Audit the Data Processing Documentation obligation under the GDPR

  • Teacher: Data Protection Schemes
  • Level: Intermediate

Audit the Data Processing Documentation obligation under the GDPR

Prove your expertise in auditing the data processing documentation obligations of the GDPR. There are many aspects of a processing activity that a data controller must identify, assess, and document before using a product, process, or service that processes personal data.  The auditing data processing documentation course and exam are based on certification criteria for compliance with the GDPR. The certificate will be awarded to course attendees who achieve an exam score of at least 65%.

Auditing Course and Exam Description

The Data Processing Documentation Audit course and exam covers key areas of expertise that auditors must have to reliably undertake an audit of a data controller's preparation for compliance with the GDPR before approving a product, process, or service that processes personal data. In some instances, documentation must be made available to a supervisory authority on request so that it might serve for monitoring a data controller’s processing operations, or be provided to data subjects at the time when personal data are obtained.

Auditing compliance of data processing documentation with the GDPR is a requirement of the GDPR.

The Data Processing Documentation Course and Exam covers the following key areas of expertise:

  • description of the processing activity including data flows and interfaces
  • documentation of current technical and organisational measures
  • documentation of suitable safeguards for international transfers
  • tests, assessments, and evaluations of the effectiveness of technical and organisational measures
  • personal data processing purpose specification
  • legitimate interest justification
  • necessity and proportionality justification
  • risk assessments
  • data protection policies
  • data protection by design and default
  • contract with data processors
  • obligations imposed on sub-processors
  • information to be made available by the data processor to the data controller
  • contracts with natural persons acting under the authority of a controller or processor
  • internal breach register definition
  • data subject notification process description
  • data subject request response process description
  • data protection impact assessment process description.


Course and certification exam details

Once your course and exam registration fee is paid, attendance at the next available course will be scheduled. Course and exam fees are non-refundable and non-transferable. When you complete the online registration process, you are agreeing to adhere to and accept this condition. It is important that you understand this agreement prior to registration. 

The certification exam comprises 75 questions that must be completed within two hours. It will be accessible via the Examination Platform using the credentials provided to you, on the scheduled examination date.

When you are ready to proceed, sign in to or create your account using your username and password. Click "Register Now" on the course/exam registration page. Make your payment. You may choose to pay by bank transfer or credit card. Follow the onscreen instructions to complete your purchase. (Note: Exams are valid for 3 months from the purchase date. Exams not taken within this period will result in forfeiture of fees.)

To schedule your remotely proctored exam, you will need to agree on a suitable date (typically between 30 and 90 days from registration).

Cancellation/Refund Policy

All purchases of certification exams are final. No refunds or exchanges will be provided. Prices are subject to change without notice.

Should you need to reschedule your exam, you can do so up to 48 hours before your originally scheduled day and time. After this point, candidates must either take the exam as scheduled or forfeit their registration fees.


Contact us to schedule the date of the next exam. 


BACK TO MENU or This email address is being protected from spambots. You need JavaScript enabled to view it. or REGISTER NOW


The Data Protection Systems is a leading provider of IT and AI governance services, privacy-enhancing solutions and training.

Follow us:


Useful Links