3.6: Privacy Impact Assessments (PIA)

Video 3.7: Common Privacy Principles


Section 4: Privacy Consideration & Techniques

Video 4.1: The Collection Process – Notice

Video 4.2: The Collection Process – Choice, Control & Consent

Video 4.3: Other topics related to collection

Video 4.4: Use

Video 4.5: Security Practices and Limitations on Use

Video 4.6: Disclosure

Video 4.7: Retention – Records, Limitations, Access

Video 4.8: Retention – Security Considerations

Video 4.9: Destruction


Section 5: Privacy in Systems and Applications

Video 5.1: Identity and Access Management (IAM)

Video 5.2: Limitations of Access Mgmt & Least Privilege principle

Video 5.3: User Based Access Control & Role Based Access Control

Video 5.4: Context of Authority

Video 5.5: Cross Site Authentication & Authorization Models

Video 5.6: Credit card information & Processing

Video 5.7: PCI-DSS & PA-DSS

Video 5.8: Remote Access & BYOD – Privacy & Security Considerations

Video 5.9: Remote Access & BYOD – Access to Computers & Architecture controls

Video 5.10: Data Encryption – Design Considerations

Video 5.11: Application, Record and Field Encryption

Video 5.12: File & Disk Encryption

Video 5.13: Encryption Regulation & Crypto Standards

Video 5.14: Other Privacy enhancing Technologies

Video 5.15: Software Notifications and Agreements


Section 6: GDPR Implementation: Short Intro

Video 6.1: GDPR short overview

Video 6.2: Format and Definitions

Video 6.3: Principles

Video 6.4: Lawfulness

Video 6.5: Gap Assessment Tool

Video 6.6: Management Commitment

Video 6.7: Preparation of a Project Plan

Video 6.8: GDPR Roles

Video 6.9: How to Capture Personal Data in a Form

Video 6.10: GDPR Privacy Data Protection Policy

Video 6.11: Data Subject Request Procedure

Video 6.12: Data Protection Impact Assessment (DPIA)

Video 6.13: How to treat international transfers

Video 6.14: Data Breach and IRP

Video 6.15: ISO and GDPR

Video 6.16: Privacy by Design


Section 7: Online Privacy Issues

Video 7.1: Organizational Privacy Strategy for Social Media

Video 7.2: Consumer Expectations

Video 7.3: Children’s Online Privacy

Video 7.4: Social Media: personal information collected

Video 7.5: Social media – personal information shared and ownership

Video 7.6: E-commerce personalization

Video 7.7: Online Advertising

Video 7.8: Key considerations when posting ADs on your website

Video 7.9: Understanding cookies, beacons and other tracking technologies

Video 7.10: Cookies – Deep Dive

Video 7.11: Web Browser Privacy and Security Features


Section 8: Technologies with Privacy Considerations

Video 8.1: Wireless Technology – RFID

Video 8.2: Wireless Technology – NFC, Bluetooth & WiFi

Video 8.3: Location Based Services (LBS) – generalities

Video 8.4: Location Based Services (LBS) – GPS

Video 8.5: Location Based Services (LBS) – GIS

Video 8.6: Surveillance of Individuals

Video 8.7: Data surveillance & Biometric recognition


Section 9: Direct Marketing Challenges

Video 9.1: Data Protection & Direct Marketing

Video 9.2: The concept of Direct marketing

Video 9.3: The right to opt-out

Video 9.4: Marketing Requirements under e-Privacy Directive

Video 9.5: Postal Marketing

Video 9.6: Telephone Marketing

Video 9.7: Electronic Marketing

Video 9.8: Location Based Marketing

Video 9.9: Online Behavioral Advertising (OBA) and GDPR


Section 10: Lawful Processing of HR Data, Contracts and Recruiting

Video 10.1: Where do privacy and HR meet?

Video 10.2: More difficult to rely on Consent

Video 10.3: Data Protection Principles from HR perspective

Video 10.4: Consent_no_longer_an_option_for_HR

Video 10.5: Legitimate interests

Video 10.6: Pseudonymisation

Video 10.7: Cross Border HR Data Transfers under GDPR

Video 10.8: Changes to employee data management under GDPR

Video 10.9: DPOs and DPIAs from HR perspective

Video 10.10: Data Breaches & what to take away from that

Video 10.11: Action Steps from HR perspective

Video 10.12: HR related policies and procedures

Video 10.13: Contracts of Employment – what to look for

Video 10.14: Data Protection Policy

Video 10.15: GDPR terms and how they relate to recruiting?

Video 10.16: Map your recruiting data

Video 10.17: Create a privacy policy for recruiting

Video 10.18: Source candidates online with care

Video 10.19: Ensure you job application process complies with GDPR

Video 10.20: Ensure your software vendors are compliant


Section 11: GDPR for Cloud Service Providers (CSPs)

Video 11.1: Cloud and GDPR Concerns

Video 11.2: Looking at GDPR the right way

Video 11.3: Controllers and Processors

Video 11.4: CSP as a processor and GDPR

Video 11.5: Technical and Organizational measures

Video 11.6: Subcontracting

Video 11.7: Clauses between a processor and a sub-processor

Video 11.8: Changes to employee data management under GDPR

Video 11.9: Codes of conduct, certifications and compliance

Video 11.10: Important steps to compliance

Video 11.11: Choosing a hosting provider

Video 11.12: What businesses need to do

Video 11.13: Software and CSPs to consider – part 1

Video 11.14: Software and CSPs to consider – part 2

Video 11.15: Software and CSPs to consider – part 3

Video 11.16: Software and CSPs to consider – part 4

Video 11.17: Advices for CSPs and Software providers

Video 11.18: GDPR and IoT approach

Video 11.19: There is far more in this space

Video 11.20: GDPR requirements in an IoT context

Video 11.21: Robots, AI, IoT and BigData


Section 12: GDPR and Payment Services Directive (PSD2)

Video 12.1: What is PSD 2 and main objectives

Video 12.2: Benefits for consumers

Video 12.3: Scope of PSD2 directive

Video 12.4: New rules on authorization and supervision

Video 12.5: Security of Payments

Video 12.6: New types of service providers – TPPs

Video 12.7: Impact of PSD2 to financial services industry

Video 12.8: New risks associated with the TPPs

Video 12.9: Banks are caught between GDPR and PSD2

Video 12.10: Other challenges – GDPR and PSD2

Video 12.11: What is Open Banking Consent Model

Video 12.12: Consent Step

Video 12.13: Authentication Step

Video 12.14: Authorization Step

Video 12.15: Redirection

Video 12.16: Data Minimization & Permissions


Section 13: How Technology can Help in Achieving GDPR compliance

Video 13.1: What you will be learning in this section

Video 13.2: Identity Protection demo (AAD IP)

Video 13.3: Privileged Identity Management demo (PIM)

Video 13.4: Mobile Productivity policies demo (Intune)

Video 13.5: Classification, Labelling and Protection of Information demo (AIP)

Video 13.6: Cloud application visibility and security demo (Cloud App Sec)

Video 13.7: Security in cloud infrastructure environment demo

Video 13.8: Defending and remediating endpoints from cloud demo


Roland Costea

Know Your Author

Roland Costea is a Cybersecurity, Privacy and Cloud Leader, and Strategist with practical experience in running cybersecurity and cloud business units, practices, and divisions from zero to maturity with year over year quality growth and quota over-achievement (projects of >50 million euro/year).



learn python
[spb_gopricing pricing_table=”code-red_5_5ee3b9e94420e” width=”1/1″ el_position=”first last”]

Customers Who Loved Our Courses


Build EU GDPR Data Protection Compliance from scratch (CIPT)


Concepts covered very nicely.



The course covered a wide area and various topics relative to my job role.



Excellent coverage and detail related to implementing EU GDPR.



The extent to which GDPR provisions were explained.