Opting to enrol in The Privacy Factory’s DPO Training has allowed me to familiarise myself, in a short period of time, with the process of implementing the GDPR in an organisation by using the Plan-Do-Check-Act methodology. I really believe that the combination of 12 classroom meetings and using the online DPO Training and MemoTrainer software, followed by carrying out a work assignment at an external organisation with the help of the ‘Privacy Manager’ tool, was very effective indeed.

In 2017, as a highly-educated sales professional with over 20 years of experience and a clear preference for networking, I decided to expand my expertise and skills to the field of personal data protection. My motivation in taking this step was not just the fact that the function of privacy professional is widely regarded as the job of the future, but also the way it matches my extensive business experience and personal qualities, in terms of making effective and people-oriented connections.

In the course of my training to qualify as a privacy professional, I took on a work assignment at a legal aid office operating nation-wide from 18 establishments throughout The Netherlands. My primary challenge was building support for GDPR implementation, a process to be based on the methodology taught by The Privacy Factory. A pretty tall order, not in the least because at the time – it was still 2017 when I started this work assignment – the overriding sentiments toward the new privacy legislation were typically scepticism and indifference.

In order to enter the training program, I had to complete a selection procedure first. I then started my training with Workshop 1, a classical session introducing the key legal aspects of the General Data Protection Regulation. Followed by Workshops 2 through 12, in which the law was explored from a more business-like perspective, the Plan-Do-Check-Act approach.

These sessions taught us, in a chronological order, which activities need to be carried out in the process and how the organisation must demonstrate having carried them out.
To this day, this planned, systematic approach has helped me in all my assignments to restore order in environments in which implementation of the GDPR had until then been handled in a more or less haphazard, non-structured way.

Having been able to perform this work assignment in the course of my training has allowed me to apply the TPF methodology in real-life, practical conditions and experience hands-on how to deal with the resistance which is a natural ingredient of such projects.

One key element of the training is the online DPO Training platform, consisting of MemoTrainer (questions and answers) and a step-by-step walk-through of the TPF methodology based on an extensive case study. What stands out to me most is that having applied the Plan-Do-Check-Act approach to this ‘Optima’ case study and having completed Workshop 5, I suddenly realised, without having been aware of it before, how much my knowledge of GDPR implementation had progressed.

I think it is during the work assignment that you truly begin to understand and appreciate the practicality of the PDCA approach. Particularly when it comes to explaining which steps need to be taken in what order for the organisation to achieve GDPR accountability. Perhaps equally important is that, in the course of the assignment, you are constantly aware of the support from your TPF coach and your fellow students. The TPF online community and ‘Privacy Cafés’ make it easy to stay in touch.

One of the requirements for successful completion of a work assignment is documenting the results of your GDPR implementation project. This is exactly what The Privacy Factory’s proprietary ‘Privacy Manager’ tool has been developed to facilitate. It allows you, again using the PDCA approach, to schedule all privacy activities to be carried out, to monitor their progress and to collect the necessary proof of performance for each individual activity. Back in 2017, it was still very difficult to convince organisations that it was worth their while to invest the time and administrative workload. In my more recent assignments, using the very same Privacy Manager tool has ensured that, once the projects I initiated had been completed, the organisations I supported were well on their way toward becoming fully GDPR accountable.

Ronald Spek

Naam:Ronald Spek

Certified The Privacy Factory Privacy Professional (CTPP)