GDPR Certification Lead Auditor and Consultant Training

Lead auditor and consultant training on CSA GDPR Certification and Code of Conduct

Join CSA’s two-day Lead Auditor and Consultant Training for the CSA GDPR Certification and Code of Conduct course which will train lead auditors and consultants in the CSA GDPR Code of Conduct and the CSA GDPR Certification. Both these initiatives offer organizations a means to demonstrate their compliance and data protection transparency to GDPR.


The course trains lead auditors and consultants on both the CSA GDPR Code of Conduct Proposal as per Article 40 GDPR and the forthcoming CSA proposal for GDPR Certification as per Article 42 GDPR. The CSA GDPR Code of Conduct as per Article 40 GDPR is currently progressing under the review of the CNIL and the CSA GDPR Certification as per Article 42 GDPR will be submitted to the CNIL for its review in the coming months.

CSA Course

Course Preview

During day one, students will learn the controls covered in the CSA Code of Conduct, starting with the fundamentals of GDPR and the objectives, scope and methodology of the CSA Code of Conduct (CoC). Students will then go through each of the controls covered in the CoC:
• Controls 1-5: CSP declaration of compliance and accountability, CSP relevant contacts, ways in which data will be processed, recordkeeping and data transfer.
• Controls 6-10: data security, monitoring, personal data breach, data portability and migration, and restriction of processing.
• Controls 11-15: data retention, restitution and deletion, cooperation with the cloud customers, legally required disclosure, remedies for cloud customers and CSP insurance policy.
• Governance and Adherence Mechanisms


On day two, students will work through the practical application of the controls with two different case studies. Afterwards, students will review and receive feedback on the work performed in each of the case studies.

The CoC provides Cloud customers of any size with a tool to evaluate the level of personal data protection offered in connection with services provided by different CSPs (and thus to support informed decisions).

Who should take this course?

The CSA GDPR training is aimed towards professionals, wanting to learn how to guide organisations toward GDPR compliance, or audit cloud providers based on the requirements of the CSA Code of Practice for GDPR compliance.


Individual best suited to this course are:
• Auditors and consultants in IT security, privacy and cybersecurity
• Managers in emerging technology, risk and compliance
• Data Protection Officers (DPOs)
• In-house legal counsel, lawyers specializing in privacy, data protection and IT law
• Fintech consultants and specialists


In addition, this training is a requirement for any professional who wants to become a…
• CSA GDPR Certification Lead Auditor
• CSA GDPR Code of Practice Consultant

The CoC helps CSPs of any size and geographic location to comply with EU data protection legislation and to disclose, in a structured way, the level of personal data protection they offer to customers, in connection with their services.

Course Leadership

Paolo Balboni

Founding Partner of ICT Legal Consulting

Top-tier ICT, privacy & data protection lawyer. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity within the Maastricht University Faculty of Law. President of the European Privacy Association. Lead Auditor BS ISO/IEC 27001:2013.

Contact Details

Piet Heinkade 55 (11th floor) – 1019 GM – Amsterdam – The Netherlands
Phone: +31 (0)20 894 6338
Fax: +31 (0)20 808 5050


Do not hesitate to contact us for more information at

Download our brochure