Buy Now 600 300

Certified GDPR Lead Implementer

About Certification

GSDC's Certified GDPR Lead Implementer certification is aimed toward providing in-depth knowledge and practice to establish and maintain a Personal Information Management System in line with the Privacy requirements including GDPR. Certified GDPR Lead Implementer is responsible for setting the highest standard of data protection modified to their organizational needs in line with industry standards. GDPR Lead Implementer Certification helps you in gaining a comprehensive understanding of the concepts and approaches required for effective alignment for organizations with the General Data Protection Regulation.

Certification badge for Certified GDPR Lead Implementer


Certified GDPR Lead Implementer course module's objective is mainly to share a deep understanding of:

  • Privacy concepts and PII categories
  • Privacy Principles
  • Phases of PII processing Lifecycle
  • Requirements of BS 10012:2017 +A1:2018 and GDPR to establish PIMS including Data inventory & data flow, Privacy Impact Assessments, etc.
  • Interpret the requirements from an implementation perspective in the context of their organization.
  • Conduct a baseline review of the organization's current position with regard to BS 10012:2017 +A1:2018 and GDPR.
  • Integrate globally acceptable best practices with the present management system

Target Audience


Data Privacy Officers and those who will be involved in advising top management on the introduction of BS 10012:2017 +A1:2018 into an organization.

Designed for core implementation teams with the responsibility of compliance with global privacy compliance frameworks.

Those planning to lead and implement a system, or new to managing a system

Consultants responsible for implementing data privacy frameworks



After the completion of this certification, participants will have:

Understanding of effective personal information management within an organization that protects personally identifiable information (PII) within information and communication technology(ICT) systems.

Understanding of common privacy terminology and the common Privacy Principles

Understand of privacy safeguarding requirements

Learning about crucial processes, policies, and procedures that can be put into practice immediately including Privacy Impact Assessment, Risk Treatment, Data Inventory & Data Flow

Ability to create a framework for your own Personal Information Management System (PIMS) in line with the requirements of the Global Data Protection Regulation (GDPR).

Gathering knowledge to develop a PIMS framework and building awareness and support for privacy across your organization

Capability to protect personal information and meet stakeholder expectations

Influencing continuous professional development across your organization



Basic understanding of privacy principles.

Knowledge of the information security management principles and concepts.



There will be a multiple-choice exam of 40 marks.
You need to acquire 26+ marks to clear the exam.
If you fail, you can retake the exam after one day.
In case Participant does not score passing percentage then they will be granted a 2nd attempt at no additional cost. Re-examination can be taken up to 30 days from the date of the 1st exam attempt.



Exam Syllabus

1. Introduction to GDPR & Privacy concepts

  • GDPR Background
  • Territorial scope
  • Mapping of GDPR with BS 10012:2017
  • Privacy Terms and Definitions
  • How do we recognize PII?
  • Phases of PII processing Lifecycle
  • Privacy Principles - BS10012:2017 and GDPR
  • Rights of Natural Persons

2. Major risks to a company's IT framework

  • Application related RISKS
  • Network related RISKS
  • Storage related RISKS

3. Stakeholders expectations for privacy

  • Privacy vs Security
  • IT Governance vs Data Governance
  • Roles and Responsibilities of DPO, Controller, Processor,etc
  • The role of the IT professional & other stakeholders in
  • Privacy Foundational elements - Organizational Privacy
  • Privacy Foundational elements - Organizational Privacy
  • Privacy Foundational elements - Organizational Security
  • Incident Response - Security and Privacy Perspective

4. System Development Lifecycle and Enterprise Architecture

  • Privacy Impact Assessments (PIA)
  • Common Privacy Principles
  • The Collection Process - Notice
  • The Collection Process - Choice, Control & Consent
  • Other topics related to Collection
  • Security Practices and Limitations on Use
  • Disclosure
  • Retention - Records, Limitations, Access
  • Retention - Security Considerations
  • Destruction
  • Limitations of Access Mgmt & Least Privilege principle
  • Context of Authority
  • Cross Site Authentication & Authorization Models
  • Credit card information & Processing
  • Remote Access & BYOD - Privacy & Security Consideration
  • Remote Access & BYOD - Access to Computers & Architecture

5. Data Encryption - Design Considerations

  • Application, Record and Field Encryption
  • File & Disk Encryption
  • Encryption Regulation & Crypto Standards
  • Other Privacy enhancing Technologies
  • Software Notifications and Agreements

6. Organizational Privacy Strategy for Social Media

  • Consumer Expectations
  • Children's Online Privacy
  • Social media - personal information collected
  • Social media - personal information shared and ownership
  • E-commerce personalization
  • Online Advertising
  • Key considerations when posting ADs on your website
  • Understanding cookies, beacons and other tracking technology
  • Web Browser Privacy and Security Features
  • Wireless Technology - RFID
  • Wireless Technology - NFC, Bluetooth & WiFi
  • Location-Based Services (LBS) - generalities
  • Location-Based Services (LBS) - GPS
  • Location-Based Services (LBS) - GIS
  • Surveillance of Individuals
  • Data surveillance & Biometric recognition

7. Data Protection & Direct Marketing

  • The concept of Direct marketing
  • The right to opt-out
  • Marketing Requirements under the e-Privacy Directive
  • Postal Marketing
  • Tele Marketing
  • Electronic Marketing
  • Location-Based Marketing
  • Online Behavioral Advertising (OBA) and GDPR
  • Audit Planning including Checklist
  • GDPR Audit with DPIA Assessment


The Global Skill Development Council (GSDC) is an independent, vendor-neutral, international credentialing and certification organization for the emerging technologies:

  • Advisory board members and SMEs are from around the world, drawn from different specializations.
  • Supported by the world's most esteemed thought leaders from Yale, MIT, Stanford, Wharton, and Harvard.
  • Hub of Trending Technologies and framework certifications.
  • Content curated by Industry's best Subject matter experts.
  • Webinars and Conferences.
  • Training Partners Across The Globe.

295 Turnpike Rd block 519, Westborough, MA 01581, USA
Hohenstieglen 6, 8152 Glattbrugg, Switzerland +41 41444851189
Global Skillup Certification Pte Ltd 100D Pasir Panjang Rd, #05-03 Meissa, Singapore 118520

The Global Skill Development Council (GSDC) is an Independent, Vendor Neutral, International Credentialing and Certification Organization for Professionals.