OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Udemy logo

Build EU GDPR data protection compliance from scratch

4.4 Filled star Filled star Filled star Filled star Empty star
Based on 3,307 ratings
see reviews
Roland Costea

Lessons from Chief Security Officer (CISO) of SAP

also an ex IBM-er

MY FIRST PROMISE TO YOU is the following: You will be prepared to pass 3 IAPP certifications in less than 30 days if you follow the below learning plan:

Course 1: Build EU GDPR data protection compliance from scratch

Course 2: How to succeed in a Data Privacy Officer Role ( parts from CIPT and CIPM also)

Course 6: (part of CIPP/US): California Consumer Privacy Act (CCPA) - Complete course

Course 7: Build a Cybersecurity Career and Earn more than 150K per year

Read more

Lessons from Chief Security Officer (CISO) of SAP

also an ex IBM-er

MY FIRST PROMISE TO YOU is the following: You will be prepared to pass 3 IAPP certifications in less than 30 days if you follow the below learning plan:

Course 1: Build EU GDPR data protection compliance from scratch

Course 2: How to succeed in a Data Privacy Officer Role ( parts from CIPT and CIPM also)

Course 6: (part of CIPP/US): California Consumer Privacy Act (CCPA) - Complete course

Course 7: Build a Cybersecurity Career and Earn more than 150K per year

My name is Roland Costea and I am currently the Chief Security Officer (CISO) of SAP.

After spending my last 10 years working for SAP, Microsoft, IBM, Genpact and Cognizant as a Chief Security Officer or Privacy & Security Director being able to create hundreds of integrated security & privacy programmes for top organizations in the world, I have decided to put all my experience together in a comprehensive privacy LEARNING PLAN, to show how to actually make Data Privacy operational and most importantly how to think out of the box.

I have been involved in engineering privacy for a lot of industries including Automotive (Mercedes-Benz, Geely, Volvo) and also provided DPO as a service for several other top companies in Europe and US. I have worked and developed the privacy strategy for Microsoft & IBM for the whole Central & Eastern Europe and also drived Cognizant Security & Privacy business in DACH.

Certifications I hold:

Section 7: Online Privacy Issues

Section 8: Technologies with Privacy Considerations

Section 9: Direct Marketing Challenges

Section 10: Lawful Processing of HR Data, Contracts & Recruiting

Section 11: GDPR for Cloud Service Providers (CSPs)

Section 12: GDPR and Payment Services Directive (PSD2)

Section 13: How Technology can help in achieving GDPR compliance

Section 14: Conclusion

Enroll now

What's inside

Learning objectives

  • Lessons from ex-microsofter and ibmer
  • Will have a list of 61 templates/documents that will help them start gdpr programme
  • Understand what gdpr needs in order to achieve compliance
  • Go for cipt, cipm and cipp/e certification by iapp with a comprehensive learning plan explained in lesson 4
  • Will have a gdpr implementation guide
  • Understand online privacy issues
  • Understand technologies with privacy considerations and core privacy concepts
  • Understand how technology will help in achieving compliance
  • Understand lawful processing from hr point of view
  • Understand how to work with cloud service providers (csps)

Syllabus

Introduction

Understand who am i and what i will offer you in this complete GDPR learning plan

Understand what is included in this course and how you will benefit around it

Read more

Complete list of course resources - 61 templates + presentations

My first promise to you to get CIPT, CIPM and CIPP/E certifications

Understand what content I am producing further

GDPR training course - compliance requirements

Learn about Major Risks to a Company's IT Framework

GDPR training course - Application Related Risks

GDPR training course - Network Related Risks

GDPR training course - Storage Related Risks

GDPR training course - stakeholder expectations

GDPR training course - privacy vs security

GDPR training course - IT vs Data Governance

GDPR Training Course - the role of the IT professional and other stakeholders in preserving privacy

Understand why privacy and security will never die

Learn the difference between privacy and security

Why privacy risks expand

Learn about cyberattacks and what makes them possible

Confidentiality, Integrity, Availability or CIA and their privacy implications

How can we build and operate systems in a more secure way

Why a privacy program is a must for every organization

Privacy Foundational elements -  Organizational Privacy Notice

Privacy Foundational elements - Organizational Privacy Policy

Take a look and learn from this great Organizational Privacy Policy

Privacy Foundational elements - Organizational Security Policies

Incident Response - Security and Privacy Perspectives

System Development Lifecycle and Enterprise Architecture

Privacy Impact Assessments (PIA)

GDPR training course - privacy principles

Data Retention Concepts and Best Practices in GDPR context

Notice - part of the Collection Process

The Collection Process - Choice, Control & Consent

Other topics related to Collection

Use

Security Practices and Limitations on Use

Disclosure

Retention - Records, Limitations, Access

Retention - Security Considerations

Destruction

Identity and access management under GDPR (data privacy concepts)

Limitation of access management and least privilege under GDPR (data privacy concepts)

user based access control and role based access control under GDPR (data privacy concepts)

context of authority under GDPR (data privacy concepts)

cross site authentication and authorization under GDPR (data privacy concepts)

credit card information & processing under GDPR (data privacy concepts)

PCI DSS and PA-DSS

Remote access and bring your own device policy under GDPR (data privacy concepts)

remote access and bring your own device policy under GDPR (data privacy concepts)

data encryption design considerations under GDPR (data privacy concepts)

application, record and field encrytpion under GDPR (data privacy concepts)

file & disk encryption under GDPR (data privacy concepts)

encryption under GDPR (data privacy concepts)

other privacy enhancing technologies under GDPR (data privacy concepts)

software notifications and agreements under GDPR (data privacy concepts)

GDPR short overview

GDPR training course - Format and definitions of GDPR regulation

GDPR training course - GDPR Principles

GDPR training course - what lawfulness means

GDPR training course - gap assessment

Describe the EU institutions - part of CIPP/E exam

GDPR training course - how to plan your project

GDPR training course - GDPR roles

Understand Data Protection Concepts

What are users data subject rights

Processors under GDPR

GDPR training course - personal data form

GDPR training course - privacy data protection policy

GDPR training course - data subject request procedure

GDPR training course - DPIA

GDPR training course - how to treat data breaches

GDPR training course - international transfers

You will understand the relationship between ISO27K and GDPR

Privacy by design under GDPR (data privacy concepts)

Processors, Controllers, Sub Processors - deep dive with examples

Understand the Territorial and Material Scope of GDPR with examples

Understand what sanctions covers the GDPR

Understand what GDPR calls, Legal Basis for Processing

Understand the Consent

Understand the Legal Basis for Processing Sensitive Data.

Understand the difference between security & Breach

Legitimate interests deep dive - examples

Data Processing Obligations

The right to data portability Deep Dive

GDPR vs ePrivacy Directive

Brexit and GDPR - what has changed

General Principles for International Transfers

Schrems II - General Statements

Compliance with Schrems II

EU US Data Privacy Framework part 1

EU US Data Privacy Framework part 2

Understand organizational privacy strategy for social media

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Offers a comprehensive learning plan designed to prepare learners for IAPP certifications like CIPT, CIPM, and CIPP/E, which are highly valued in the data privacy field
Includes a collection of 61 templates and documents, providing practical resources for implementing a GDPR program from the ground up, which can save time and effort
Explores the relationship between ISO27K and GDPR, offering insights into how these frameworks can be integrated for enhanced data protection, which is useful for compliance professionals
Examines the Schrems II ruling and the EU-US Data Privacy Framework, which are critical for understanding international data transfer compliance requirements, and is relevant for organizations operating globally
Requires learners to understand the relationship between GDPR and other regulations, such as the ePrivacy Directive, which may require additional study time for those unfamiliar with these topics
Covers topics like 'Brexit and GDPR - what has changed,' which may become outdated as laws and regulations evolve, requiring learners to stay updated on the latest developments

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

Practical eu gdpr compliance and certification prep

According to learners, this course offers a highly practical and comprehensive approach to understanding and implementing EU GDPR compliance. Many highlight the instructor's deep expertise, drawn from extensive experience as a CISO, making the content highly relevant and actionable. A significant strength mentioned frequently is the provision of 61 valuable templates and documents, which students found exceptionally helpful for starting their own GDPR programs. The course is widely seen as excellent preparation for IAPP CIPP/E, CIPT, and CIPM certifications. While some reviews mention the pace being fast or the need for supplemental legal understanding, the overall consensus is overwhelmingly positive, emphasizing the real-world applicability and the clarity in explaining complex topics.
Covers a wide range of relevant GDPR topics.
"The course touches upon many critical areas from basic principles to international transfers and Schrems II."
"I feel I have a broad understanding of the different facets of GDPR after taking this course."
"Good overview of foundational elements, technologies, and operational aspects of privacy."
"Covers essential topics like DPIA, data breaches, and data subject rights thoroughly."
Explains complex GDPR topics clearly.
"GDPR can be complex, but the instructor breaks it down into understandable and actionable steps."
"The course focuses on the 'how-to' of compliance, offering practical strategies beyond just theory."
"I can apply the concepts learned here directly to my work environment."
"Very clear explanations, making daunting regulations feel manageable."
Helps prepare for CIPP/E, CIPT, and CIPM.
"This course was instrumental in preparing me for the CIPP/E exam. It covers the key areas needed."
"The learning plan outlined helps align the content with IAPP certification goals, which I found useful."
"Felt much more confident tackling IAPP materials after completing this course; it provides a solid foundation."
"The focus on concepts relevant to certifications is a major plus."
Includes practical documents ready for use.
"The 61 templates provided are gold! They save so much time and effort in starting a GDPR compliance program."
"Having ready-to-use templates for policies, procedures, and assessments is the strongest part of this course."
"The resources alone are worth the course price; they are practical tools I can use immediately."
"I found the template walkthroughs particularly helpful in understanding how to apply them."
Praised for real-world experience and insights.
"The instructor is fantastic! His experience as a CISO shines through, making the information highly credible and practical."
"Roland's background gives the course immense value; he explains complex topics clearly based on years in the field."
"Learning from someone with direct experience at SAP and IBM provides invaluable insights not found in textbooks."
"I appreciate hearing about real-world scenarios from an experienced professional."
Some felt the pace was fast or inconsistent.
"Sometimes the lectures moved quite quickly, requiring me to pause and rewatch sections."
"The information density is high; be prepared to process a lot in each module."
"While comprehensive, the pace can feel a bit rushed at times."
"Needed to supplement some sections with external reading due to the speed."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Build EU GDPR data protection compliance from scratch with these activities:
Review Data Protection Principles
Reinforce your understanding of fundamental data protection principles before diving into the complexities of GDPR.
Show steps
  • Identify the core data protection principles.
  • Summarize each principle in your own words.
  • Find examples of how each principle applies in practice.
Read 'GDPR for Dummies'
Gain a foundational understanding of GDPR concepts through a beginner-friendly guide.
View GDPR For Dummies on Amazon
Show steps
  • Read the book cover to cover.
  • Take notes on key definitions and concepts.
  • Identify areas where you need more clarification.
Conduct a Personal Data Inventory
Apply your GDPR knowledge by creating a personal data inventory for a hypothetical organization.
Show steps
  • Choose a hypothetical organization.
  • Identify the types of personal data they collect.
  • Document the purpose for collecting each type of data.
  • Determine the legal basis for processing the data.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Develop a Data Breach Response Plan
Solidify your understanding of data breach procedures by creating a comprehensive response plan.
Show steps
  • Define what constitutes a data breach.
  • Outline the steps for containing a breach.
  • Create a communication plan for notifying stakeholders.
  • Establish procedures for documenting and reporting breaches.
Study 'The EU General Data Protection Regulation (GDPR)'
Deepen your understanding of GDPR with a practical guide used by professionals.
View Putting Knowledge to Work on Amazon
Show steps
  • Read the book, focusing on areas relevant to your work.
  • Note key legal requirements and compliance strategies.
  • Consider how to apply the book's advice to your organization.
Write a Blog Post on Schrems II
Solidify your understanding of international data transfers by explaining the Schrems II ruling in a blog post.
Show steps
  • Research the Schrems II ruling and its implications.
  • Summarize the key points of the ruling in simple terms.
  • Explain how the ruling affects international data transfers.
  • Offer practical advice for complying with the ruling.
Volunteer at a Privacy Rights Organization
Gain practical experience by volunteering at an organization that advocates for privacy rights.
Show steps
  • Identify privacy rights organizations in your area.
  • Contact the organization and inquire about volunteer opportunities.
  • Assist with tasks such as research, outreach, or advocacy.

Career center

Learners who complete Build EU GDPR data protection compliance from scratch will develop knowledge and skills that may be useful to these careers:
Data Protection Officer
A Data Protection Officer ensures an organization complies with data protection laws, such as the General Data Protection Regulation. This role involves developing and implementing data protection policies, conducting audits, and training employees. This course helps you build EU General Data Protection Regulation data protection compliance from scratch, which helps equip you with knowledge of the regulations, implementation guides, risks to a company's information technology framework, and data protection concepts such as privacy by design. Taking this course may set a learner up for success in navigating complex data protection landscapes and fulfilling the responsibilities of a Data Protection Officer.
See salaries and explore the career path for Data Protection Officer
Privacy Consultant
A Privacy Consultant advises organizations on how to comply with data privacy regulations and best practices. This includes assessing current privacy practices, developing privacy policies, and helping implement privacy programs. With its focus on building EU General Data Protection Regulation data protection compliance, this course may help an aspiring Privacy Consultant gain practical knowledge of General Data Protection Regulation requirements, data privacy concepts, and privacy-enhancing technologies. The course also provides a comprehensive learning plan making it particularly valuable for those looking to offer data privacy consulting services.
See salaries and explore the career path for Privacy Consultant
Compliance Manager
A Compliance Manager ensures that a company adheres to internal policies, industry regulations, and legal requirements. As a compliance manager, one might be charged with implementing and monitoring General Data Protection Regulation compliance programs. This course, centered on building EU General Data Protection Regulation data protection compliance from scratch, provides insights into General Data Protection Regulation principles, data protection impact assessments, and how to handle data breaches. The course is helpful for Compliance Managers, who will find value in the practical guidance on implementing General Data Protection Regulation compliance measures.
See salaries and explore the career path for Compliance Manager
Information Security Manager
An Information Security Manager is responsible for protecting an organization's data and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. This individual often works to ensure privacy and security are both addressed. Given its comprehensive approach to building EU General Data Protection Regulation data protection compliance from scratch, this course helps the aspiring Information Security Manager understand data privacy concepts, privacy enhancing technologies, and the relationship between information security and data protection. The course will likely be valuable to those looking to integrate data privacy considerations into their information security strategies.
See salaries and explore the career path for Information Security Manager
Data Governance Manager
A Data Governance Manager develops and implements policies and procedures to ensure data is accurate, secure, and used in compliance with regulations. This role involves establishing data quality standards, managing data access, and overseeing data retention policies. This course explains the difference between information technology and data governance. The course also dives into data retention concepts and best practices in the General Data Protection Regulation context. Taking this course helps Data Governance Managers by providing a solid foundation in General Data Protection Regulation compliance and data protection principles applicable to data governance frameworks.
See salaries and explore the career path for Data Governance Manager
Privacy Engineer
A Privacy Engineer integrates privacy considerations into the design and development of systems, products, and services. This role involves working with engineering teams to implement privacy-enhancing technologies and ensure compliance with data protection regulations. This course helps the aspiring Privacy Engineer gain practical knowledge of privacy enhancing technologies, identity and access management under General Data Protection Regulation, and encryption techniques. The course may be useful for those looking to apply their engineering skills to data privacy challenges.
See salaries and explore the career path for Privacy Engineer
Cybersecurity Analyst
The Cybersecurity Analyst monitors and protects computer networks and systems for threats, vulnerabilities, and intrusions. Cybersecurity analysts often work to understand the relationship between privacy and security. This course will familiarize the aspiring Cybersecurity Analyst with major risks to a company's information technology framework, application-related risks, and network-related risks. The course helps Cybersecurity Analyst integrate privacy considerations into their cybersecurity strategies.
See salaries and explore the career path for Cybersecurity Analyst
IT Auditor
An Information Technology Auditor evaluates an organization's information technology infrastructure, policies, and procedures to ensure they are effective, secure, and compliant with regulations. The role involves assessing risks, identifying vulnerabilities, and recommending improvements to controls. With lessons on major risks to a company's information technology framework, application-related risks, and network-related risks, this course may help the Information Technology Auditor learn the role of the information technology professional in preserving privacy. You may also learn about the differences between security and privacy.
See salaries and explore the career path for IT Auditor
Contract Manager
The Contract Manager is responsible for managing and administering contracts, ensuring they comply with legal and regulatory requirements. This involves drafting, reviewing, and negotiating contracts, as well as monitoring contract performance. The course touches on lawful processing of human resources data and contracts. Therefore, the course may be useful for Contract Managers who work to ensure General Data Protection Regulation compliance in contractual agreements.
See salaries and explore the career path for Contract Manager
Human Resources Manager
The Human Resources Manager oversees all aspects of human resources practices and processes. This includes recruitment, employee relations, compensation, and benefits. The course reviews lawful processing from a human resources point of view. This may be useful for Human Resources Managers involved in ensuring General Data Protection Regulation compliance in human resources practices and policies.
See salaries and explore the career path for Human Resources Manager
Chief Information Officer
A Chief Information Officer (or CIO) will align information technology strategy with business goals. The CIO is responsible for planning, coordinating, and directing all computer-related activities in an organization. The CIO will be interested in learning about major risks to a company's IT framework, application related risks, and network related risks. In this way, this course may be useful for helping to manage the IT considerations of General Data Protection Regulation compliance across an organization.
See salaries and explore the career path for Chief Information Officer
Project Manager
A Project Manager is responsible for planning, executing, and closing projects, ensuring they are completed on time, within budget, and to the required quality standards. With its focus on how to plan a General Data Protection Regulation project, the course may equip the aspiring Project Manager with a structured approach to managing General Data Protection Regulation compliance initiatives. It may also provide insights into roles, responsibilities, and key considerations for successful General Data Protection Regulation project implementation.
See salaries and explore the career path for Project Manager
Business Analyst
A Business Analyst analyzes an organization's business processes and systems to identify areas for improvement and develop solutions to meet business needs. Often, this role serves to improve a business's compliance posture. With its introduction to General Data Protection Regulation concepts, privacy principles, and gap assessments, this course assists the aspiring Business Analyst in understanding General Data Protection Regulation compliance requirements. This course may be useful for those looking to analyze and improve business processes in alignment with data protection regulations.
See salaries and explore the career path for Business Analyst
Software Developer
A Software Developer designs, develops, and tests software applications and systems. As software developers are involved in the creation and maintenance of systems that process personal data, understanding General Data Protection Regulation requirements and privacy considerations can be important. With its discussions of privacy enhancing technologies, identity and access management, and encryption techniques, this may be useful for Software Developers looking to build privacy-aware applications and systems.
See salaries and explore the career path for Software Developer
Sales Manager
A Sales Manager leads and directs a sales team to achieve sales targets and revenue goals. Given its focus on General Data Protection Regulation compliance, the course may be relevant to the Sales Manager looking to ensure that sales practices and processes align with data protection regulations, particularly in relation to data collection, consent, and marketing activities.
See salaries and explore the career path for Sales Manager

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Build EU GDPR data protection compliance from scratch.
Cover image
Putting Knowledge to Work
Save
Offers a detailed and practical guide to the GDPR, covering key aspects of the regulation and providing actionable advice for compliance. It delves into the legal requirements and offers insights into implementation strategies. This book is valuable as a reference tool for understanding the nuances of GDPR and applying them to real-world scenarios. It is commonly used by legal professionals and data protection officers.
Putting Knowledge to Work
Paperback
Check
Putting Knowledge to Work
Kindle Edition
Check
Cover image
GDPR For Dummies
Save
Provides a clear and accessible overview of the GDPR, making it an excellent starting point for understanding the regulation. It breaks down complex legal concepts into easy-to-understand language, ideal for those new to data protection. While not a deep dive, it offers a solid foundation for further study and practical application. It is particularly helpful for understanding the basic requirements and implications of GDPR.
GDPR For Dummies
Paperback
$$
GDPR For Dummies
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Rating
4.4 Filled star Filled star Filled star Filled star Empty star
Effort
15.5 total hours
Via
Udemy
Instructor
Roland Costea
Language
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Offers a comprehensive learning plan designed to prepare learners for IAPP certifications like CIPT, CIPM, and CIPP/E, which are highly valued in the data privacy field
Includes a collection of 61 templates and documents, providing practical resources for implementing a GDPR program from the ground up, which can save time and effort
Explores the relationship between ISO27K and GDPR, offering insights into how these frameworks can be integrated for enhanced data protection, which is useful for compliance professionals
Examines the Schrems II ruling and the EU-US Data Privacy Framework, which are critical for understanding international data transfer compliance requirements, and is relevant for organizations operating globally
Requires learners to understand the relationship between GDPR and other regulations, such as the ePrivacy Directive, which may require additional study time for those unfamiliar with these topics
Covers topics like 'Brexit and GDPR - what has changed,' which may become outdated as laws and regulations evolve, requiring learners to stay updated on the latest developments
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to Build EU GDPR data protection compliance from scratch.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser