Data Protection 27701 Lead Auditor – ISO 27701 training

Data Protection 27701 Lead Auditor, 27701 Lead Auditor training, 27701 Lead Auditor portugal

Mastering the audit of a Data Protection Management System (DPMS), based on GDPR.


Next GUARANTEED DATES (*)       No scheduled dates for this course? Contact us:

This course enables participants to develop the necessary expertise to audit a Data Protection Management System (DPMS) based on ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701 (or PIMS), in compliance with the specified requirements of REGULATION (EU) 2016/679 (GDPR) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques.

Participants will learn the fundamental concepts and principles of privacy and data protection and an overview and comparison of the main Privacy and Data protection EU and related frameworks, including, the OECD Privacy Framework, the Australian Privacy Management Framework, the ISO 27701 & ISO 29001 Privacy Frameworks for PII, the Canada Privacy legislation, the US Data Privacy legislation, the APEC Privacy Framework and, in detail, the EU Data Protection Framework (GDPR).

During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with the certification criteria as defined on: General Data Protection Regulation (2016/679), Articles 42 and 43; European Data Protection Board (EDPB) guidelines; and, ISO/IEC 17065, ISO 19011 and ISO/IEC 17021 standards. Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

This 5-day course prepares the participants for the Behaviour Data Protection Lead Auditor (DPLA) certification. This certification is aligned with ISO/IEC 17024 and therefore valid at international level.

Training Methodology
The DPLA training course is based on both theory and practice sessions with:
  • Lectures illustrated with examples based on real cases
  • Practical exercises based on a full case study including role-plays and oral presentations
  • Review exercises that assist in preparation to the certification exam.
To benefit from the practical exercises, the number of training participants is limited.

  • Internal auditors
  • Auditors wanting to perform and lead certification audits of Data Protection Management Systems (DPMS) based on GDPR
  • Project managers, consultants, and designated DPO’s for public organizations or by private companies wanting to master the audit process of Data Protection Management Systems (DPMS) based on GDPR
  • Privacy and data protection consultants and/or auditors involved or supporting organizations on the compliance with EU data protection requirements
  • CxO and Senior Managers responsible for the governance of an enterprise and the management of its data protection risks
  • Members of information security and/or data protection teams
  • Expert advisors in privacy, data protection and information security
  • Technical experts wanting to prepare for a Data Protection or Information security audit function
  • Any professional wanting to acquire the necessary skills to audit an EU GDPR based Data Protection Management System
  • (DPMS)

Participants should understand English as the course documentation is in this language.

Duration (days)
5 days

Learning Objectives
At the end of the course students should be able to:
  • Identify and know how to apply the main privacy and data protection concepts and terminology
  • Understand the main privacy and data protection frameworks, including the details of EU GDPR regulation and the foundations of related data protection frameworks
  • Understand the roles and responsibilities of the several stakeholders, including the DPO, on the compliance of the GDPR and their involvement on the audit and certification process
  • Acquire the expertise to perform an DPMS (or, PIMS) GDPR internal audit following ISO 19011 guidelines
  • Acquire the expertise to perform an DPMS (or, PIMS) GDPR certification audit following ISO 19011 guidelines, EDPB guidelines and the specifications of ISO/IEC 17065 and ISO/IEC 17021
  • Acquire the necessary expertise to manage an DPMS (or, PIMS) GDPR audit team
  • Understand the operation of an GDPR conformant data protection management system
  • Understand the relationship between a Data Protection Management System, including risk management supported by data protection impact assessments (DPIA), controls and compliance with the requirements of GDPR and the different stakeholders of the organization
  • Improve the ability to analyse the internal and external environment of an organization, its risk assessment / DPIA and audit decision-making
  • Acquire the knowledge needed to succeed on the BEHAVIOUR DPLA exam and become a Certified Data Protection Lead Auditor (DPLA) professional

  1. Day 1: Introduction to privacy and data protection concepts and principles; Privacy and data protection frameworks; Introduction to GDPR the EU data protection framework.
    • Course objectives and structure
    • Fundamental concepts and principles of privacy and data protection
    • Certification process
    • Data protection roles and responsibilities
    • Privacy and data protection EU and related frameworks
    • EU data protection revision drivers and benefits

  2. Day 2: EU data protection legislative framework; Audit concepts and principles.
    • EU GDPR principles for data processing
    • EU data protection for individuals
    • EU data protection for organizations
    • EU data protection and data transfers outside the EU
    • EU data protection bodies
    • Fundamental audit concepts and principles

  3. Day 3: Preparation and launching of an audit; On-site audit activities
    • Audit approach based on evidence and on risk
    • Initiating the audit
    • Stage 1 documentation audit
    • Preparing the stage 2 audit (on-site audit)
    • Stage 2 onsite audit
    • Communication during the audit
    • Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation

  4. Day 4: Concluding the On-site audit activities and Closing the audit
    • Audit test plans
    • Audit findings and drafting non-conformity reports
    • Audit documentation and quality review
    • Conducting the closing meeting and closing the audit
    • Evaluating of action plans by the auditor
    • Beyond the initial audit
    • Managing an internal audit programme

  5. Day 5: Data Protection Lead Auditor (DPLA) exam

The “Data Protection 27701 Lead Auditor” exam fully covers the following competence domains:
  • Domain 1: Concepts and principles of privacy and data protection
  • Domain 2: EU GDPR and related data protection frameworks
  • Domain 3: Fundamental audit concepts and principles
  • Domain 4: Preparation of an GDPR audit
  • Domain 5: Conducting an GDPR audit
  • Domain 6: Closing an GDPR audit
  • Domain 7: Managing an GDPR audit program

The “Data Protection 27701 Lead Auditor” exam is available in English language. Duration: 3,5 hours, passing score 70%. This is a two parts exam, with part one being a 40 multiple choice questions (1 hour, closed book) and part two with 10 essay questions (2,5 hours, open book, i.e. the participants can use all the documentation provided during the course). The exam result is sent via email to the candidate within two months after the examination, being the exam result graduated in qualitative note: “Pass or Fail”. In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade.
If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

Data Protection 27701 Lead Auditor (DP27001LA)

After successfully completing the exam, participants can apply for the credentials: "Data Protection 27701 Provisional Auditor", "Data Protection 27701 Auditor" or "Data Protection 27701 Lead Auditor", depending on their level of experience.
These credentials are available for internal and external auditors.
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Data Protection 27701 Lead Auditor is a certification program aligned with ISO/IEC 17024 standard.

Requirements for “Auditor” certification:
Certification Exam Professional Experience Privacy and Data Protection Audit Experience Privacy and Data Protection Project Experience
Data Protection 27701 Associate Auditor DP27701LA Exam None None None
Data Protection 27701 Auditor DP27701LA Exam 2 years
1 year of privacy or data protection work experience
Audit activities totalling 200 hours None
Data Protection 27701 Lead Auditor DP27701LA Exam 5 years
2 year of privacy or data protection work experience
Audit activities totalling 300 hours None

Our experts are consultants and auditors, with several years of experience in the areas of implementation, auditing and training in various international standards.

General Information
  • Training in English language.
  • Training material in English.
  • Audit methodology.
  • Behaviour Participation Certificate with 32 CPD/CPE credits.
  • Certification exam in Portuguese and English language.
  • Certification Diploma after successful examination and formal process registration. This process has no associated cost.
  • Coffee break in the morning and afternoon.
  • Training in English language.
  • Online training material in English, with online access.
  • Audit methodology.
  • Digital Behaviour Participation Certificate of 31 CPD/CPE credits.
  • Certification Exam English, available online proctoring. The exam can be taken up to 3 months after completing of the course.
  • Digital Certification Diploma and digital certification badge after successful examination and formal process registration. This process has no associated cost.
  • If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

  • GDPR is a requirement for all organizations that process personal data and, therefore, an auditable regulation.

  • GDPR allows certification and international recognition of an organization. Allows access to new markets and optimization of operations. Allows improvement of quality, increase productivity, competitive advantage, customer satisfaction and sales.

  • Organization’s data protection management systems (GDPR) can now be certified in data protection accredited schemes provided by accredited certification bodies under Article 43 of the General Data Protection Regulation (2016/679).

  • This certification can be used as an evidence and support organizations in the demonstration of compliance with GDPR under Article 42.

  • Organizations can use this certification for their international recognition and thus stand out from their peers.

  • Behaviour Data Protection Lead Auditor (DPLA) course bases its pedagogical model in a certification program aligned in ISO/IEC 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.

  • Data Protection Lead Auditor (DPLA) course is geared towards to the audit of the GDPR, through a step-by-step audit process. Thus, throughout the course, in addition to the basic concepts of GDPR, related legislation and other international recognized best practices, are presented the steps needed to prepare and start the Data Protection Management System (DPMS) (based on GDPR) audit process and the management of audits through an audit program, which includes the selection of the approach, the audit methodology, selection and skills of the auditors, steps and approaches for evidence collection and drafting of findings and nonconformities, among other activities needed to prepare the auditor to audit the DPMS (based on GDPR) of his organization or to participate and lead audits for a certification body, using the best practices of audit according the ISO 19011 and the requirements for certification bodies in ISO/IEC 17021.

  • One of the strengths of the Data Protection Lead Auditor (DPLA) course, in addition to inclusion of implementation methodology, is that it allows prepare professionals for the audit of an GDPR certification and the registration in an accredited certifying body under GDPR Article 43. Addresses itself to this end, the recommendations of ISO 19011, ISO/IEC 17065 and ISO/IEC 17021 - requirements for certification bodies, and the guidelines of European Protection Data Board (EDPB).

  • Certification exam is monitored by an official Behaviour administrator.

  • Data Protection Lead Auditor (DPLA) certification exam is conducted at the end of the course, on the last day of training or, divided in two moments, at the end of day 2 (part 1) and on the morning of day 5 (part 2). This process allows the certifying entity to measure, more effectively, the knowledge of the candidates.

  • Upon success on the exam, the professional will achieve one of the Data Protection Lead Auditor (DPLA) certifications levels. In case of failure, the professional may repeat the exam with no additional cost (one free retake), within 1 year after the date of the 1st examination.

  • Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.

  • Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Dates and Price
No scheduled dates for this course? Contact us:

Guaranteed Dates Program
(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other locations the events are subject to a minimum number of participants.
On Behaviour all courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the course.

Volume Discounts
For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to or contact us via chat.

Hotels and Useful Information
Know where you can stay in Lisbon, near Behaviour. For more information please see >> Booking <<