The Data Protection Regulation was adopted on 8th November, 2019 and became enforceable on 25th November, 2019. The purpose of the Act is to give effect to Article 31(c) and (d) of the Constitution that contains the right to privacy which is a fundamental human right. Data protection is the process of safeguarding personal information, in accordance with a set of principles laid down by law

Aims and Objectives of Data Protection Officer Course

  • Familiarize with the General Data Protection Regulation/Act (DPR/A)
  • Understand the principles, roles, responsibilities and processes under the Regulation
  • Learn the obligations of data controllers and processors
  • Familiarize with the rights of data subjects and their relevance in daily life
  • Understand and apply compliance mechanisms
  • Learn the rules regarding international data transfers under the DPR/A
  • Learn the first steps for complying with the DPR/A
  • Learn how to use DPR/A as a data protection management system
  • Learn the requirements of a DPO
  • Gain the necessary knowledge and skills to become a DRO

Learning Outcomes

Having successfully completed this course you will be able to:

  • Demonstrate knowledge the principles, roles, responsibilities and processes under the Regulation Prepare your company to be DPR/A compliant
  • Demonstrate knowledge on the obligations of data controllers and processors
  • Protect your rights as data subject and personal data from unlawful processing
  • Apply control measures and compliance mechanisms
  • Undertake duties as a DPO

Who should attend

  • Any company, big or small, which processes personal data
  • Company executives
  • HR and IT directors
  • Lawyers and Company consultants
  • Security Managers/ Directors
  • Anyone who wishes to know more about data protection especially those handling personal data

Prerequisites skills and knowledge required

  • Understanding of instruction language (English)

Available in-house/distant learning?

  • Yes

Course Outline

Part 1

  • Introduction to General Data Protection Regulation
    • Definitions
    • Why is the DPR/A necessary?
  • Regulations’ analysis
    • Principles relating to processing of personal data
    • Lawfulness of processing
    • Conditions for consent
    • Conditions applicable to child’s consent in relation to information society services
    • Processing of special categories of personal data
    • Processing of personal data relating to criminal convictions and offences
    • Rights of data subjects
    • Information provided to the data subjects

Part 2:

  • Independent Supervisory Authorities
    • Supervisory authority
    • Independence
    • General conditions for the members of the supervisory authority
    • Rules on the establishment of the supervisory authority
    • Competence
    • Competence of the lead supervisory authority
    • Tasks
    • Powers
    • Activity reports
  • Codes of Conduct and Certification
    • Codes of conduct
    • Monitoring of approved codes of conduct
    • Certification
    • Certification bodies
  • Transfers of personal data to third countries or international organisations
    • General principle for transfers
    • Transfers on the basis of an adequacy decision

Part 3

  • Remedies, liability and penalties
  • Right to lodge a complaint with a supervisory authority
  • Right to an effective judicial remedy against a supervisory authority
  • Right to an effective judicial remedy against a controller or
  • processor
  • Representation of data subjects
  • Right to compensation and liability
  • General conditions for imposing administrative fines
  • Penalties
  • Security of personal data
  • Security of processing
  • Notification of a personal data breach to the supervisory authority
  • Communication of a personal data breach to the data subject
  • Personal Data Hazards
  • Dealing with hazards
  • Information Security Management Systems – ISO 27001
  • Controller and Processor
    • Controller
    • Processor
    • Processing under the authority of controller or processor

Part 4

  • Data Protection Officer (DPO)
    • Designation of the data protection officer
    • Position of the data protection officer
    • Tasks of the data protection officer (DPO)
    • Data protection officer’s skills and education
    • Data protection officer and conflict of interests
    • Internal or external DPO?
  • DPR/A as a Personal Data Protection Management System
    • Data Protection Management System
    • Basic Procedures of a Data Protection Management System
    • Supportive Procedures of a Data Protection Management System
    • Audit

Exam and Certification

  • Exam for Data Protection Officer (DPO)
    • Hours – 1.5
    • Pass mark – 70%
  • ‘‘Data Protection Officer (DPO) Course’’ Certificate will be issued upon successful completion

Teaching Methods

  • Detailed presentations (available for download) – 200+ Slides


  • Reading lists and resources available in presentations


  • KES 30,000

Download Certificate Sample


100% Online course


Downloadable course material

Enrolment: 1 month

Flexible schedule

Language: English