GDPR ISO 27701 Foundation

GDPR ISO 27701 Foundation Course introduces the principles of privacy and data protection and the requirements of ISO/IEC 27701, framing its relationship with the GDPR and with existing management systems. The training establishes a solid basis for understanding how to structure, support and manage information privacy in an organisational context.

Register
Companies: request a proposal

Quick Access:   Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training with interaction with the trainer and the group.

26 March 2026
Live Online • next edition
8 June 2026
Live Online • base price
Duration: 2 days / 16h
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 1h
PROFESSIONAL LEVEL — practical application of methods in a professional context

Why this course exists

To create a practical foundation and a common language in GDPR, ISO/IEC 27701 and privacy management through a case study.

Many organisations face growing privacy and data protection requirements, but begin compliance initiatives without a consistent basis of concepts, terminology and operational understanding of the requirements of the GDPR and of the structure and principles of ISO/IEC 27701 and ISO/IEC 27001.

This course establishes a practical and applicable baseline of knowledge, supported by theoretical and practical sessions and by a case study, enabling professionals from different areas to understand, apply and support the implementation and operation of a privacy programme and a management system, as well as frame essential audit principles based on ISO 19011.

What this course enables you to do

Understand

Master fundamental privacy and data protection concepts and interpret the GDPR in an organisational context.

Apply

Apply principles and requirements in a real scenario through a case study, with high-level guidance for implementation and operationalisation.

Correlate

Relate the GDPR to ISO/IEC 27701 and ISO/IEC 27001, including additional relevant references.

Audit (fundamentals)

Understand concepts, principles and best practices for compliance and management system auditing, based on ISO 19011, to support audits and continuous improvement.

Frameworks, standards and best practices addressed throughout the course

GDPR — requirements and application
ISO/IEC 27701:2025 (PIMS/SGIP)
ISO/IEC 27001 (ISMS)
Mapping GDPR ↔ ISO/IEC 27701 ↔ ISO/IEC 27001
ISO/IEC 27002
ISO/IEC 29100
International transfers (SCCs / BCRs)
EU–US Data Privacy Framework (overview)
Certification and compliance schemes
ISO 19011 (audit principles)
Comparative legislation and regulations (overview)
Correlated best practices

Value for the organisation

  • Creates a common, applicable basis for teams involved in privacy, data protection, information security and compliance.
  • Accelerates internal alignment on GDPR requirements and the ISO/IEC 27701/27001 framework, reducing noise and divergent interpretations.
  • Supports preparation for certification and audit initiatives, strengthening understanding of mappings and related practices.
  • Introduces audit fundamentals based on ISO 19011 to improve coordination between internal teams, audits and continuous improvement.

Introduction

The Data Protection GDPR ISO 27701 Foundation course is based on the GDPR and on the ISO/IEC 27001 and ISO/IEC 27701 standards, following a practical approach supported by a case study, in which participants are invited to apply privacy, data protection and management system concepts and requirements in a real scenario.

The course provides a holistic view of privacy and data protection concepts and principles and of their applicability, focusing on the foundations and guiding principles that underpin the legislation and existing structures, including, in detail, the GDPR and the concepts related to ISO/IEC 27701.

On the second day, the course goes deeper into GDPR requirements, concepts related to international data transfers and the framework involving ISO/IEC 27001 and ISO/IEC 27701, including an overview of requirements mapping and additional relevant references, as well as an introduction to audit concepts, principles and best practices based on ISO 19011.

This course prepares participants for the Certified Data Protection GDPR and ISO/IEC 27701 Foundation personal certification.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.

General Objectives

At the end of this course, participants will be able to:

  • Understand the fundamental concepts of privacy, data protection and information security.
  • Know and understand the requirements of the GDPR and ISO/IEC 27701, and the correlation between the GDPR, ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 29100 and other privacy management regulatory standards and frameworks.
  • Understand the requirements for an ISO/IEC 27701 PIMS and its implementation and operation process.
  • Understand the fundamental concepts and principles of auditing based on ISO 19011.
  • Understand the various sources of requirements related to privacy and information security so as to be able to discuss relevant matters with peers regarding the maintenance and improvement of data protection within an organisation.
  • Support the organisation in complying with the GDPR and in achieving and maintaining ISO/IEC 27701 certification.
  • Possess the knowledge required to successfully take the Certified Data Protection GDPR and ISO/IEC 27701 Foundation certification exam and obtain a personal certification.

Target Audience

  • CxOs and decision-makers who need to understand the European data protection framework.
  • Information security and privacy professionals, including consultants and auditors, who need a solid foundation in GDPR and ISO/IEC 27001/27701.
  • IT professionals who need to understand privacy requirements and how to support them technically.
  • Compliance, risk and audit teams supporting projects and audits in data protection and information security.
  • Other professionals who wish to acquire privacy and data protection fundamentals and frame the implementation of an ISMS (ISO/IEC 27001) and a PIMS/SGIP (ISO/IEC 27701).

Prerequisites

There are no mandatory formal prerequisites. However, other specific requirements may apply, where relevant, depending on the quotation or proposal presented.

Programme

Introduction to the course
  • Training and certification framework
  • Objectives, structure and pedagogical approach
  • Case study and working dynamics
Introduction to GDPR, privacy and data protection concepts and principles; structures and EU framework
  • Fundamental privacy and data protection concepts and principles
  • GDPR structure and European framework
  • Privacy and data protection in the EU and related structures
  • Framework for progression to GDPR and/or ISO/IEC 27701 certification
EU legislative framework, ISO/IEC 27701 and ISO/IEC 27001; mappings and auditing
  • Data protection and the EU regulatory framework
  • GDPR and its relationship with ISO/IEC 27701 and ISO/IEC 27001
  • Requirements mapping between GDPR, ISO/IEC 27701 and ISO/IEC 27001
  • Introduction to audit concepts and principles based on ISO 19011

Exam(s) and Certification

Exam “Certified Data Protection GDPR and ISO/IEC 27701 Foundation”

The exam covers the following competence domains:

  • Domain 1: Privacy and data protection concepts and principles
  • Domain 2: EU GDPR, ISO/IEC 27701 and related data protection frameworks
  • Domain 3: Fundamental audit concepts and principles based on ISO 19011

 

Language(s): Portuguese and English.
Duration: 1 hour (60 minutes).
Format: Multiple choice.
Number of questions: 40 questions (10 points each).
Pass mark: 260/400 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.

Certification

After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified Data Protection GDPR and ISO/IEC 27701 Foundation, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.

A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.

The personal certification programme Certified Data Protection GDPR and ISO/IEC 27701 Foundation is developed and maintained in accordance with the international standard ISO/IEC 17024.

Certification programmes are valid only for individuals, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.

If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.

Other Information

General Information
  • Training available in Portuguese or English.
  • Training materials available in Portuguese or English, with online access, in accordance with the awarded conditions.
  • Behaviour digital Training Attendance Certificate with 16 CPD/CPE credits.
  • Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
  • If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
  • Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This process has no associated cost.
Trainer(s)

The trainers are consultants and auditors with experience in data protection regulations and legislation, and in the ISO/IEC 27000 family of standards, with particular focus on ISO/IEC 27701, ISO/IEC 27001, ISO/IEC 29100 and related references.

Benefits

View benefits
  • The GDPR is a regulatory framework adopted in Europe and used worldwide by organisations processing data of data subjects in the EU.
  • The ISO/IEC 27701 and ISO/IEC 27001 standards are auditable and establish requirements for implementing a Privacy Information Management System (PIMS/SGIP) and an Information Security Management System (ISMS).
  • The course is based on the BEHAVIOUR pedagogical model, with a personal certification programme in accordance with ISO/IEC 17024.
  • Objective preparation for the Certified Data Protection GDPR and ISO/IEC 27701 Foundation exam.
  • The exam is supervised by an official BEHAVIOUR administrator.
  • In case of failure, there is 1 free retake within a maximum period of 2 months after the initial exam result.

Logistics

Useful information
  • Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
  • Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
  • 14 hours of synchronous training, distributed across 2 consecutive days
  • Estimated 2 hours of guided autonomous work, intended for content consolidation and exam preparation
  • Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon

Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to additional questions about the scope and usefulness of the course.

Is this course suitable for someone who is starting in privacy and data protection?

Yes. The course was designed to establish a solid and structured foundation, enabling participants to understand key concepts, requirements and articulations between the GDPR, ISO/IEC 27701 and related references.

Is this course intended only for DPOs?

No. Although it is relevant for data protection-related functions, the course is also useful for professionals in information security, compliance, risk, audit, IT, management and other roles that interact with privacy-related matters.

Is the course focused only on theory?

No. The course combines conceptual framing with a practical approach, supported by a case study, to facilitate understanding and application of the topics in an organisational context.

Is this course useful for organisations that are still in an early stage of structuring privacy?

Yes. The course can serve as a starting point to create a common foundation, clarify concepts, align teams and prepare the organisation for more structured future initiatives in privacy and data protection.

Does this course help to better understand the relationship between privacy and information security?

Yes. The course helps participants understand the articulation between privacy, data protection and information security, including the framework linking the GDPR, ISO/IEC 27701 and ISO/IEC 27001.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.

Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.

Request Proposal