Data Protection 27701 Lead Auditor – ISO 27701 training

Data Protection 27001 lead auditor training, Data Protection training, Data Protection certification, Data Protection exam, Data Protection Portugal, Data Protection live online training

Acquire the expertise to Lead Audit Teams and to Audit a Privacy Information Management System (PIMS), implemented in accordance with the requirements of the ISO/IEC 27701 International Standard and in compliance with GDPR.


The Data Protection 27701 Lead Auditor course, in addition to the approach to the standard, includes a practical part – the audit methodology of a Privacy Information Management System developed using the ISO audit requirements and best practices, and other audit related guidance – guided by a real-world adapted case-study.

More than knowing concepts, principles, and requirements of ISO/IEC 27701 and GDPR, and for ISO/IEC 27701 and/or GDPR compliant audits, the students will learn how to put into practice an ISO/IEC 27701 and GDPR audit program, based on a customized audit methodology proposed by BEHAVIOUR.

During this course, the students will develop the needed resources to support the implementation and maintenance of an audit program, including the required templates and other resources to support internal or external audit assignments using the ISO 19011 and other ISO and non-ISO international recognized audit best practices on the market. This approach provides the students with the knowledge and competences needed to develop and adapt their own audit tools in response to the real-world context requirements.

The fundamental knowledge of the Data Protection GDPR and ISO/IEC 27701 Foundation is included in this course, so it is not a prerequisite or a training path.

The course enables participants to develop the necessary expertise to audit a management system based on ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27701, in compliance with the specified requirements of REGULATION (EU) 2016/679 (GDPR).

As the students advance through the subjects of the course, they will be presented with the most recognized worldwide privacy and data protection frameworks, legislation, and regulations.

The course covers the latest frameworks and requirements, including an overview of the new EU-US Data Privacy framework, and other related as part of the Data Privacy Framework Program, the new schemes for GDPR certification, and the requirements for ISO/IEC 27001 and ISO/IEC 27701 certifications.

Training materials updated with the last released editions of all the related best practices, including any related draft published.


This Training Plan and all associated documents are protected by Copyright and registered as a literary work at IGAC – Portugal.

Next GUARANTEED DATES (*)       No scheduled dates for this course? Contact us:


This course is available to be delivered in a classroom and > Live Online Training <
Data Protection 27701 Lead Auditor Path
In this course, the students will acquire the expertise to develop an audit program, lead audit teams and audit a Privacy Information Management System (PIMS), established according to the requirements of the ISO/IEC 27701 International Standard and in compliance with GDPR.

Besides the fundamental concepts related to information security and privacy, a detailed overview of GDPR, an overview clause-by-clause of the ISO/IEC 27701 and ISO/IEC 27001 standards and their controls, the course leads the students through a step-by-step customized methodology to prepare and conduct internal and external audits for compliance with the ISO/IEC 27701 international standard and the GDPR. The PIMS audit program and its process covered in this course is supported by the ISO 19011, ISO/IEC 27007, ISO/IEC 17021-1, and ISO/IEC 27006 standards, as well as other internationally recognized audit best practices.

The customized audit methodology helps the students transform their learned knowledge and expertise in real-world practice. Applying this knowledge, the students will be able to draft and implement their own audit program, including the design of the required tools and techniques to support the audit program and perform their internal and/or external audit assignments.

Based on a real-world adapted case-study organization, and supported by several approaches, templates, and other tools, including discussions and practical exercises, the students will team-up with their peers during this course and will be challenged to demonstrate their Lead Auditor skills on the audit of the PIMS of this organization. This training methodology trains and prepares students to successfully perform audits in conformity with the ISO/IEC 27701 standard and in compliance with GDPR in a real-world environment.

Training Methodology
This course is based on theorical, and practical sessions supported by a real-world adapted case-study.
The course includes hands-on practical and theorical exercises to:
  • better prepare the students for the real-world challenges, and
  • to prepare and increase the likelihood of success on the certification exam, and
  • train and prepare professionals for participating in a PIMS audit program, or lead and conduct PIMS audits based on ISO/IEC 27701, and/or GDPR compliance audits.

This course is available to be delivered in a > Live Online Training < model and classroom.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

  • Information Security, Data Protection, IT Consultants, or other IT/IS experts that need to perform Internal or External Audits.
  • Internal auditors participating in or leading ISO/IEC 27701 and/or GDPR compliance audits.
  • External auditors hired by contract to perform internal audits or requiring the needed knowledge to work with Organization Certification Bodies performing ISO/IEC 27701 and/or GDPR certification audits.
  • Managers or head of audit departments wanting to complement their knowledge on how to establish an ISO/EC 27701 and/or GDPR audit compliant program.
  • Project managers leading or preparing to lead an ISO/IEC 27701 implementation program that need to understand the PIMS audit requirements and want to establish an ISO/IEC 27701 compliant audit program.
  • Any professional involved in the implementation or operation of a PIMS based on ISO/IEC 27701 wanting to better understand the audit process.
  • Anyone who wants to acquire the knowledge needed to audit an ISO/IEC 27701 PIMS and/or a GDPR compliance program

Students should understand English as the course documentation is in this language.
Also, other requisites may apply, please check the quotation or the proposal received.

Duration (days)
5 days

Learning Objectives
At the end of the course students should be able to:
  • Understand the fundamental privacy, data protection and information security concepts.
  • Get to know and understand the GDPR and ISO/IEC 27701 requirements and the correlation between GDPR, ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and other privacy management standards and regulatory frameworks.
  • Understand the requirements for an ISO/IEC 27701 PIMS (or, DPMS) and its implementation and operation process.
  • Understand the fundamental audit concepts and principles based on the ISO 19011 standard.
  • Establish, implement, maintain, and improve an internal audit program compliant with the requirements of ISO/IEC 27701, the GDPR and supported by the most recent ISO and related audit best practices.
  • Understand the requirements and know how to prepare and plan PIMS compliant ISO/IEC 27701 audits, and/or GDPR compliance audit.
  • Understand the main roles, including the auditor role, competence requirements and the communication requirements to successfully perform an audit.
  • Conduct ISO/IEC 27701 internal and external audits, either first-party, second-party or third-party audits.
  • Draft and/or implement the required templates, tools, and techniques to support an audit program and an ISO/IEC 27701 audit.
  • Identify and record findings, including nonconformities to establish conclusions and draft the audit report.
  • Understand and implement the needed activities to complete an ISO/IEC 27701 audit, including ensuring the implementation of the required audit follow-up activities.
  • Use the audit process to support the organization on the continuous compliance with ISO/IEC 27701, and on the maintenance of the ISO/IEC 27701 certification.
  • Acquire the required knowledge to succeed in the “BEHAVIOUR Certified Data Protection 27701 Lead Auditor” exam and achieve a personnel certification.

  1. Introduction to GDPR, privacy and data protection concepts and principles; privacy and data protection frameworks; introduction to GDPR the EU data protection framework.
    • Course introduction
    • Fundamental concepts and principles of privacy and data protection
    • Advancing for GDPR and/or ISO/IEC 27701 Certification
    • Privacy and data protection in EU and related frameworks

  2. EU data protection legislative framework, ISO/IEC 27701, and ISO/IEC 27001 requirements; audit concepts and principles.
    • Data protection and the EU GDPR framework
    • Data protection and the ISO/IEC 27701 and ISO/IEC 27001 standards
    • Mapping ISO/IEC 27701, ISO/IEC 27001 and GDPR requirements
    • Introduction to audit concepts and principles based on ISO 19011

  3. Preparation, planning and initiating an audit; Conducting documentation and on-site audit activities
    • Internal audit program
    • Preparation and planning for PIMS and GDPR audits
    • Communicating during the audit
    • Planning and initiating the audit
    • Conducting the Stage 1 documentation audit
    • Summarizing information and planning for the Stage 2 on-site audit
    • Conducting the Stage 2 on-site audit

  4. Concluding the on-site audit activities and closing the audit
    • Obtaining and verifying information: audit methods and audit tests
    • Identifying and recording audit findings
    • Preparing for audit conclusions
    • Closing the audit; prepare and distribute the audit report
    • Audit follow-up activities
    • Maintaining the ISO/IEC 27701 and/or the GDPR certification
    • Personnel certification and closing the training

The “Certified Data Protection 27701 Lead Auditor” exam covers the following competence domains:
  • Domain 1: Concepts and principles of privacy and data protection
  • Domain 2: EU GDPR and ISO/IEC 27701 and related data protection frameworks
  • Domain 3: Fundamental audit concepts and principles based on ISO 19011
  • Domain 4: Establish and maintain a GDPR and ISO/IEC 27701 internal audit program
  • Domain 5: Prepare and plan GDPR and ISO/IEC 27701 audit activities
  • Domain 6: Conduct GDPR and ISO/IEC 27701 audit activities
  • Domain 7: Complete and close GDPR and ISO/IEC 27701 audit activities

Language(s): English and Portuguese (please consult BEHAVIOUR for availability on additional languages).
Duration: 4 hours
Exam type: Multiple-choice questions and open questions based on a main case study and related to the competency domains.
Number of questions: 48 questions
Passing score: 700/1000 marks.
Results: “Pass or Fail” quantitative score.
If the candidate fails the exam, he is entitled to one free retake within a 2 month period from the released date of the exam result.

After successfully completing the certification exam, and signing the agreement/code of ethics, participants may apply for one of the three available credentials for this personnel certification scheme, depending on their level of experience:
  • Certified Data Protection 27701 Associate Auditor: no previous experience required
  • Certified Data Protection 27701 Auditor: 2 years of experience on privacy and/or data protection and audits
  • Certified Data Protection 27701 Lead Auditor: 5 years of experience on privacy and/or data protection and audits
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Candidates also receive the digital badge of the certification achieved.

The “Certified Data Protection 27701 Lead Auditor” personnel certification program is drafted and maintained according to the ISO/IEC 17024 standard.

The certification programs are only valid to persons (not companies) and the achievement and maintenance depends on the exam result, on the professional experience and the commitment and comply to the agreement/code of ethics. If a professional does not comply with the agreement/code of ethics, the certification is not assigned or is revoked.

(Note: This program does not provide the competencies for a specific function or role, thus, it does not have any personnel certification maintenance requirements).

Our specialists are renowned consultants and auditors, with several years of experience in the areas of implementation, auditing and training in data protection worldwide regulations, legislation and in the family of the ISO/IEC 27000 standards, with a particular focus on the standards ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 29100, and related standards.

General Information
  • Training in English language.
  • Online training material resources in English, with online access, and in accordance with the commercial conditions.
  • Practical step-by-step auditing methodology
  • Behaviour Digital Participation Certificate of 35 CPD/CPE credits.
  • Online Certification Exam in Portuguese or English language. The exam can be taken up to 2 months from the start date of the course.
  • If the candidate fails the exam, he is entitled to one free retake within a 2 month period from the date of the exam result.
  • Certification Diploma and certification badge after successful examination and formal process registration. This process has no associated cost.

  • ISO/IEC 27701 is an auditable Privacy Information Management System (PIMS).
  • ISO/IEC 27701 allows certification and international recognition of an organization; access to new markets and optimization of operations; and improves quality, increases productivity, competitive advantage, customer satisfaction and sales revenues.
  • Data Protection 27701 Lead Auditor course bases its pedagogical model in a certification program based on the ISO/IEC 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.
  • Data Protection 27701 Lead Auditor course geared towards the audit of the standard, through a step-by-step audit process. Thus, throughout the course, in addition to the basic concepts of PIMS, are presented the steps needed to prepare and start the PIMS and/or GDPR compliant audit process and the management of audits through an audit program, which includes the selection of the approach, the audit methodology, selection and skills of the auditors, steps and approaches for evidence collection and drafting of findings, including nonconformities, among other activities needed to prepare the auditor to audit the PIMS of his organization or to participate and lead audits for an certification body, using the best practices of audit according the ISO 19011 and the requirements for certification bodies in ISO/IEC 17021-1.
  • One of the strengths of the Data Protection 27701 Lead Auditor course, in addition to inclusion of audit methodology, is that it allows to prepare professionals for the audit of ISO/IEC 27701 PIMS for certification and the registration with the certifying body. Addresses itself to this end, the recommendations of ISO 19011 and the ISO/IEC 17021-1 - requirements for certification bodies.
  • Certification exam is monitored by an official Behaviour administrator.
  • The Certified Data Protection 27701 Lead Auditor certification exam is conducted at the end of the course, on the last day of training, which focuses on multiple-choice and open questions based in a main case study allowing the certifying entity to measure, more effectively, the knowledge of the candidates.
  • Upon success in the exam, the professional will achieve one of the Data Protection 27701 certifications levels. If the professional fails the exam, he is entitled to one free retake within a 2-month period from the released date of the exam.
  • Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation, and appreciation of experiences, we contribute to meaningful learning, certification, and international recognition but, above all to the development of critical thinking and autonomy.
  • Behaviour is an organization accredited by DGERT (Portuguese Government Entity). Behaviour has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Dates and Price
No scheduled dates for this course? Contact us:

Guaranteed Dates Program
(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other physical locations or in Live Online training, all events are subject to a minimum number of participants.

On Behaviour all classroom courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our classroom educational model, which is why all classroom public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the a classroom course.

Volume Discounts
For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to or contact us via chat.

Hotels and Useful Information
Know where you can stay in Lisbon. For more information please check online