Data Protection GDPR and ISO/IEC 27701 Foundation

Data Protection GDPR and ISO 27701 Foundation training, Data Protection training, Data Protection certification, Data Protection exam, Data Protection Portugal, Data Protection live online training

Holistic view of the concepts and principles of Privacy and Data Protection, and the fundamental knowledge to manage and maintain GDPR compliance and the ISO/IEC 27701 requirements.


The Data Protection GDPR and ISO/IEC 27701 Foundation is a course based on the GDPR, and the ISO/IEC 27001 and ISO/IEC 27701 standards. The course follows a case study approach where participants are invited to apply the concepts of the regulation and of these ISO standards of information security and privacy, in a real scenario.

The Data Protection GDPR and ISO/IEC 27701 Foundation course provides a holistic view of the concepts and principles of Privacy and Data Protection and its applicability focusing primarily on the foundations, concepts and guiding principles that underpin existing legislation and frameworks, including, in detail, the GDPR and the ISO/IEC 27701 related concepts. Next, the course provides an overview of the concepts for conformity assessment of GDPR accredited certification schemes and ISO/IEC 27701 national accreditation bodies and accredited certification bodies, including, in detail, the certification process so an organization may advance for certification. After these concepts, the course covers the EU legislation, and an overview of the differences with other privacy laws and regulations, such as the ones from Canada, United States and Australia, among others, and the analysis of the various privacy and data protection frameworks internationally recognized.

Next, the course presents an analysis of the drivers that led to the new EU regulation and the benefits that the new European legislation brings, at a level of organizations (including SMEs), people, the internet, social networks, crime, and technology, among others.

In the second day, the course presents, in detail, the GDPR requirements, including the details on how to apply the principles; the application of regulation for the protection of individual rights; and remedies, liability, penalties and compensations; and the application of the regulation for organizations, including adherence to codes of conduct, or to certification schemes, and related bodies. Next, the course presents the requirements for data transfers outside the EU, the concepts of BCRs, SCCs, the previous EU-US Privacy Shield, and the new EU-US Data Privacy Framework (or, as previously referred, the Trans-Atlantic Data Privacy framework).

After the in-depth overview of the GPRD, the course presents the requirements and related concepts of the ISO/IEC 27001 and ISO/IEC 27701 standards, including the requirements of the new editions of both standards, and an overview of the ISO/IEC 27002 controls that include specific guidance for processing PII.

The last subject of the course includes an introduction to the audit concepts and principles, and the related ISO audit standards, such as ISO 19011 and other related audit practices.

This course prepares for the BCS Data Protection GDPR and ISO/IEC 27701 Foundation (DPF) certification. This certification is aligned with the requirements of international standard ISO/IEC 17024.

Training materials updated with the last released editions of all the related best practices, including any related draft published.


This Training Plan and all associated documents are protected by Copyright and registered as a literary work at IGAC – Portugal.

Data Protection Foundation

Next GUARANTEED DATES (*)       11-Jun-2024,   Price | Registration       13-Sep-2024,   Price | Registration       


This course is available to be delivered in a classroom and > Live Online Training <
Data Protection GDPR and ISO/IEC 27701 Foundation Path
In this course, the students will acquire the fundamental knowledge to implement the GDPR requirements and to establish and operate a management system in compliance with the ISO/IEC 27001 ISMS and ISO/IEC 27701 PIMS requirements.

The course covers the fundamental concepts related to privacy management and information security, an in depth overview of the requirements of GDPR and of the ISO/IEC 27001 and ISO/IEC 27701 standard requirements, including high-level implementation guidance and discussion-based practical examples to implement the requirements of the regulation and for both standards.

As the students advance through the subjects of the course, they will be presented with the most recognized worldwide privacy and data protection frameworks, legislation, and regulations.

The course covers the latest frameworks and requirements, including an overview of the new EU-US Data Privacy framework, and other related as part of the Data Privacy Framework Program, the new schemes for GDPR certification, and the requirements for ISO/IEC 27001 and ISO/IEC 27701 certifications.

The last module covers an overview of the main concepts, principles, and best practices for auditing GDPR, ISMS and PIMS based on the guidance of ISO 19011.

Training Methodology
This course is based on theorical, and practical sessions supported by a real-world adapted case-study.
The course includes hands-on practical and theorical exercises to:
  • better prepare the students for the real-world challenges, and
  • to prepare and increase the likelihood of success on the certification exam, and
  • train and prepare professionals for participating in an GDPR and/or PIMS and ISMS implementation program or PIMS and ISMS audit based on ISO/IEC 27701 and ISO/IEC 27001.

This course is available to be delivered in a > Live Online Training < model and classroom.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

  • CxO that needs to understand the EU legislation related to data protection.
  • Information security professionals, consultants and/or auditors that need to acquire the fundamental knowledge about the applicable legislation and requirements related to data privacy, including the requirements of ISO/IEC 27001 and ISO/IC 27701.
  • IT professionals who need to understand the fundamental concepts and requirements of data privacy and how the IT can support these requirements.
  • Information security and data protection consultants and/or auditors who need to know the fundamentals of data protection to support their projects or audit assignments.
  • Anyone who wants to know about the fundamentals of data protection and data privacy, and to acquire knowledge of the main Privacy and Data Protection frameworks, including the establishment of an ISO/IEC 27001 ISMS and ISO/IEC 27701 PIMS.
  • Anyone who wants to learn the fundamentals of GDPR, ISO/IEC 27001 and ISO/IEC 27701.

Students should understand English as the course documentation is in this language.
Also, other requisites may apply, please check the quotation or the proposal received.

Duration (days)
2 days

Learning Objectives
At the end of this course, students will be able to:
  • Understand the fundamental privacy, data protection and information security concepts.
  • Get to know and understand the GDPR and ISO/IEC 27701 requirements and the correlation between GDPR, ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and other privacy management standards and regulatory frameworks.
  • Understand the requirements for an ISO/IEC 27701 DPMS (or, PIMS) and its implementation and operation process.
  • Understand the fundamental audit concepts and principles based on the ISO 19011 standard.
  • Understand the several privacy and information security-related sources of requirements to discuss with peers about relevant subjects to the maintenance and improvement of data protection on the organization.
  • Support the organization in the compliance with GDPR and in the achievement and maintenance of the ISO/IEC 27701 certification.
  • Acquire the required knowledge to succeed in the “BEHAVIOUR Certified Data Protection GDPR and ISO/IEC 27701 Foundation (DPF)” exam and achieve a personnel certification.

  1. Introduction to GDPR, privacy and data protection concepts and principles; privacy and data protection frameworks; introduction to GDPR the EU data protection framework.
    • Course introduction
    • Fundamental concepts and principles of privacy and data protection
    • Advancing for GDPR and/or ISO/IEC 27701 Certification
    • Privacy and data protection in EU and related frameworks

  2. EU data protection legislative framework, ISO/IEC 27701 and ISO/IEC 27001 requirements; audit concepts and principles.
    • Data protection and the EU GDPR framework
    • Data protection and the ISO/IEC 27701 and ISO/IEC 27001 standards
    • Mapping ISO/IEC 27701, ISO/IEC 27001 and GDPR requirements
    • Introduction to audit concepts and principles based on ISO 19011

The “Certified Data Protection GDPR and ISO/IEC 27701Foundation” exam covers the following competence domains:
  • Domain 1: Concepts and principles of privacy and data protection
  • Domain 2: EU GDPR and ISO/IEC 27701 and related data protection frameworks
  • Domain 3: Fundamental audit concepts and principles based on ISO 19011

Language(s): English and Portuguese (please consult BEHAVIOUR for availability on additional languages).
Duration: 1 hour
Exam type: Multiple-choice questions.
Number of questions: 40 questions
Passing score: 260/400 marks.
Results: “Pass or Fail” quantitative score.
If the candidate fails the exam, he is entitled to one free retake within a 2 month period from the released date of the exam result.

After successfully completing the certification exam, and signing the agreement/code of ethics, participants will achieve the credentials of Certified Data Protection GDPR and ISO/IEC 27701 Foundation.

A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Candidates also receive the digital badge of the certification achieved.

The “Certified Data Protection GDPR and ISO/IEC 27701 Foundation” personnel certification program is drafted and maintained according to the ISO/IEC 17024 standard.

The certification programs are only valid to persons (not companies) and the achievement and maintenance depends on the exam result, on the professional experience and the commitment and comply to the agreement/code of ethics. If a professional does not comply with the agreement/code of ethics, the certification is not assigned or is revoked.

(Note: This program does not provide the competencies for a specific function or role, thus, it does not have any personnel certification maintenance requirements).

Our specialists are renowned consultants and auditors, with several years of experience in the areas of implementation, auditing and training in data protection worldwide regulations, legislation and in the family of the ISO/IEC 27000 standards, with a particular focus on the standards ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 29100, and related standards.

Informações Gerais
  • Training in English language.
  • Online training material resources in English, with online access, and in accordance with the commercial conditions.
  • Behaviour Digital Participation Certificate of 16 CPD/CPE credits.
  • Online Certification Exam in Portuguese or English language. The exam can be taken up to 2 months from the start date of the course.
  • If the candidate fails the exam, he is entitled to one free retake within a 2 month period from the date of the exam result.
  • Certification Diploma and certification badge after successful examination and formal process registration. This process has no associated cost.

  • The GDPR is a regulatory framework adopted in Europe and used worldwide for all the countries that, in some way, establish commercial relationships and process data from Europen citizens.
  • ISO/IEC 27701 and ISO/IEC 27001 are auditable standards that establish the requirements for the implementation of and Privacy Information Management System (PIMS) and an Information Security Management System (ISMS).
  • Compliance with GDPR is mandatory for many worldwide organizations and/or individuals. The ISO/IEC 27701 and ISO/IEC 27001 allows certification and international recognition of an organization; access to new markets and optimization of operations; and improves quality, increases productivity, competitive advantage, customer satisfaction and sales revenues.
  • Data Protection GDPR and ISO/IEC 27701 Foundation course bases its pedagogical model in a certification program based on the ISO/IEC 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.
  • Data Protection GDPR and ISO/IEC 27701 Foundation course geared towards to the knowledge needed to support an organization in the implementation and operation of an PIMS and an ISMS based on ISO/IEC 27701 and ISO/IEC 27001 and provides guidance on the related best practices that can be used to support this process, including an overview of ISO/IEC 29100, among others.
  • Certification exam is monitored by an official Behaviour administrator.
  • The Certified Data Protection GDPR and ISO/IEC 27701 Foundation certification exam is conducted at the end of the course, on the last day of training, through a multiple questions-based exam.
  • Upon success in the exam, the professional will achieve the Certified Data Protection GDPR and ISO/IEC 27701 Foundation (CDPF) certification. If the professional fails the exam, he is entitled to one free retake within a 2-month period from the released date of the exam result. Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.
  • Behaviour is an organization accredited by DGERT (Portuguese Government Entity). Behaviour has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Datas e Preço

Programa Datas Garantidas
(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other physical locations or in Live Online training, all events are subject to a minimum number of participants.

On Behaviour all classroom courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our classroom educational model, which is why all classroom public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the a classroom course.

Descontos de Volume
For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to or contact us via chat.

Hotéis e Informações Úteis
Know where you can stay in Lisbon. For more information please check online