GDPR and Data Privacy Protection Program Implementation Workshop

GDPR – a total Data Protection Game Changer

Attend this highly intensive 2-day workshop and you will learn how to set up a Data Privacy Impact Assessment that will help you develop a Data Privacy Protection Program that meets the new GDPR standards that take effect on May 25th.

Get insights and examples from similar projects implemented in Europe which have used ISACA’s guidelines and best practices.

Learn how to use a 12 steps pragmatic approach for GDPR implementation.  Each step will include a real-life example of the work to be achieved.

For the Data Protection Impact Analysis step, you will use the English-language version of an open source tool provided freely by the French Data Protection Authority.

And finally, you will get the following ISACA’s Privacy Principles, Guidelines and Assessment tools:

  • ISACA Privacy Principles and Program Management Guide
  • Implementing a Privacy Protection Program: Using COBIT 5 Enablers With the ISACA Privacy Principles,
  • GDPR Data Protection Impact Assessments together with the Assessment Tool

This course is offered by the ISACA Athens Chapter in association with the Hellenic American Union.

Early Bird Fee until 27 April for ISACA Members only - special rate for IIA members
Up to 80% OAEK-LAEK subsidy

See full description of the "GDPR & Data Privacy Protection Program Implementation" Workshop

Learning objectives

  • Get a brief introduction of the GDPR legislation, terminology, basic principles and the new role of the DPO
  • Understand the ISACA privacy principles and how to incorporate the ISACA privacy principles into each COBIT 5 enabler.
  • Understand how to build and manage a Data Protection Program by using the ISACA Privacy Principles
  • Get practical guidance in using a 12 steps pragmatic approach for the GDPR IT implementation.
  • Learn how to perform a Data Protection Impact Analysis by using the English-version open source DPIA tool provided by the French DPA

Who should attend:

IT professionals, IT Auditors and IT Security Professionals, Risk and Governance professionals, Data Controllers, Compliance officers, Internal Auditors, DPOs and executives that plan to manage a Data Privacy Protection program or undertake GDPR tasks and responsibilities.


Participants are expected to have a basic understanding of GDPR as the legal part is not going to be covered in this workshop. Anyone who wishes to take a quick refresher course on GDPR may visit the Data Protection site of the European Commission,  prior to attending the workshop in order to become familiar with the basic concepts and articles of GDPR.


  • Introduction to the GDPR legislation
  • The ISACA privacy principles and how to incorporate the ISACA privacy principles into each COBIT 5 enabler
  • Using the ISACA Privacy Principles to Build and Manage a Privacy Protection Program
  • Pragmatic approach for the GDPR Implementation
  • Introduction to the plan using the example of a credit card project
  1. Insure the support from the board & business units
  2. Establish an inventory of personal information held by the organization and the relevant data flows
  3. Privacy Notice & Information requirements
  4. Individuals’ rights
  5. Data subjects’ access requests
  6. Data protection impact assessments (DPIA)**
  7. Consent
  8. Handing children's personal information
  9. Personal data breaches
  10. Security of data processing & data protection by design
  11. Data protection governance
  12. International data transfers

Case study: DPIA exercise (Step 6).

One of the key compliance requirements for GDPR is to conduct data protection impact assess-ments (DPIAs) to identify and reduce the data protection risk within projects and systems, and thereby reduce the likelihood of privacy harms to affected EU citizens. To help with this task, par-ticipants will be requested to bring their laptops with them, download prior to the workshop the open source DPIA tool of the French Data Protection Authority (freely availablein English), and work on a step by step process to complete a DPIA. This analysis will provide insights and guidance on the process of compliance and serve as a reference tool for your actual GDPR efforts at work.


Yves Le Roux, CISM CISSP, ISACA Privacy Guidance Task Force Chair

Yves LE ROUX has more than 30 years of experience in information and network security, standardization, compliance and risk.  He has worked in the Rothschild Group where, among others tasks, he was in charge of the network security. In 1981, he joined the French Ministry of Industry where he was in charge of the Open Systems Standardization programs. In 1986, he took the position of European Information Security Manager at Digital Equipment, and then he joined the security research and development team. In 1999, he went to Entrust Technologies, as a PKI software editor. In 2003, Yves joined Computer Associates Int. as a Technology Strategist. In April 2017, he retires from CA Technologies.  He has co-authored three books on security. He is a lecturer at ISEP (Paris Graduate Engineering School) and spoke in many conferences (e.g., EUROCACS/ISRM 2015, SEMAFOR 2015 , (ISC)² EMEA Congress 2015, (ISC)² Benelux, DACH and Dubai SecureSummits 2017).


Course Code IS300
Department English
Instructor Yves Le Roux, CISM, CISSP, Information Security & Privacy Expert
Instruction Languages EN
Level Intermediate
Prerequisites Basic understanding of GDPR
Who should attend Information Security and IT Audit professional, IT Executives, DPOs, internal auditors, compliance officers
Certificate of AttendanceYes
Certification Track CISA, CISM, CRISC, CISSP
Continuing Education Credits 16 CPEs
Offered OnlineNo
Course Fees €950.00
Partner Institution ISACA Athens Chapter


Days and Hours Start Date End Date Hours per Week
Wed., Thu., 9.00-17.00 23/05/2018 24/05/2018 16
Last Update At: 2018/04/13 - 14:52:57


Stay Connected

Hellenic American Union Twitter Hellenic American Union Facebook  linkedin logo

 YouTube logo  Instagram logo

Worth Visiting 

Center of Excellence in Project Management


Hellenic American Union Thessaloniki


Where to find us

Business & IT
Massalias 22, (7th & 6th  floor)
10680 Athens
Business Programs: 2103680006, 2103680907, 2103680056, 2103680927
IT Programs:
2103680966, 2103680912
Fax: 2103633174



Print this page
Send this page