The European DIGITAL SME Alliance in collaboration with VUB - Vrije Universiteit Brussel organise the

‘GDPR for SMEs’ training course

New rules, new challenges for businesses. In fact, according to the International Association of Privacy Professionals, it is estimated that at least 28,000 people are needed from 25 May 2018 on to play a new role in the labour market: improving the level of personal data protection for all individuals across the European Union.

The General Data Protection Regulation (GDPR) will become applicable on 25 May 2018 throughout the European Union. This will be the biggest revolution in personal data protection law with worldwide effects. At the same time it will create around 28.000 vacancies for new Data Protection Officers (DPOs) to ensure legal compliance and a high level of protection of personal data and privacy across companies of all sizes and sectors.

Our training GDPR for SMEs is specifically tailored and targeted to people working at ‘digital’ small- and medium enterprises (SMEs) as well as other digital transformation professionals. The course will equip participants with the requisite knowledge and skills to fulfill legal requirements stemming from the GDPR and related legal instruments, guidelines and best practices. Combining theoretical knowledge and practical exercises, this two-days course will train future DPOs to, among others, ensure and monitor company’s legal compliance, manage personal data processing operations and corresponding risks, handle data subjects’ access requests and maintain communication with a data protection authority (DPA). The training will address a wide range of practical issues, from a drafting of a privacy policy to obtaining consent from data subjects and managing customer database, to conducting a data protection impact assessment (DPIA).

Who is this training course for?

The course is tailored for companies (SMEs) and professionals that offer digital services. These companies are often reffered to as ‘digital enablers’.

Their activities include, for example, software development, technology transfer, design and hosting of the web sites, digital marketing, and more broadly technology advice such as big data analysis, IT security support, etc.

If you are a digital enabler, GDPR is legal obligation, but also an opportunity to offer more services to your clients.

What are you getting?

  • Competences necessary to handle new GDPR rules in your company.
  • *15 IAPP approved credits for data protection professionals.
  • Certificate approved by the European DIGITAL SME Alliance.
  • Reading materials.
  • Free individualized consulting during a dedicated season.
  • Templates of the users’ consent form, company’s privacy policy.
*IAPPInternational Association of Privacy Professionals is the world’s largest and most comprehensive global information privacy community. The IAPP approved privacy trainings and certificates are recognised worldwide. IAPP credits are reserved to IAPP members.

Learning goals


Participants acquire general knowledge and expertise about personal data protection law in the EU that allows them to become the DPO of their company


By the completion of the course, participants can identify what and how data protection issues can be solved inside of the company; and what issues would require professional legal advice


Participants can easily navigate within the EU data protection universe (laws, best practices, main actors, etc.).They know where they could seek further information, resources and help, should the need arise


27-28 of April, 2018. Sessions start at 9,00 AM and finish at 18,30 PM


The training will take place in Brussels, Belgium. The exact location TBC


700.00 € (fee includes the two-days-training and all the additional material). Discount for groups!


Theoretical and practical face-to-face training (10 sessions of 90 min each), preceded by the assigned readings

Contact person: Davide Cassanmagnago

Project Manager responsible for GDPR training

Phone: +32 2

consists of leading academics in EU data protection law:

LLM, is a researcher at the research group on Law, Science, Technology & Society (LSTS) at the Free University of Brussels, the member of the Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab). He obtained his LLM in Law and Technology at Tilburg University (2016) and his postgraduate specialist diploma in information and communication technology law at the University of Pécs (2015). He obtained his law degree (JD) at the University of Pécs (2013). His research focuses on the area of privacy and data protection.

is a PhD researcher for the Brussels Privacy Hub at the Free University of Brussels since October 2017. She is an experienced legal advisor and lobbyist who previously worked for the Austrian Chamber of Civil Law Notaries in Brussels. Her research focuses on data ownership, the data economy, AI, social networks and international data transfers. She completed her legal studies at the University of Vienna and KU Leuven specialising in European Law, Public International Law and Human Rights Law. She holds an LL.M in Public International and European Law from KU Leuven (magna cum laude) from 2015.

is a post-doctoral research fellow at the Centre for Law Science Technology and Society at the Free University of Brussels and Adjunct Professor at Vesalius College of Brussels. He graduated from the law faculty at the University of Napoli Federico II in 2010 and completed a Specialisation School for Legal Professions (Napoli Federico II) in 2012. In 2016 he has successfully defended his Joint PhD dissertation titled “Dispute Resolution and New IT Realities” between University of Napoli Federico II and Vrije Universiteit Brussel (VUB), receiving the title of Doctor Europaeus.

joined a PhD program at the Vrije Universiteit Brussel in September 2016. Currently, she works on the Horizon 2020 project titled “Constructing an Alliance for Value-driven Cybersecurity” (CANVAS). She is a Certified Information Privacy Professional (CIPP/E, IAPP). After obtaining an LLM in Law and Technology (cum laude) at Tilburg University (The Netherlands), she completed the European Commission traineeship program at the European Data Protection Supervisor. She worked as a legal intern in a Brussels-based European privacy and data security practice in 2013. She worked as a legal researcher at the Leuven University (CiTiP) in 2014-2016.

LLM, is a full-time researcher with the Research Group on Law, Science, Technology and Society at the Free University of Brussels. He is a founding member of the Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab) at VUB-LSTS. He also freelances at the Centre for Direct Democracy Studies (CDDS) at University of Białystok. His expertise concentrates on the governance of privacy and personal data protection, in particular on the notion of impact assessments for emerging technologies. He has been involved in a number of EU co-funded research projects, such as PIAF, ADVISE, EPINET, LASIE, FORENSOR, PARENT, MATHISIS, PHAEDRA, PHAEDRA II, STAR and PERSONA.

LLM, is a researcher in law and technology and human rights law. He has been involved in several FP7 projects where he has been dealing with the ethical, psycho-social and legal, data protection and medical device aspects of technology developments, with particular focus on medical technologies and mobile technologies and on the implications of technology developments on vulnerable groups, such as the elderly. Eugenio is member of the ethical advisory boards of the FP7 project OPSIC (Operationalizing Psychosocial Support in Crisis).

is a legal scholar in Brussels, Belgium, where he works as a senior researcher at the Research Group on Law, Science, Technology & Society, Free University of Brussels. He is also a registered attorney with the Athens Bar Association, Greece. Since 2016 he has been serving as a member (alternate) of the Hellenic Data Protection Authority. During 2013-2016 he has served as a member of the Board of Directors of the Hellenic Copyright Organisation. He regularly represents the Greek Ministry of Justice in front of EU and CoE law-making bodies. His personal website may be found at

is a researcher in law and technology and human rights law at the Research Group on Law, Science, Technology, and Society (LSTS). He is active in pursuing a number of his research interests at LSTS, including areas such as data protection, privacy issues and problems related to stigmatization and discrimination. With respect to the first of these, he has developed an expertise in privacy and data protection issues in the area of health care delivery. He is in particular interested in the evolving use of patient data in health care delivery and has published a number of articles on these issues.

Please find the detailed TRAINING PROGRAM here.

Organised by:

About European DIGITAL SME Alliance

The European DIGITAL SME Alliance is a community of ICT small and medium enterprises (SMEs). Its members are national sectorial digital SME associations in 28 countries and regions in the EU and neighboring countries, all together it associates more than 20.000 SMEs. DIGITAL SME was established in 2007 (back then it was named Pan European ICT & eBusiness Network for SME) to represent the voice of ICT SMEs and their interests in the European institutions and other international organisations. DIGITAL SME is the first European association of the ICT sector exclusively. This organisation participates in and proposes EU funded projects, organizes conferences and seminars and performs research activities on ICT related areas, among other activities.

In partnership with:

About VUB and d.pia.lab

The Brussels Laboratory for Data Protection & Privacy Impact Assessments, or d.pia.lab, connects basic, methodological and applied research, provides training and delivers policy advice related to impact assessments in the areas of innovation and technology development. Whilst legal aspects of privacy and personal data protection constitute their core expertise, the Laboratory mobilises other disciplines including ethics, philosophy, surveillance studies and science, technology & society (STS) studies. Established in November 2015, the Laboratory constitutes a part of and builds upon the experience of the Research Group on Law, Science, Technology & Society (LSTS) at the Vrije Universiteit Brussel, Belgium.

Cancellation policy:
  • Cancellation must be provided in a written form.

  • Cancellation one month before the beginning of the GDPR traning: 100% refund.

  • Cancellation less than a month before the beginning of the course: no refund available.

  • By applying to this training course, you automatically AGREE with this cancellation policy.

  • In the unlikely occurrence of the circumstances which would make the event non-viable we reserve the right to cancel the event. In such case, registrants will be offered a full refund. Should circumstances arise that result in the postponement of the event, registrants will have the option to either receive a full refund or transfer the registration of the same event at the new date.