GDPR Effective Audit and Control

An eLearning module addressing these issues:

Internal Audit is a critical function that supports top management by providing a systematic approach to evaluating and improving the effectiveness of the organisation.  

The world is changing and becoming increasingly data centric so Internal Audit needs to adapt too.  New macro level controls that evaluate effectiveness of data related policies, strategies and architecture are required.  Enhanced micro level controls that evaluate detailed compliance of functions and systems are required.    

Internet, electronic trading, social media and mobile usage has transformed the world, generated huge growth of data and made its management a Board level issue.

Data lies at the heart of the organisation.

Laws and internal practices need to catch up to be relevant and effective.

With respect to personal data, the General Data Protection Regulation (GDPR) is the EU’s initiative to overhaul privacy laws to create an effective legislative framework. It will have a huge impact and will demand extensive self-regulation.

Internal Audit (IA) is a crucial, independent, objective assessment and assurance activity designed to de-risk and add value to an organisation. IA needs to adapt:

- To fulfil the self-regulation aspects of GDPR (and many other regulations)
- To enhance the audit framework to reflect the significance of data to the organisation

The purpose of this course is to describe macro (big picture) and micro (the devil is in the detail) level enhancements to empower IA to ensure the organisation has an effective and powerful agenda for managing data for GDPR and beyond.

This module is part of the EDMworks Data Management Agenda for Privacy

Completion of the course will provide the delegate with:

An understanding of the strengths and limitations of the macro level data controls

- Architecture and taxonomies

- Policies and strategies

- Governance and controls

An understanding of the strengths and limitations of the micro level data controls:

- System audits and data quality management, lineage etc.

An ability to analyse issues at different levels of management

An ability to understand data usage across the organisation and make insightful recommendations for adding value or reducing cost

The Benefits to the organisation include:

Effective monitoring, feedback and improvement of macro level data controls leading to long term systems, process, risk management and organisational improvements

Effective monitoring, feedback and improvement of micro level data controls leading to long term systems, process, risk management and organisational improvements

Creation of an effective catalyst for change in today's data driven world

The course is structured into the following components:

One eLearning course segmented into three modules. The contents of the three modules are described in Course Contents below.

Each module consists of:

- A one day seminar/workshop, highly interactive with case study exercises and feedback

- An eLearning self-paced module on the General Data Protection Regulation to provide background on GDPR and managing data about people

- An eLearning module on BCBS 239, Risk data management regulation to provide background on approaches to managing data and providing effective governance

Duration and timing

The workshop is a full day from 9-5pm.

Each eLearning module has an approximate duration of 1 hour.

On-line certification

The workshop has a certificate of completion.

The eLearning modules both have optional certification tests.

The test consists of multiple choice, matching pair and true/false questions. Test questions are randomised.

The test should take approximately 15 minutes. There is a time limit of 30 minutes.

The delegate must answer all questions correctly.


On the eLearning modules there are self-assessments in each module that you can take as many times as you like.

This is confidential and does not form part of your test score.

On successful completion, a certificate is issued and an on-line record of achievement is maintained in our register

Global availability

The course modules and certification test are globally available without restriction.

They can be accessed 24/7.


The cost of the course for one delegate is GBP 650 includes the workshop and two eLearning courses (approx value GBP 200.00) (plus VAT where applicable). 


When making payment you will be presented with several different PayPal options. Please choose the right one for you. If you have any queries, please contact us at


If you would like to pay against an invoice then please email us with Purchase Order details at

Corporate Rates

If you are interested in making a bulk corporate order, please email for more information.

This provides the delegate with:

- The workshop and eLearning Courses

- A recognised certificate

- Entries in the EDMworks Register

- The option to make this record public for job requirements

Course Contents

The classic role of IA

- A brief history of internal audit

- Underlying principles, purpose and intent

- Independence and advisory roles

- Processes, data, systems, quality, controls, reporting, assets

- Policies, Risk, Governance and Compliance

- Audit prioritisation, planning and control

General Data Protection Regulation (supplementary to eLearning)

- Scope, objectives, principles and rights

- Obligations, roles and accountabilities

- Transfers and contracts

- Liabilities and penalties

- Privacy by design and default

- Privacy Impact Assessments

- Breach Incident Management

- Self regulatory aspects and liaison with supervisors

- Examples of other self-regulatory regulations

Data at the heart of the organisation

- Data at the heart. Interaction with process and management

- Data flows or data stores?

- Fit for purpose data architecture

- Fit for purpose data strategy

- Fit for purpose data quality

Macro level controls

- Critical architectural components

- Taxonomies

- Organisation models for data ownership and accountability

- Governance and control processes

- Data flows, lineage and controls

- Enterprise data dictionary and inventory

- Privacy and consent management

- Magic triangles: Architecture, Audit and Governance

Micro level controls

- System/process reviews

- Policy compliance

- Strategy compliance

- Architecture compliance

- Data mapping and transformation control

On-line assessment. Scenario based multiple choice and matching questions

Last modified: Monday, 10 October 2016, 12:14 PM