of all European Affairs Events, conferences, presentations and workshops.

GDPR and How to Conduct a Data Protection Impact Assessment


28 Oct 2019 to 29 Oct 2019


European Institute of Public Administration (EIPA)
O.L. Vrouweplein 22
6211 HE  Maastricht



Event Location


Event Description

Compliance with the General Data Protection Regulation (GDPR) requires a deep understanding of the legislation by the organisations that handle personal data. The Data Protection Impact Assessment (DPIA) is one of the most important activities for an organisation to demonstrate its compliance with the GDPR. Carrying out a DPIA is one of the requirements under the GDPR for certain types of data processing. As part of a DPIA, an organisation must describe its processing activities related to personal data as well as assessing and mitigating risks. A DPIA can be a complex and time-consuming activity that requires expertise in several domains, in particular in terms of technological and information security. Evaluating the potential impact that a project, proposed system or scheme might have on the privacy of a data subject is a key factor in demonstrating compliance.
This course will provide you with the insights and techniques to successfully plan, execute and validate a DPIA report. You will learn about the key aspects of performing a DPIA and ensure that this compliance requirement is implemented in the project cycle within your organisation. During the course, you will gain an understanding of when a DPIA is needed, how to assess the risks and mitigate them, how to validate the DPIA report and when you need to arrange a prior consultation with the Supervisory Authority according to Article 36 of the GDPR.
At the end of the course, you will have an understanding as to why effective DPIAs are key to maintaining compliance with the GDPR. You will help people in your organisation better understand that processing personal data is a responsibility that they must take seriously, as they are protecting a fundamental right of the data subjects that entrust you with their information.
Who is this course for:
  • Anyone, in both the public and private sector, with a responsibility for their organisation’s compliance with the GDPR;
  • Anyone responsible for managing projects that require the processing of personal data;
  • DPOs, Project Officers, Risk Managers, Chief Information Security Officers, IT developers;

What will you learn

  • The key elements of a DPIA;
  • To decide on the need to conduct a DPIA;
  • The importance of a DPIA;
  • The methods to perform a DPIA;
  • Understanding risk assessment and risk management, which are key to the GDPR;
  • Performing a DPIA;
  • The dos and don’ts of a DPIA;
  • Validating a DPIA report;
  • When to perform a prior consultation as per Article 36 of the GDPR.
By the end of the course, you will:
  • be able to decide on the need to perform a DPIA;
  • be able to conduct a DPIA;
  • be able to assess privacy risks;
  • be able to suggest mitigation measures for privacy risks;
  • be able to draft a DPIA report;
  • be able to understand and validate a DPIA report;
  • be able to decide on whether to carry out a prior consultation.
Course methodology and highlights
We believe practical know-how is the key to effective learning. This course therefore includes:
  • Detailed explanations of the key concepts and principles of the GDPR, as well as of its actors and their roles
  • Group assignments;
  • Practical exercises to perform a DPIA;
  • Interactive approach: the module’s structure will give you the opportunity to ask questions and share and discuss experiences, knowledge, needs and challenges with the trainer and other participants;
  • Several methodologies will be used, in particular the ones to perform a DPIA as used by the CNIL (FR), plus methodologies by other supervisory authorities.
  • Relevance: EIPA has direct insight into the workings of the European Union
  • Never alone: you will be part of a growing network of colleagues and professionals throughout Europe
  • Quality insurance: all of our courses have the EIPA Quality Seal. Upon successful completion, you will go home with an EIPA Data Protection Centre Certificate.
  • Combine fun and facts: this course is held in one of the most charming cities in Europe. Discover plenty of opportunities to relax and explore what the area has to offer.


Fédération Internationale de l'Automobile Region I
Office Coordinator
International Union for Conservation of Nature - European Regional Office
Nature-Based Solutions (Intern)
FTI Consulting Belgium
Office Services Assistant
European Business Summits
Partnership Manager
Party of European Socialists (PES)
Senior HR Officer
EuroCham Myanmar
Business Development Manager