Data Protection Practitioner (S-DPP)

Learn and practice a Data Protection Officer's tasks with experienced privacy specialists
EnrollBook as in-company

What will you learn?

  • 9Write GDPR-compliant privacy policies, data subject rights procedures, data breach procedures and processing agreements;
  • 9Conduct Data Protection Impact Assessments (DPIAs) on projects and processes;
  • 9Develop an effective privacy awareness program;
  • 9Understand how to design, implement and improve a Data Protection Management System (DPMS).


  • 5 course days
  • 20 hours of self-study
  • R1 CPE credit per hour

Data Protection Practitioner – Hands-on training for future Data Protection Officers

Our Data Protection Practitioner course was designed by experienced privacy specialists to equip you with the knowledge and skills you need to become a Data Protection Officer and succeed in your role, helping your organisation achieve and maintain GDPR-compliance.

In this course, you will consolidate your knowledge of the GDPR and practice a DPO’s tasks with realistic hands-on assignments. First, you will learn how to build a GDPR-compliant data protection program by embedding data protection in an organisation’s strategic, tactical and operational management. Our practical exercises will challenge you to create strategic data protection policies, privacy notices, processing registers, data subject rights procedures, data breach procedures, and other must-have data protection tools for a simulated company.

Data Protection Impact Assessments (DPIAs) are often considered a major challenge by data protection professionals, but in this course you will also have the opportunity to practice performing DPIAs on a company’s specific projects.

As a Data Protection Officer, you may be responsible for raising data protection awareness in your organisation. To  improve your skills in this area, you will develop a data protection awareness program tailored to specific target groups based on behavioural theory.

In addition to the management aspects of data protection, you will also get a good understanding of the technical aspects of privacy by design and the implementation of privacy-enhancing technologies.

Finally, you will acquire the essentials of designing, implementing and improving a Data Protection Management System (DPMS). You will understand what data to include in data protection reports to support good governance and continuous improvement, how to prepare for (external) compliance audits, and how to implement a basic third-party assurance process.

Is Data Protection Practitioner for you?

This Data Protection Practitioner training is for you if you aspire to become a certified Data Protection Officer, GDPR-consultant, privacy consultant or compliance officer. The course is also ideal for IT or information security professionals who wish to specialise in a privacy-related area of information or cyber security. Finally, Privacy & Data Protection Practitioner is a popular training among starting Data Protection Officers looking to gain practical, hands-on experience to complement their knowledge of data protection and privacy.

This is an advanced Data Protection Officer training. Participants are required to have a good understanding of the EU GDPR. Unsure if you are familiar enough with the GDPR? Check out our Data Protection Foundation course. Designed for beginners, this Foundation course will help you understand the GDPR through practical examples and real-life scenario exercises.


What is included in the course?

  • Official SECO-Institute Privacy & Data Protection Practitioner course material, including realistic case study exercises and workable data protection templates;
  • Real-world practical training from experienced Data Protection Officers and information security professionals;
  • Practice exam and exam syllabus to prepare for your certification exam;
  • Certification exam voucher;
  • Access to the (S)ECO-system, a professional community website with additional resources and knowledge events.

Data Protection Practitioner Course Modules

Module 1 – Strategic Considerations

  • Translate corporate goals and needs into a vision on handling personal data, with a view to building enterprise-wide commitment to data protection
  • Turn your vision on data protection into an effective implementation strategy
  • Define data protection principles and develop a strategic data protection policy to support and govern the execution of the strategy
  • Understand the importance of creating a data inventory and the principles guiding the creation of such an inventory
  • Understand the (possible) need for a published privacy notice and the implications thereof
  • Draft a GDPR-compliant privacy notice

Module 2 – Impact and Risk Assessment

  • Understand the concepts of risk management, risk analysis and Data Protection Impact Assessment (DPIA)
  • Perform a (basic) DPIA, identify threats to data protection and identify effective measures to mitigate the risks
  • Define data protection (improvement) requirements for business processes, the internal organisation and the technology used, based on policies and DPIA outcomes

Module 3 – Operations

  • Understand the impact of data protection on regular operations
  • Identify specific legal and regulatory requirements relevant for specific operations
  • Incorporate data protection requirements into new and existing procedures in a pragmatic and effective manner
  • Organise data subject rights management, data processing agreement and data breach handling processes and documentation
  • Assess what is required and/or allowed when it comes to upholding policies, laws and regulations in an organisation

Module 4 – Design and Implementation

  • Use behavioural theory basics to design an effective data protection awareness program
  • Understand how technological tools can support data protection
  • Implement PET (Privacy-Enhancing Technologies) and, in particular, cryptography
  • Understand the concepts of privacy by design/default
  • Translate privacy by design/default to practical policies and procedures
  • Define generic data protection requirements for projects

Module 5 – Governance

  • Identify required data for reporting to support good governance and decision-making
  • Translate the concept of management systems to a Data Protection Management System (DPMS)
  • Prepare for an (external) audit on GDPR-compliance
  • Define and implement a basic third-party assurance process

Data Protection Practitioner Certification Exam

The Data Protection Practitioner certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. The exam voucher is included in the course fee, but you need to schedule your exam with the SECO-Institute. Upon successful completion of the exam, you will receive an exam certificate and an invitation to register your official SECO Data Protection Practitioner (S-DPP) certification title. By activating your certification title, you will become a certified professional in your field and you will receive a shareable digital badge to verify your competence to clients, employers and peers.

Exam information

  • Exam language: English (you are allowed to answer open questions in Dutch)
  • Exam delivery: online exam with remote proctoring (exam voucher included in the training fee)
  • Exam type: 10 multiple-choice questions, 5 open questions and one case study
  • Exam time: 120 minutes

SECO-Data Protection Practitioner Certification (S-DPP)

The SECO Privacy & Data Protection Practitioner certification exam covers high-level data protection competencies that are essential for Data Protection Officers and any professional aspiring to pursue a career in privacy. In particular, an S-PDPP certificate verifies your ability to:

  • Translate corporate goals and needs into a vision on handling personal data and build enterprise-wide commitment to data protection;
  • Draft and implement a strategic data protection policy in line with the GDPR’s data protection principles;
  • Draft a GDPR-compliant privacy notice;
  • Create data inventories and data flow maps;
  • Perform a Data Protection Impact Assessment and identify appropriate organisational and technical measures to reduce data protection risks;
  • Incorporate data protection into business processes and projects;
  • Establish procedures for receiving and managing data subject requests and complaints;
  • Identify elements to include in a data processing agreement;
  • Implement a process for managing data processing agreements;
  • Document data breaches and draft a data breach procedure;
  • Create and maintain processing registers;
  • Translate ‘privacy by design and by default’ principles into policies and procedures;
  • Design a privacy awareness program;
  • Ensure compliance with the GDPR’s accountability principle through the use of monitoring tools and effective documentation;
  • Monitor the maturity of a data protection program and identify compliance gaps;
  • Design data protection reports that support good governance and decision- making;
  • Prepare for GDPR compliance audits and investigations by the supervisory authority.

What are the benefits of a SECO-Data Protection Practitioner (S-DPP) certificate?

Your S-DPP certificate and digital badge demonstrate that you possess crucial knowledge and skills employers look for in Data Protection Officers and privacy professionals. With data protection jobs on the rise and a severe shortage of data protection specialists worldwide, earning an S-DPP title is a unique opportunity to kickstart a rewarding career in a constantly expanding field.

Privacy and data protection careers: The GDPR has created a persistent demand for Data Protection Officers. In 2017, it was estimated that the new European Regulation would create a minimum of 75,000 DPO jobs worldwide. Consequently, research in 2018 showed that 92% of all companies preparing for GDPR-compliance were planning to appoint a DPO, even if not required by law. As GDPR-compliance is a dynamic process and digitalisation brings new privacy challenges, the demand for Data Protection Officers will only continue to grow. In parallel, as data protection evolves, new privacy and data protection roles emerge. Examples of new data protection job titles include GDPR tester, GDPR paralegal, data protection analyst and GDPR consultant.

IT and information security careers: Data protection skills are not only important for Data Protection Officers. According to, around nine percent of information security jobs advertised specifically ask for a working knowledge of the GDPR. Examples include information security officers, IT security consultants, IT controllers, data architects and data managers.

Authors & Lead Trainers

Bart Baars
Author & Trainer

Privacy consultant
Privacy Officer Tennet

Anouk Dekoninck

Data Protection Program
Manager at PwC

“SECO combines a perfect blend of background reading, thought provoking tasks and open discussion. My knowledge base has increased exponentially over the 5- week programme, and it’s something that I would recommend to anyone seeking greater depth of transferable and practical knowledge in Data Protection.”

James Tarrant

Compliance Officer, Iwoca, London- United Kingdom

Register now

In-company training tailored to your needs

Schedule this training as in-company. Upskill your entire team in the most cost-effective way!