Lead Privacy Implementer

Mastering the Implementation and Management of a Privacy Framework

Duration: 3 days
Prerequisites: Knowledge on the Privacy Framework in Information Security is preferred.

Who Should Attend:

  • Project managers or consultants wanting to prepare and to support organizations on implementing and managing a Privacy
  • Security auditors who wish to fully understand the Privacy Framework implementation process
  • Experienced IT security management professionals
  • IT security professionals interested in earning Privacy Management Framework certification
  • Privacy Officers, Data Protection Officers, and Compliance professionals with an interest in privacy legislation and risk
  • Security professionals with front-line experience
  • Information security staff
  • Expert advisors in information technology
  • Persons and organizations involved in tasks where privacy controls are required for the processing of PII
  • Legal practitioners who wish to understand the practical aspects of privacy frameworks
  • To understand the core competences on Privacy Framework
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective protection of personally identifiable information (PII)
  • To define privacy safeguarding requirements related to PII within an ICT environment
  • To understand the relationship between the components of Privacy Framework with existing security standards and various applicable laws
  • To acquire necessary expertise in privacy governance, specifically in personally identifiable information governance
  • To acquire necessary expertise in privacy risk management compliance connected with personally identifiable information
  • To develop knowledge and skills required to advise for improve organizations’ privacy programs through the use of best practices
  • To improve the capacity for analysis of privacy incident management
  • To understand the relationship between the components of Privacy Framework with existing security standards and various applicable laws and directives


This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Privacy Framework based on ISO 29100, the Generally Accepted Privacy principles and guidance from international information commissioners. Participants will gain a thorough understanding of how to design, build and lead organizations privacy programs covering business processes, ICT systems and services, through the use of best practices. The training provides a privacy framework which specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations and provides references to known privacy principles for information technology. Based on this knowledge delegates will have the skills to build privacy frameworks that allow their organisation to maintain compliance to the many privacy directives and laws worldwide.

General Information

  • Exam and certification fees are included in the training price
  • A student manual containing over 450 pages of information and practical examples will be distributed to the participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
  • In case of failure of an exam, participants are allowed to retake the exam for free under certain conditions

Day 1: Introduction to Privacy Framework concepts as recommended by ISO 29100

  • Introduction to Privacy Framework concepts as recommended by ISO 29100
  • Privacy Framework based on ISO 29100 and regulatory framework
  • Fundamental Principles of Privacy
  • Privacy Legislation US & Europe including the existing and new EU directives
  • Writing a business case and a project plan for the implementation of a Privacy Framework
  • Initiating the Privacy Framework implementation

Day 2: Planning the implementation of the Privacy Framework

  • Preliminary analysis of Existing Controls
  • Leadership and approval of the Privacy Framework project
  • Defining the scope of a Privacy Framework
  • Development of a Privacy policy
  • Selection of the approach and methodology for risk assessment
  • Control Statement and management decision to implement the Privacy Framework
  • Definition of the organizational structure of Privacy

Day 3: Implementing a Privacy Framework

  • Implementation of a document management framework
  • Design of controls and writing procedures and specific policies
  • Implementation of privacy controls
  • Development of a training and awareness program and communicating about the privacy to Development of a training and awareness program and communicating about privacy
  • Incident management
  • Operations Management

Day 4: Privacy Framework measurement and continuous improvement

  • Monitoring, Measurement, Analysis and Evaluation
  • Internal Audit
  • Management Review
  • Treatment of problems and points of concern
  • Continual improvement
  • Competence and evaluation of implementers

Day 5: Certification Exam

  • This training is based on both, theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Practical exercises
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited
  • The “PECB Certified Lead Privacy Implementer”” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts in Privacy Implementation
    • Domain 2: Privacy Implementation Best Practices based on ISO 29100
    • Domain 3: Designing and Developing an Organizational Privacy Framework based on ISO 29100
    • Domain 4: Implementing a Privacy Framework
    • Domain 5: Designing and Implementing Privacy Controls
    • Domain 6: Performance Monitoring and Measuring
    • Domain 7: Improving the Privacy Implementation Process
  • The “PECB Certified Lead Privacy Implementer” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 3 hours
  • For more information about the exam, refer to the PECB section on PECB Certified Lead Privacy Implementer Exam
  • After successfully completing the “PECB Certified Lead Privacy Implementer” exam, participants can apply for the credentials of PECB Certified Provisional Privacy Implementer or PECB Certified Privacy Implementer depending on their level of experience.
  • A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential