Current Status
Not Enrolled
Get Started



Course Description

This course describes a number of security measures that a company/organisation can implement to secure and control the processing of the personal data of its data subjects. It describes in detail the key provision of the Regulation (EU) 2016/679 (GDPR) that provides for the implementation of appropriate technical and organizational measures. Article 32(1) of the GDPR provides that a company/organisation (controller or processor) shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.

It describes physical, technical and organisational security measures and provides examples to understand their implementation. It also describes the steps to follow to decide for the appropriate security measures to implement.

It describes the risks that a company faces when processing personal data and provides examples in order to understand those risks and decide for the appropriate security measures to mitigate those risks.

It also describes how a personal data flow map can be developed in order to understand the company’s processing activities.

This course explains in detail the various data subjects’ rights and describes the controls that a company can implement to meet these data subjects’ rights.

This course also explains in detail the importance to identify a personal data breach, how to develop a “Personal Data Breach Response Plan” and describes in detail with examples the notification process to the supervisory authority and communication to data subjects of a personal data breach.

Topics covered

The course is split into the following sections:

Section 1: A summary of GDPR Regulation and get to know different security measures

  • Key Definitions
  • Summary of Regulation (EU) 2016/679 (General Data Protection Regulation).
  • The different types of security measures that a company can implement.
  • Examples of security measures to protect the processing of personal data.

Section 2: Apply security measures on different data protection processing activities

  • A personal data flow map and the main processing activities of a company.
  • The steps to follow to select the appropriate security measures.
  • The appropriate security measures for the main processing activities and their implementation.

Section 3: Understand data subjects’ rights and apply controls to meet these rights

  • Summary of the data subjects’ rights.
  • Analysis of the conditions when data subjects’ rights can be restricted.
  • The controls that a company can implement to meet data subjects’ rights.

Section 4: Why is important to identify a personal data breach and the relevant information to data subjects and supervisory authority

  • The personal data breach in brief.
  • Develop a Personal Data Breach Response Plan.
  • Notify the supervisory authority for a personal data breach.
  • Communicate a personal data breach to data subjects.
  • Keep records of personal data breaches.
  • Examples of personal data breaches and who to notify.

Course Duration

This course may take up to 5 hours to be completed. However, actual study time differs as each learner uses their own training pace.

The course is addressed to:

This course is addressed to all individuals who are involved in the processing of personal data in an organisation:

  • Designated DPOs in Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Auditors, insurance companies, hospitals, schools and in general DPOs of all organisations.
  • Employees of Investment Firms, Investment Funds, ASPs, Trust Service Corporate Providers, Banks, Law Firms, Accounting Firms, Auditors, insurance companies, hospitals, schools and in general of all organisations involved in the processing of personal data.
  • Executive Directors, Non-executive directors, Senior Managers, Compliance Officers, Risk Managers, Product Managers, etc.
  • Internal Auditors
  • Consultants
  • Lawyers

It is also suitable for professionals pursuing CPD for the renewal of CySEC Certificate (CySEC Basic or CySEC Advance Certificate or CySEC AML Certificate) or other relevant professional certificates in other jurisdictions.

Training Method

The course is offered fully online using a self-paced approach. The learning units consist of power point presentations. Learners may start, stop and resume their training at any time.

At the end of the course, participants take a Quiz to complete the course and earn a Certificate of Completion once the Quiz has been passed successfully.

Accreditation and CPD Recognition

The course can be accredited by regulators and other bodies for 5 CPD Units that require CPD training in financial and other regulation.

Eligibility criteria and CPD Units are verified directly by your association or other bodies in which you hold membership.

Registration and Access

To register to this course, click on the Take this course button to pay online and receive your access instantly. If you are purchasing this course on behalf of others, please be advised that you will need to create or use their personal profile before finalizing your payment.

Access to the course is valid for 60 days.

If you wish to receive an invoice instead of paying online, please Contact us by email. Talk to us for our special Corporate Group rates.


Andreas Nicolaides has more than 10-years experience in the financial Industry. He is the Operations Manager of G.P. GLOBAL LTD offering consulting services and training courses to Investment Firms, Administrative Service Providers and Funds focuses in Internal Audit, compliance & AML issues. He is a member of the Internal Audit team of G.P. GLOBAL LTD and is involved in numerous Internal Audits of Cyprus Investment Firms, Administrative Service Providers and Funds where he is engaged, among others, in the audit for compliance with the GDPR regulatory framework. He has completed a number of trainings on GDPR regulatory framework and assisted a number of Cyprus Investment Firms, Administrative Service Providers and Funds to comply with their GDPR legal obligations.

Andreas Nicolaides holds a BA in Business Management from the Northumbria University (Newcastle – UK). Andreas also holds an Advance and Money Laundering certificate from the Cyprus Securities and Exchange Commission for the provision of investment services/activities.

See more Courses from Andreas Nicolaides

Course Description (click to download)