Official IAPP Training and Certification

The General Data Protection Regulation (GDPR) requires that many organisations appoint a Data Protection Officer (DPO). The International Association of Privacy Professionals (IAPP) estimates that more than 75,000 DPOs will be required in the coming months. Are you DPO Ready? Whether you are taking your first step of awareness, or are ready for certification as a Data Protection Professional, Deloitte is here to help you along the way.

Deloitte is an official Authorized Consultant Training Partner for the International Association of Privacy Professionals (IAPP), thus offering official training sessions, which include:

• Official courseware

• Authorized instructors (with actual professional experience)

•Certification examination vouchers (for both CIPP & CIPM)

• Exam preparation decks

• 1 year IAPP Membership which will grant you:  

- access to a community of thousands of professionals—like yourself—who are finding inspiration and ideas, working smarter and putting privacy on the map

- access to a wealth of information designed to keep you ahead of the curve on emerging issues

- exclusive privacy-related content, expert analysis, legislative alerts and original reporting.


Course description

Certified Information Privacy Professional (CIPP/E)

Principles of Data Protection in Europe covers the essential pan-European and national data protection laws, as well as industry-standard best practices for corporate compliance with these laws. Those taking this course will gain an understanding of the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows..

The training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Professional (CIPP/Ĺ), certification program.

What You'll Learn?

  • Introduction to European Data Protection;
  • European Regulatory Institutions;
  • Legislative Framework;,
  • Compliance with European Data Protection Law and Regulation;
  • International Data Transfers.

Target audience:

  • Data Protection Officer;,
  • Data Protection Lawyers;
  • Records Managers;
  • Information Officers,
  • Information Officers;
  • Compliance Officers;
  • Human Resource Officers;
  • Anyone who uses, processes and maintains personal data.

Certified Information Privacy Manager (CIPM)

Principles of Privacy Program Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organization through process and technology—regardless of jurisdiction or industry.

The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Manager (CIPM), certification program.

What You'll Learn?

  • How to create a company vision;
  • How to structure the privacy team;
  • How to develop and implement a privacy program framework;
  • How to communicate to stakeholders
  • How to measure performance;

Target audience:

  • Data Protection Officers;
  • Data Protection Managers;
  • Auditors;
  • Legal Compliance Officers;
  • Security Manager;
  • Information Managers;
  • Anyone involved with data protection processes and programs .

Certified Information Privacy Professional (CIPP/E)

Law and regulation based on the GDPR: The “What” of data protection in Europe.


Certified Information Privacy Manager (CIPM)

Implementing privacy in an organization: The “How” of privacy from a management perspective

Course content

Certified Information Privacy Professional (CIPP/E)

Module 1: Data Protection Laws

Introduces key European data protection laws and regulatory bodies, describing the evolution toward a harmonised legislative framework.

Module 2: Personal Data

Defines and differentiates between types of data, including personal, anonymous, pseudo-anonymous and special categories.

Module 3: Controllers and Processors

Describes the roles and relationships of controllers and processors.

Module 4: Processing Personal Data

Defines data processing and GDPR processing principles, explains the application of the GDPR and outlines the legitimate bases for processing personal data.

Module 5: Data Subjects’ Rights

Describes data subjects’ rights, applications of rights and controller and processor obligations.

Module 6: Information Provision

Explains controller obligations for providing information about data processing activities to data subjects and supervisory authorities.

Module 7: International Data Transfers

Outlines options and obligations for transferring data outside the European Economic Area, including adequacy decisions and appropriate safeguards and derogations.

Module 8: Compliance

Discusses the applications of European data protection law, legal bases and compliance requirements for processing personal data in practice, including employers processing employee data, surveillance, direct marketing, Internet technology and communications and outsourcing.

Module 9: Security of Processing

Discusses considerations and duties of controllers and processors for ensuring security of personal data and providing notification of data breaches.

Module 10: Accountability

Investigates accountability requirements, including data protection management systems, data protection impact assessments, privacy policies and the role of the data protection officer.

Module 11: Supervisions and Enforcement

Describes the role, powers and procedures of supervisory authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for non-compliance.

Certified Information Privacy Manager (CIPM)

Module 1: Introduction to privacy program management

Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.

Module 2: Privacy governance

Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.

Module 3: Applicable laws and regulations

Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.

Module 4: Data assessments

Relates practical processes for creating and using data inventories/maps, gap analysis, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.

Module 5: Policiesi

Describes common types of privacy-related policies, outlines components and offers strategies for implementation.

Module 6: Data subject rights

Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.

Module 7: Training and awareness

Outlines strategies for developing and implementing privacy training and awareness programs.

Module 8: Protecting personal information

Examines a holistic approach to protecting personal information through privacy by design.

Module 9: Data breach incident plans

Provides guidance on planning for and responding to a data security incident or breach.

Module 10: Measuring, monitoring and auditing program performance

Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance.


Ralitsa Yanchovichina (CIPP/E)

Ralitsa is a Senior Legal Consultant at Deloitte Bulgaria since October 2014. Before joining Deloitte, Ralitsa had 15 years of professional experience, covering both private and public sector in Bulgaria. Main experience: in the area of corporate law, real estate, concessions, administrative law, providing legal services to business entities and non-governmental organizations and compliance with specific regulatory requirements. Ralitsa gained experience in the field of Data Privacy and Personal data protection by assisting the GDPR compliance project in Deloitte in Bulgaria as well as assisting teams with clients data privacy implementation process and respective data protection procedures in line with the specific clients’ needs and business.

Miglena Miglena Micheva (CIPP/E)

Miglena is an attorney at law and manager in Deloitte Legal law firm with more than 15 years of experience.

Her main areas of expertise are: corporate and commercial law, labor law and regulations in various fields. For the past 7 years, Miglena has specialized in the field of personal data protection, assisting data controllers from different industries in analyzing types of personal data and security measures, creating compliance policies, transferring data to third parties and proceedings before the CPDP.As head of Deloitte's personal data protection team, Miglena is actively involved in GDPR compliance projects for various clients. She is also one of the keynote presenters of personal data protection training sessions, organized by Deloitte individually or in collaboration with other organizations.


Course details

Vendor Course name Duration Dates 2019 Price Registration
IAPP Data Protection Officer (DPO) Training Bundel | CIPP/E+CIPM 4 days November 2020 2795 EUR here
IAPP Certified Information Privacy Professional Training Course (CIPP/E) 2 days November 2020 1795 EUR here
IAPP Certified Information Privacy Manager Training Course (CIPM) 2 days November 2020 1795 EUR here

The trainings will be held in Sofia in Bulgarian language. 

  • Upon interest - dates for delivering trainings in English will be scheduled additionally.
  • Minimum number of participants - 10.
  • The еxact dates will be additionally determined.
  • All prices are VAT excluded

For more information regarding ourcourses, please feel free to get in touch with us.

Contact person:

Sevinch Nuri - Shabanova, CGAP
Manager, Risk Advisory
Mobile: +359 886 366 668


Did you find this useful?