Duration of Class : 2 Days
Experienced & Certified Instructors
Availability of Online & Offline Classes

Course Overview

Data Protection Officer Course (DPO) is developed for individuals to be qualified as Data Privacy Professionals or officers. By the end of the data protection officer course, participants will receive a Data Protection Officer Certificate (DPO) which is recognized internationally as well as in the GCC.

The course will boost your chances to applying to related positions and will keep you updated with the latest laws and regulations.

Why Should You Take This Course?

  • Assuring all participants are following the new UAE data protections laws and international regulations.
  • Ability to build and maintain a privacy management system within their respective organizations.

By the end of the course, participants will be able to

  • Define categories of personal data
  • Navigate data protection laws and regulations locally, as well as international standards and frameworks (ISO27001+27701)
  • Apply data protection principles to processing activities
  • Achieve rights of data subjects
  • Determine the lawful basis for processing activities
  • Allocate the roles and responsibilities of data processing
  • Manage data breach notifications
  • Select appropriate technical and organizational measures of information security
  • Use proper mechanisms for cross-border transfers of personal data
  • Build and launch a privacy framework for the organization
  • Utilize project and process management tools and methods for building privacy into the company
  • Develop privacy-related processes and procedures

Who Should Take This Course?

Current Data Protection Officers who are:

  • Seeking to update their knowledge with the latest laws
  • Planning to manage personal data issues at work or build a career in privacy

Course Outline


Overview of evolution of privacy laws including the concept of privacy, data protection and the history of data privacy.


  • Review of existing data privacy laws, standards, and regulations
  • Cases, court precedents, guidelines in information privacy
  • Interplay with foreign and international data protection regimes (GDPR, CCPA etc.)
  • Territorial and material scope of the UAE laws and jurisdictions
  • Overview of risks, fines, and responsibilities related to personal data processing

Personal Data

  • The concepts of personal data (PD), identifier, data subject
  • Formula of Personal Data
  • Cases of (non-)personal data
  • Biometric data

Data Processing

  • Data processing and types of processing
  • Profiling
  • Pseudonymization and anonymization of personal data
  • Processing of special categories of personal data


  • Data controller, joint controllers or separate controllers
  • Data processor
  • Responsibilities distribution between data controllers and processors


  • Transparency of processing
  • Purpose limitation
  • Data minimization
  • Storage limitation
  • Accuracy
  • Integrity and confidentiality
  • Accountability

Lawful Basis For Processing

  • Legal grounds for the processing of personal data
  • Consent
  • Conditions for consent


  • Data subject’s rights


  • Concept of risk
  • Risk likelihood and severity
  • Data Protection Impact Assessment (DPIA)

Information Security

  • Information security requirements
  • Data breach notification of supervisory authorities and data subjects
  • Technical and organizational measures of managing information security risks

International Data Transfer

  • Rules for international data transfers
  • Documenting international transfers of personal data

Privacy By Design

  • Principles of Privacy by Design


  • Data Protection Officer / DPO

Standards And Frameworks

  • Overview of the ISO27K Standards
  • ISO 27001 and ISO 27701
  • NIST Privacy Framework
  • AICPA/CICA Privacy Maturity Model

Management System And it’s Context

  • Analysis of information assets, business needs, and regulatory and contractual requirements
  • Organization of data protection
  • Needs and expectations of stakeholders


  • Types of policies
  • Internal policies

Organization Roles, Responsibilities & Authorities, Responsibilities & Authorities

  • Support of management and other stakeholders
  • Role and Responsibility Matrix for GDPR implementation
  • Distribution of responsibilities with RACI Chart
  • Privacy Team

Processes And Procedure

  • Data protection processes
  • Maintaining the records of processing activities (Data register) under the GDPR
  • Data breach notification process
  • Assessing vendors
  • Processing requests from personal data subjects (DSARs)
  • Conducting Data Protection Impact Assessment (DPIA)

Separate Fields

  • Data protection in marketing and advertising
  • Data protection in the workplace
  • Data protection in electronic communication (ePrivacy)


  • Determination of the necessary resources and their allocation

Performance Evaluation & Improvement

  • Monitoring, measurement, analysis and evaluation
  • Audits, their stages and types
  • Nonconformity and corrective action

Takeaways From This Course

Internationally recognized certificate upon completing the course