Workshops for IOD - DPIA and risk analysis

For those who want to know how to perform
and the implementation of data protection impact assessments and risk analysis.

Certificate and substantive support
after the training

8 key competencies
of the data protection officer

GDPR documentation templates

8 VII 2026 r. - Online - from PLN 550 net

Workshops for IOD - DPIA and risk analysis

During the workshops, participants will learn how to carry out DPIA in accordance with the guidelines on data protection impact assessments (WP 248) issued by the Article 29 Working Party, enabling them to independently carry out the process and properly document it.

The proposed workshops on conducting data protection impact assessments and risk analysis are addressed to people who want to acquire knowledge of how to carry them out and how to implement the results obtained.

What is the detailed schedule for IOD workshops?

Schedule

DPIA and Risk Analysis

Goal

We will discuss the organisation of the Data Protection Impact Assessment (DPIA) process and determine for which processing operations it is necessary.

Through exercises, we will carry out an inventory of assets involved in processing operations. You will learn to assess risk for them. This will enable you to establish adequate security measures for your organisation.

Module 1

09:00 - 11:00

I. Introduction to personal data protection risk management:

basic conceptsorganisation of the risk assessment processdiscussion of selected risk assessment methodologiesnecessary elements of the DPIA process

II. Examining the context of personal data processing:

establishing the external contextestablishing the internal context

III. Security measures minimising risk under GDPR.

Module 2

11:10 - 13:00

I. What is a Data Protection Impact Assessment (DPIA):

purpose of conducting a DPIA, situations where carrying out a DPIA is mandatorynecessary elements of the DPIA processinventory of processing operationsidentification of assets related to processing likely to result in a high risk to the rights and freedoms of natural persons

II. Carrying out a data protection impact assessment and risk assessment for a personal data processing asset:

purpose of risk assessment, benefits of conducting a risk assessmentrisk assessment criteriarisk estimationrisk level

Module 3

13:30 - 15:30

I. Exercises in conducting a risk analysis:

estimating the probability of a threat occurringidentifying vulnerabilitiesidentifying existing security measuresidentifying the effectiveness of existing security measuresestimating consequencesrisk identificationdetermining the risk leveldetermining the risk acceptability threshold

II. Exercises in asset and security measure identification:

determining the process risk value for an assetestimating the probability of a threat occurringidentifying vulnerabilitiesidentifying existing security measuresidentifying the effectiveness of existing security measuresestimating consequencesrisk identificationdetermining the risk leveldetermining the risk acceptability threshold

Module 4

15:45 - 17:15

I. Preparing a risk treatment plan:

risk reductionrisk mitigationrisk avoidancerisk transfer

II. Consultations with the supervisory authority:

scope of information for the supervisory authoritypowers of the supervisory authority

III. Consultations

Download programme Choose a date

Knowledge in practice

Get 8 new IOD skills

1.Knowledge of the most important risk analysis methodologies.
2.Identification of assets involved in data processing operations.
3.Conducting a risk analysis (Art. 32 GDPR).
4.Identification of processes requiring a DPIA.
5.Conducting a DPIA (Art. 32 GDPR).
6.Developing recommendations to reduce risk to an acceptable level.
7.Documenting the risk analysis and DPIA process in accordance with the accountability principle.
8.Consulting with the supervisory authority in the event of unacceptable residual risk.

Guides

Training team

Tomasz Ochocki

Data protection expert

Przemysław Stasiak

IT security specialist

„We train in the way we wish to be trained. We discuss real-world problems and point out tools to help solve them.”

Tomasz Ochocki
Data Protection Officer (DPO) for the ODI content team

Materials to download

Training program

Offer for printing

Terms and conditions

As part of the training you will receive:

Certificate confirming participation in the training, GDPR documentation templates,
post-training substantive support - ODO 24 support, presentation script,
RODO Navigator and RODO Guide and 90-day access to the Dr RODO.

Templates of documentation to demonstrate compliance with the GDPR

See the full list of documents

Opinion of the participants

Opinions

4.9

(173)

Google our ratings

Tomasz G.

2 years ago

I wanted to thank you for the wonderful training I've had at your company, the materials were very well prepared, and the instructor has shown tremendous knowledge and experience.

Aleksandra P.

2 years ago

Training at a very high level, I highly recommend!!! Training materials very useful in everyday work.

Sławomir M.

2 years ago

Mrs. Mecenas, it was an honor to be able to take part in this training, and thank you very much for your professional approach and valuable practical guidance.

Wacław T.

3 years ago

The IOD course organized by ODO24 has met all my expectations, a very practical approach, concrete examples and professional support.

Maria K.

1 year ago

The training was conducted in a way that was understandable even to those without previous experience in this field.

Piotr N.

10 months ago

Very good training, a lot of practical examples, a little bit too little time to ask questions, but overall I'm satisfied.

Anna W.

8 months ago

A professional approach, a great atmosphere during the training, the instructor answered all the questions thoroughly, and I highly recommend ODO24!

Jan K.

1 year ago

It's the best personal data protection training I've ever had, specific examples from real life, not just a dry theory, I recommend it to anyone who works with GDPR.

Katarzyna J.

6 months ago

The training meets my expectations. A lot of practical knowledge, good materials. The only drawback is too much group, so less time for individual consultations.

Michał L.

4 months ago

Excellent training! A very competent conductor with vast experience. Everything explained in a clear and understandable way. The training materials are very useful.

Joanna D.

3 months ago

I recommend ODO24 training to anyone seeking a sound knowledge of the field of ODO: professional service, excellent organisation and excellent teaching facilities.

Andrzej S.

2 months ago

Sometimes the pace was a little too fast, but the conductor was happy to return to the topics discussed earlier at the request of the participants.

Our greatest value is the trust of our customers.

Each person who makes payment for the training at least 14 days before the date will receive a PLN 100 discount.

DPIA and risk analysis - questions and answers

What is a risk analysis?

Risk analysis is a systematic process of assessing potential threats that may adversely affect the achievement of an organisation’s objectives. This concerns all aspects of activity – from financial to operational, technical and organisational. In the context of personal data protection, risk analysis includes, among others:

•identification of personal data: determining which personal data are processed, where they are stored, and how they are used;

•assessment of threats and vulnerabilities: establishing what threats may occur for personal data and which weak points may be exploited;

•assessment of impact: determining the potential consequences for the data subjects if a data protection breach occurs;

•analysis of likelihood: estimating the probability of each identified risk occurring;

•definition of remedial measures: planning actions aimed at reducing the likelihood of a threat occurring and limiting damage in the event of a breach.

How to perform a risk analysis under the GDPR?

Carrying out a risk analysis in the context of the GDPR requires understanding the data processing activities in the organisation and identifying potential threats to their security. The process begins with mapping the assets used for processing personal data and the business processes in which they participate. Next, internal and external risks should be identified, their likelihood assessed and their potential impact evaluated. The organisation must determine whether a risk is sufficiently low to be accepted or whether remedial measures are required. In cases of high risk it is necessary to take actions to reduce it. A risk-handling plan should be developed, the required security measures implemented and the steps taken documented. Finally, it is important to monitor and update the risk analysis regularly to adapt to any new threats or changes in data processing activities.

How often should I conduct a risk analysis in accordance with the GDPR?

Risk analysis should be conducted regularly; however, there is no specific schedule that prescribes how often risk analyses must be performed, as this will depend on the characteristics of the organisation, the types of data it processes and the sector in which it operates.

Good practice suggests that risk analyses should be carried out at least once a year or more frequently depending on the nature of the activities. It is also important to carry out a risk analysis when significant changes occur in the organisation, such as the introduction of new systems, changes to data processing procedures, the launch of new products or services that may affect personal data, or the occurrence of an incident related to data protection.

All of this should form part of a continuous risk management process within the organisation.

What our customers say about our services

Marcin Wieczorek

Wojas

„I am very impressed with the high level of substantive expertise of the training staff"

From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.

Scope of Services:

DPO Course

Magdalena Węglewska

Mazda

„We can wholeheartedly recommend ODO 24 as a professional and reliable partner"

For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.

Agnieszka Karłowicz

Spiżarnia

„A practical approach, continuous advisory availability, and positive working relationships"

We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.

Tomasz Siwicki

Gefco

„I recommend the company ODO 24 as a professional partner"

For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.

See all references