Data Protection Officer (DPO) Training Course

Gain DPO skills under GDPR and Ukrainian law — from data protection essentials to AI, risk management, and cybersecurity practices.

Experts: Andrii Nikolaiev, Liliia Oleksiuk, Oleksandr Shevchuk, +8

The educational series covers key legal and professional topics for Data Protection Officer training under EU and Ukrainian law, providing structured knowledge and practical skills for effective data protection work.

You'll Learn:
• Regulatory framework: GDPR, Ukrainian law, related EU acts
• Key concepts, principles, and legal bases for data processing
• Implementation of data subjects’ rights and transparency
• Roles and accountability: controller, processor, joint controllers, ROPA, interaction with supervisory authorities
• Risk management and DPIA
• Privacy by design and privacy by default
• Mechanisms for international data transfers
• Technical foundations: security, IAM, biometrics
• Technological domains: web and mobile applications, cloud, Big Data, Data Spaces, IoT, 5G
• Artificial intelligence: privacy, compliance, regulation in the EU

The educational series was created by the EU4DigitalUA project, which is funded by the European Union and implemented by FIAP, in cooperation with the AEPD and the Office of the Ombudsman of Ukraine for the Diia.Education platform.
The content of this educational series is the sole responsibility of the authors and does not necessarily reflect the views of the European Union. The materials of the series are for educational purposes only and do not constitute legal advice.

Format:
Education series
EKTS:
0.2
Languages:
Ukrainian, English
Topic:
Re/Upskilling
Intended for:
for civil servants, for public servants, for new job seekers, for new profession

Skills:

Aligning policies with EU and UA law
Applying data transfer rules
Applying privacy-enhancing tech
Applying processing principles
Applying SCC and BCR
Assessing AI compliance
Assessing GDPR extraterritorial reach
Assessing processing necessity and proportionality
Assessing risks to rights
Building ethical data policy
Building processing records
Conducting DPIA
Configuring consent mechanisms
Configuring human oversight for AI systems
Defining controller and processor roles
Defining GDPR scope
Defining joint controllers
Designing IAM solutions
Designing risk mitigation
Detecting principle breaches
Developing compliance policies
Differentiating DPIA and FRIA
Distinguishing anonymization and pseudonymization
Documenting IAM compliance
Drafting compliant responses
Drafting processing agreements
Embedding risk management in policies
Embedding transparency in systems
Ensuring UI transparency
Evaluating control effectiveness
Handling data subject requests
Identifying personal data
Identifying privacy risks
Identifying processing risk factors
Implementing MFA and RBAC
Implementing privacy by design
Liaising with DPO and SA
Managing AI risks
Managing consent and data lineage
Managing cookies and trackers
Managing innovation risks
Managing security incidents
Managing timelines and exemptions
Monitoring data transfer compliance
Performing transfer impact assessments
Planning for new regulations
Planning internal audits
Running product DPIA
Securing biometric data
Securing data in cloud
Selecting cross-border transfer mechanism
Verifying requester identity

Program

Start

This episode builds the foundation for DPO training: what personal data is and how identifiability is assessed, the difference between anonymization and pseudonymization, the role of the data subject, and the notion of processing. It outlines the history of privacy, GDPR processing principles, and their practical application, and common pitfalls. It also covers legal bases for processing, rules for identifying and justifying them, and basic compliance tools.
This episode maps the legal foundations: the logic and structure of the GDPR, its scope and extraterritorial reach; the GDPR’s place in the EU digital ecosystem and its links to the DSA, DMA, Data Act, Data Governance Act, AI Act, and the European Electronic Communications Code (EECC); the basics of Ukrainian regulation and supervision; requirements for cross-border transfers and adequacy mechanisms. Focus: practical guidance for DPOs navigating EU–Ukraine rules.
This episode covers data subject rights and transparency requirements: information and access, rectification and erasure, restriction and related notifications, data portability, objection, and decisions based on automated processing and profiling. It explains response timelines and conditions, requester verification, permissible exceptions, and disclosures on transfers outside the EU. You will learn to organize rights-handling processes and provide accurate, complete, and timely responses.

Invited experts

Andrii Nikolaiev
Author of the idea, co-author, and editor of the course. Lawyer with expertise in data protection, privacy, and AI ethics, Member of the Expert Council attached to the Representative of the Commissioner for Information Rights
Liliia Oleksiuk
Co-author of the course. PhD of public administration, Advisor to the Verkhovna Rada Committee on National Security, Defence and Intelligence, Privacy Expert
Oleksandr Shevchuk
Co-author of the course. PhD in Law, National Expert on Personal Data Protection of the EU4DigitalUA project
Yuliia Derkachenko
Representative of the Commissioner for Information Rights of the Secretariat of the Ukrainian Parliament Commissioner for Human Rights