The General Data Protection Regulation (GDPR) for EU and non-EU based companies.


The GDPR is important for all EU and non-EU companies that are offering goods or services to identified or identifiable EU natural persons ("data subjects"), organizations processing personal data of EU data subjects, or organizations that monitor the online behaviour of EU data subjects. Non-EU companies that have no local presence in the EU are also in the scope of the regulation.

Target Audience

The program is beneficial to:

- Managers and employees working at the strategic, tactical, and operational levels of risk management, compliance, information security and IT management.

- Data protection and privacy managers, employees, auditors, and consultants.

- Marketing managers and persons involved in profiling.

- Controllers and processors.

- Vendors, suppliers, and service providers.


One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client..


Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis can also lead the class. His background and some testimonials can be found at:

Course Synopsis:

Understanding the General Data Protection Regulation (GDPR)

- An overview of the GDPR.

- What is different now.

- The important decision of the Swiss Federal Council.

Understanding the new regulatory obligations

- Important Articles of the GDPR.

- The increased importance of information security, international standards, and best practices (Art 2, 4, 5, 9, 10, 25, 30, 32, 35, 40, 45, 47).

- "Privacy by design" and "privacy by default" (Art. 25 GDPR), "due regard to the state of the art" ((78), (83), Art. 25, Art. 32 GDPR).

GAP Analysis

- Performing a data privacy assessment for each department - understanding current business processes that create or use customer data.

- Establishing what must be changed: Enterprise-wide privacy governance structure with clearly defined roles and responsibilities, privacy risks and controls, customer profiling, enterprise-wide personal data retention and destruction, handling customers’ personal data requests, privacy data breaches, data breach response, third parties and outsourcing, data across the borders, privacy training tailored to the employee’s roles and responsibilities.

- Policies, Procedures, Communication, Enforcement. Everybody must understand the new obligations - the Board, the CEO, senior management, and all departments.

Case Studies

- Swiss or non-EU organizations that offer goods or services to EU data subjects via their web site or an online shop.

- Swiss or non-EU organizations that process data in EU countries.

- Swiss or non-EU firms that collect data of EU data subjects’ behaviour for marketing purposes.


- The Swiss Data Protection Act (DPA) and the “EU-US Safe Harbour” regulation adopted by Switzerland.

- The revised DPA - largely analogical rules and provisions with the GDPR.

- The decisions of the Swiss Federal Data Protection and Information Commissioner (FDPIC).

For more information, you may contact us.

Terms and conditions

You may visit:

Cyber Security Training

Cyber security is ofter boring for employees. We can make it exciting.

Online Cybersecurity Training

Online Training

Recorded on-demand training and live webinars.

In-house Cybersecurity Training

In-house Training

Engaging training classes and workshops.

Social Engineering Cybersecurity Training

Social Engineering

Developing the human perimeter to deal with cyber threats.

For the Board Cybersecurity Training

For the Board

Short and comprehensive briefings for the board of directors.

Cybersecurity Assessment


Open source intelligence (OSINT) reports and recommendations.

High Value Targets Cybersecurity Training

High Value Targets

They have the most skilled adversaries. We can help.

Which is the next step?


You contact us


We discuss


Our proposal


Changes and approval


We deliver

Cyber Risk GmbH, Cyber Risk Awareness and Training