GDPR Seminar, GDPR consulting, GDPR, European GDPR

GDPR Seminar: GDPR Assessment, Implementation & Auditing Approaches


Seminar Objective

This GDPR seminar has been restructured to provide attendees a consolidated view of how to implement, assess and audit the project based on being 8 months (as of September 25th) from being required to be GDPR compliant.  This seminar is intended to provide attendees the base level knowledge required to (1) perform a Project Impact Analysis which identifies the GDPR in-scope components based on being a Controller and/or Processor, (2) conduct a “point-in-time” Assessment to provide a basis to determine the current stage of GDPR compliance and identify the remaining project initiatives, (3) manage the implementation of the GDPR project, and (4) conduct a GDPR Pre-Implementation Audit.  Audit Serve, has completed two GDPR Impact Analysis of organizations who are both Controllers and Processors and provide ongoing GDPR advisory services to these organizations.  The experiences from these completed consulting projects along with the current  GDPR Impact Analysis being performed which impacts 200k data subject have been incorporated into this seminar.


Audit Serve has been performed an in-depth analysis of all of the articles and has identified in more than a third of the cases that organizations will not have to be in compliance with the articles specified within the GDPR.  This unique insight and supporting evidence is incorporated into the seminar which will reduce the scope of an organization’s GDPR project.

This seminar in the past was comprised of intense classroom discussion on alternate ways for addressing the implementation of the GDPR articles.  To ensure that this open dialog between the attendees which is managed by the instructor to ensure all discussions stick to the relevant areas, the maximum number of attendees permitted to this seminar has been limited to 18 attendees. 



The past attendees participants were comprised of:


60% members of their organization's  GDPR project team (of which 15% of the attendees were lawyers)
35%  Auditors

5%    Other


Seminar Reviews

All attendees to the recent NYC seminar rated the overall seminar 5 out of 5
All attendees to the recent London and Amsterdam  seminars rated the overall seminar at least 4 out of 5
UK participant at the NYC Seminar stated "The most technical & comprehensive GDPR I have ever attended"
Naomi Slijngard, Kobi Digital, Legal Counsel - Amsterdam attendee " You explained the law very clear and precise a gave a very good explanation of all the GDPR changes"  

Seminar Dates/Locations
Amsterdam, Netherlands  27 September 2017
$395 USD / £315 GBP / € 375 EUR
Registration & Information In USD   
Registration &  Information - In GBP   
Registration &  Information - In EUR  


Detailed Seminar Outline 

I.  New information impacting GDPR Implementation strategies

II.  High level introduction of key regulations and Structure of regulations

III. Performing a GDPR Pre-Implementation Review/Audits
Note: detailed discussion relating to each GDPR article occurs as part of section VI

IV,  Performing a GDPR Impact Analysis

Identifying in-scope business processes based on being a controller or processor

How to conduct walkthrough to identify GDPR Articles which relate to each business process which includes interpretation of each Article and a detailed action plans required to meet the requirements of each Article

Determine to degree in which the organization is in-scope to process data subject requests to access actual data

Identify whether organization is in-scope with the security controls defined within Security of Processing (Article 32)

V. Performing a GDPR Project Assessment
Note: detailed discussion relating to each GDPR article occurs as part of section VI

What is a project assessment?
Recommended approaches to conducting the GDPR Project Assessment
Establishing a scorecard for the GDPR Project Assessment
Who should be conducting the GDPR Project Assessment?
Basis for Project Assessment validation

VI. Understanding the Regulations, Implementation Assessment and Audit Approaches

This section of the seminar which represents 65% of the seminar goes through each of the GDPR articles and (1) identifies the critical components of each Article, (2) Implementation Guidance for each of these key Articles, (3) Key Assessment questions to ask for each Article and the (4) Audit procedures based on performing a full scale pre-implementation review.

Key GDPR articles covered which were updated by the most recent guidance

  • Record of Processing Activities (Article 30)
  • Information Controllers which must be provided to Data Subject at time when personal data is obtained (Article 13)
  • Information Controllers which must be provided to Data Subject where personal data have not been obtained from Data Subject (Article 14)
  • Right to Access (Articles 15)
  • Right to Recertification (Article 16)
  • Transfers of personal data to third countries
  • Cross Border Data Transfer/Safe Harbor (Article 44)
  • Data Portability (Article 20)
  • Expressed Consent (Article 7)
  • Condition’s applicable to Child’s consent relation to information society services (Article 8)
  • Processing of Special categories (Article 9)
  • Right to Erasure/Right to be forgotten  (Article 17)
  • Processor (Article 28)
  • Lawfulness of Processing (Article 6)
  • Security of Processing (Article 32)
  • Data Breach Notification (Articles 33 and 34)
  • Data Protection by Design and Default (Article 25)
  • Data Protection Impact Assessment (Article 35)
  • Processor Requirements (Article 28)
  • Automated individual decision making/profiling (Article 22)
  • Right to Restrict Processing (Article 18)
  • Right to Object to Processing (Article 21)
  • Recipients of personal data (Article 19)
  • Lawfulness of Processing (Article 6)
  • Condition’s applicable to Child’s consent (Article 8)
  • Processing of Special categories (Article 9)

VII..  Global Project Initiatives

Understanding Data Relationships, business relationships and global data mapping requirements
Processing Subject Requests
Identifying and managing third parties
Business & IT Change Requirements
GDPR Compliance Monitoring

Continuing Professional Education Credits

All attendees are eligible to receive 8 hours of continuing professional education (CPE) credits by attending. These credits are recognized by the National Association of State Boards of Accountancy (NASBA). 


Instructor Bio

Mitchell Levine, CISA is the founder of Audit Serve, Inc. which was established in 1990. For the last 26 years at Audit Serve, Mitch has split his time between traditional IT & Integrated Audit Consulting projects and global project initiatives.  For the past 18 months Mitch has been focusing most of his time on the GDPR project in which he has presented his GDPR seminar four times in the last 9 months in which three of these presentations occurred in Europe.  He has completed GDPR Impact Analysis & Assessment projects for three separate organizations and is currently on a long-term engagement for one large international organization mapping all of their business processes that utilize personal data and linking them to delivery packages that will be the basis for responding to Subject Access Requests (SARs) that all organizations in-scope for GDPR will be requested to provide starting May 25, 2018. 



AuditNet - The Global Resource for Auditors

Audit Vision

Since 1991
Join 3,500 other subscribers



Free Audit Serve Seminars Posted Online

25 minute extract from the seminar entitled "Alternate Control Design Approaches for z/OS" presented by Mitch Levine in London (at the Churchill War Rooms) March, 2018 which would be of interest to IT Audit, Security and GRC personnel

General Data Protection Regulation Seminar

Copyright © 2015. All Rights Reserved.