Training Module
Training Module
Data Protection Fundamentals
A helicopter view of privacy roles, obligations, and mechanisms in organisations
Understand
Implement
Manage
Audit
Training module overview
Privacy and data protection are often approached either as detailed legal analysis or as isolated operational tasks. What is frequently missing is a clear, shared understanding of the domain as a whole: the roles organisations play, the lifecycle of personal data, the obligations that recur across laws, and the instruments used to manage them.
This module provides that overview. Participants learn how personal data is handled in organisations, how responsibilities are typically structured, what most data protection regimes expect in principle, and why mechanisms such as impact assessments, processing records, and contractual arrangements exist.
The module is intentionally non-technical and non-prescriptive. It explains what the main elements of the data protection domain are and how they relate, without teaching how to perform specific assessments, create documents, or implement controls. It can be taken as a complete stand-alone introduction or used as a foundation for more specialised data protection roles.
Privacy and data protection are often approached either as detailed legal analysis or as isolated operational tasks. What is frequently missing is a clear, shared understanding of the domain as a whole: the roles organisations play, the lifecycle of personal data, the obligations that recur across laws, and the instruments used to manage them.
This module provides that overview. Participants learn how personal data is handled in organisations, how responsibilities are typically structured, what most data protection regimes expect in principle, and why mechanisms such as impact assessments, processing records, and contractual arrangements exist.
The module is intentionally non-technical and non-prescriptive. It explains what the main elements of the data protection domain are and how they relate, without teaching how to perform specific assessments, create documents, or implement controls. It can be taken as a complete stand-alone introduction or used as a foundation for more specialised data protection roles.
Target audience
Professionals entering or working in data protection–related roles (managers, coordinators, advisors)
Employees who handle or influence personal data in HR, IT, operations, products, or customer services
Consultants supporting organisations with basic or evolving data protection practices
Internal auditors or assurance professionals seeking domain understanding (without audit technique)
Professionals entering or working in data protection–related roles (managers, coordinators, advisors)
Employees who handle or influence personal data in HR, IT, operations, products, or customer services
Consultants supporting organisations with basic or evolving data protection practices
Internal auditors or assurance professionals seeking domain understanding (without audit technique)
Agenda
What privacy and data protection are really about
Personal data, identifiability, and why context determines sensitivity
Privacy principles as recurring constraints on organisational data use
Personal data in organisations: lifecycle perspective
Typical lifecycle stages from collection to deletion
Where loss of oversight and control most commonly occurs
Organisational roles in data protection
Why roles such as decision-makers and instruction-followers exist
How role distinctions drive accountability and coordination needs
Common obligations across data protection regimes
Transparency, purpose alignment, minimisation, and retention discipline
Accountability expectations and escalation when things go wrong
Key instruments and mechanisms
Why tools such as DPIA, processing records, and agreements exist
What organisational problems these instruments are meant to address
Data subject rights: intent and organisational impact
What data subject rights aim to protect and enable
Why rights handling affects multiple functions, not just one team
Case-based workshop
Map roles, data flows, obligations, and instruments in a realistic scenario
Discuss how the elements interact and where misunderstandings arise
What privacy and data protection are really about
Personal data, identifiability, and why context determines sensitivity
Privacy principles as recurring constraints on organisational data use
Personal data in organisations: lifecycle perspective
Typical lifecycle stages from collection to deletion
Where loss of oversight and control most commonly occurs
Organisational roles in data protection
Why roles such as decision-makers and instruction-followers exist
How role distinctions drive accountability and coordination needs
Common obligations across data protection regimes
Transparency, purpose alignment, minimisation, and retention discipline
Accountability expectations and escalation when things go wrong
Key instruments and mechanisms
Why tools such as DPIA, processing records, and agreements exist
What organisational problems these instruments are meant to address
Data subject rights: intent and organisational impact
What data subject rights aim to protect and enable
Why rights handling affects multiple functions, not just one team
Case-based workshop
Map roles, data flows, obligations, and instruments in a realistic scenario
Discuss how the elements interact and where misunderstandings arise
Course ID:
HAM-DPF-1
Audience:
Manager
Auditor
Domain:
Data Protection
Available in:
English
Duration:
7 h
List price:
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
What you get
Learning outcomes
Explain what personal data is and how identifiability arises in organisational contexts
Describe the personal data lifecycle and recognise common points of loss of control
Understand why different organisational roles exist in data protection and what they imply
Recognise recurring obligations found across most data protection laws and frameworks
Explain what instruments such as DPIA, records of processing, and processing agreements are, and why organisations use them
Understand how roles, obligations, and instruments relate — without performing or designing them
Explain what personal data is and how identifiability arises in organisational contexts
Describe the personal data lifecycle and recognise common points of loss of control
Understand why different organisational roles exist in data protection and what they imply
Recognise recurring obligations found across most data protection laws and frameworks
Explain what instruments such as DPIA, records of processing, and processing agreements are, and why organisations use them
Understand how roles, obligations, and instruments relate — without performing or designing them
Learning materials
Slide deck
Participant workbook
Certificate of completion
Slide deck
Participant workbook
Certificate of completion
Templates & tools
Personal data lifecycle mapping canvas (scenario-based)
Roles and responsibility overview map (conceptual)
Overview sheet: key data protection instruments and their purpose
Optional AI prompt examples for privacy-aware summarisation and orientation
Personal data lifecycle mapping canvas (scenario-based)
Roles and responsibility overview map (conceptual)
Overview sheet: key data protection instruments and their purpose
Optional AI prompt examples for privacy-aware summarisation and orientation
Prerequisites
None. Participants should be familiar with basic organisational contexts such as processes, roles, and information use.
None. Participants should be familiar with basic organisational contexts such as processes, roles, and information use.
Continuous learning
Follow-up modules
Follow-up modules
After completion of this module, the following modules are ideal to further deepen the participant's competence.
After completion of this module, the following modules are ideal to further deepen the participant's competence.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.