GDPR Seminar, GDPR consulting, GDPR, European GDPR

GDPR Seminar: GDPR Assessment, Implementation & Auditing Approaches


Seminar Objective

This seminar is intended to provide attendees the base level knowledge required to perform a GDPR Impact Analysis, Project Assessment, manage the implementation of the GDPR project, and conduct a GDPR Pre-Implementation Audit.


Seminar Dates/Locations

All attendees to the recent NYC seminar rated the seminar 5 out of 5
UK participant at the NYC Seminar stated "The most technical & comprehensive GDPR I have ever attended"

London UK  March 8 - 9
early bird registration discount ended
$795 USD / £635 GBP / 750 EUR + 20% VAT
Registration &  Information - In USD
Registration &  Information - In GBP 
Registration &  Information - In EUR
Amsterdam, Netherlands  April 11 - 12
$795 USD / £635 GBP / 750 EUR + 21% VAT
Registration & Information In USD
Registration &  Information - In GBP 
Registration &  Information - In EUR

Chicago  May 9 - 10, 2017 
 $575 USD / £468 GBP / 550 EUR* No VAT
*25% early bird registration discount ends March 10th
Registration & Information In USD
Registration &  Information - In GBP 
Registration &  Information - In EUR



With the passing of General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) in which all companies who have past & present EU resident’s data, will be required to implement business processes and technical solutions to meet the GDPR mandates which includes complete removal of all traces of an individual' identify  from the company's systems if requested.  Companies will need to comply or be subject of fines of 4% of annual revenues.  The project initiatives required to be GDPR compliant could be on the scale of the Y2K and Euro Currency projects.  This regulation not only impacts EU companies but all companies worldwide whose customers are EU citizens.

Similar to the Y2K and Euro Currency projects in which Audit Serve was a world leader in conducting project assessments,  Audit Serve has established its own propriety framework  to conduct GDPR project assessments which is used to scope out the project and track which stage of compliance that an organization has reached. 


Detailed Seminar Outline 

I.  Introduction to General Data Protection Regulation

Precursor to GDPR
What brought about GDPR?
What is compelling compliance?
Who is impacted?

  • - Overall basis
  • - Applying Article 3 Territorial Scope
  • - US-based companies
  • - UK Situation

Key Players within GDPR
High level introduction of key regulations
Structure of regulations

II. Performing a GDPR Pre-Implementation Review/Audits
Note: detailed discussion relating to each GDPR article occurs as part of section IV

Typical Pre-imp reviews
Audit alternatives for the GDPR project

III. Performing a GDPR Project Assessment
Note: detailed discussion relating to each GDPR article occurs as part of section IV

What is a project assessment?
Recommended approaches to conducting the GDPR Project Assessment
Establishing a scorecard for the GDPR Project Assessment
Who should be conducting the GDPR Project Assessment?
Basis for Project Assessment validation

IV. Understanding the Regulations, Implementation Assessment and Audit Approaches

This section of the seminar which represents 65% of the seminar goes through each of the GDPR articles and (1) identifies the critical components of each Article, (2) Implementation Guidance for each of these key Articles, (3) Key Assessment questions to ask for each Article and the (4) Audit procedures based on performing a full scale pre-implementation review.

Key GDPR articles covered

  • Record of Processing Activities (Article 30)
  • Information Controllers which must be provided to Data Subject at time when personal data is obtained (Article 13)
  • Information Controllers which must be provided to Data Subject where personal data have not been obtained from Data Subject (Article 14)
  • Right to Access (Articles 15)
  • Right to Recertification (Article 16)
  • Transfers of personal data to third countries
  • Cross Border Data Transfer/Safe Harbor (Article 44)
  • Data Portability (Article 20)
  • Expressed Consent (Article 7)
  • Condition’s applicable to Child’s consent relation to information society services (Article 8)
  • Processing of Special categories (Article 9)
  • Right to Erasure/Right to be forgotten  (Article 17)
  • Processor (Article 28)
  • Right to Object to Processing (Article 21)
  • Lawfulness of Processing (Article 6)
  • Security of Processing (Article 32)
  • Data Breach Notification (Articles 33 and 34)
  • Data Protection by Design and Default (Article 25)
  • Data Protection Impact Assessment (Article 35)
  • Processor Requirements (Article 28)
  • Automated individual decision making/profiling (Article 22)
  • Right to Restrict Processing (Article 18)
  • Right to Object to Processing (Article 21)
  • Recipients of personal data (Article 19)
  • Lawfulness of Processing (Article 6)
  • Condition’s applicable to Child’s consent (Article 8)
  • Processing of Special categories (Article 9)

Complications with implementing GDPR
US based considerations
Understanding the role of the Data Protection Officer

V.  Global Project Initiatives

Understanding Data Relationships, business relationships and global data mapping requirements
Processing Subject Requests
Identifying and managing third parties
Business & IT Change Requirements
GDPR Compliance Monitoring
Other GDPR Initiatives/Activities

VI. Performing a GDPR Project Impact Analysis

Understanding the basis in which organization is in-scope for GDPR
Understanding the overall effort to become GDPR compliant
Understand if in-scope to process data subject requests and overall business practices which need to be changed to become GDPR compliant
Understand major obstacles to becoming GDPR compliant
Who conducts the Project Impact analysis?

VII. Case Studies

Two case studies will be presented during this seminar which will provide the attendee the understanding of how to perform an Impact Analysis of the GDPR project and how to perform a Pre-Implementation Audit of the GDPR project. 

Continuing Professional Education Credits

All attendees are eligible to receive 15 hours of continuing professional education (CPE) credits by attending. These credits are recognized by the National Association of State Boards of Accountancy (NASBA). 

AuditNet - The Global Resource for Auditors
General Data Protection Regulation Seminar

Audit Vision

Since 1991
Join 3,500 other subscribers

Copyright © 2015. All Rights Reserved.