GDPR - Legal Issues -

GDPR - Legal Issues -

The legal challenges of the GDPR

5 hours - 100% e-learning - 12 months of access to the platform - €550 (including tax)

A book or document cover with a light blue background, featuring the title "The Legal Implications of the GDPR" written in white and dark blue, with white geometric shapes.
Training in personal data protection, Apave Certification logo.

The training course "Legal Issues Related to the GDPR" (5 hours) is designed to help professionals involved in personal data protection better understand the specific legal implications of this field: the role and supervisory powers of the CNIL, civil, administrative, and criminal liabilities, administrative penalties, contractual obligations among the various parties, rules governing international data transfers, etc.

It is specifically designed for professionals involved in personal data protection (DPOs, GDPR coordinators, etc.) whose initial training and expertise are primarily in IT and technical fields, and who do not have a legal background, to help them further develop their skills.

Duration

5 hours

Difficulty level

🥚Beginner

🐣Beginner

🐥Intermediate

🐤Advanced

🐓 Expert

Would you like us to deliver this training in a synchronous format (online, in-person, or hybrid)?

Request a quote

Would you like a training program that is customized in terms of content or format?  

Request a quote
  • Play button icon featuring a white circle and a white triangle pointing to the right, a common symbol for playing or starting a video or song.

    4 hours of video

  • A black-and-white illustration of a human head in profile, with a speech bubble containing a list with checkmarks and an X, representing a to-do list or checklist.

    More than 50 quiz questions

  • A white icon of folders and a magnifying glass on a black background.

    2 case studies

  • Document icon with a pen, representing a signature or a form

    Sample DPAs, CtoCs, and JCAs

  • A white icon showing a downward-pointing arrow inside a square with rounded corners, on a black background.

    A wide variety of downloadable content

  • Calendar showing the date 12

    12 months of access to the platform

A smiling man wearing round glasses, with a beard and brown hair, on a white background

Your instructor

Alexis Deroudille holds a doctorate in law, is a graduate of Sciences Po Paris, a member of the Paris Bar, and a certified DPO (IAPP) in accordance with the standards established by the CNIL. He has worked as a Data Protection Officer for many years, serving a diverse client base (including major tech companies, startups, associations, and small and medium-sized businesses), and also has extensive experience in teaching. Finally, he is the author of numerous in-depth articles on personal data protection law.

The educational objectives of the training program

  • Understanding how the CNIL operates and what its powers are

  • Prepare for an inspection by the CNIL and be ready to respond if one occurs

  • Understand the various legal remedies available in the area of personal data protection: complaints to the supervisory authority, civil or administrative lawsuits, criminal complaints, etc.

  • Be able to identify and distinguish between the various forms of liability related to personal data protection: administrative sanctions imposed by the CNIL, civil or administrative liability, criminal liability, etc.

  • Identify the various possible contractual arrangements: from data controller to processor, from processor to subprocessor, from data controller to third party, relationships between joint controllers, etc.

  • Identify processors and subprocessors that provide sufficient safeguards given the sensitivity of the personal data processing activities, and implement procedures for contractually auditing processors

  • Be able to negotiate a Data Protection Agreement (DPA), a Joint Controllers Agreement (JCA), or a Controller-to-Controller Agreement (CtoC)

  • Understand the legal instruments governing the transfer of personal data

  • Be able to map the transfer of personal data in situations involving complex processing chains and initiate a compliance audit of such transfers

  • Assessing the compliance of a data transfer using the "Schrems II test" methodology

The target audience

This training is designed for all professionals—employees, managers, independent practitioners, and self-employed individuals—who wish to enhance their knowledge and skills regarding the legal aspects of personal data protection.

It is aimed in particular at professionals involved in personal data protection (DPOs, GDPR officers, etc.) whose initial training and expertise are mainly IT and technical, and who do not come from a legal background, in order to perfect the exercise of their skills.

Terms and conditions and timeframes for access

Immediately after completing their online registration by paying the registration fee, learners gain immediate access to the e-learning platform. Access to the platform is granted for a period of twelve (12) months of 30 days each, totaling 360 days. This period begins on the date the learner’s access to the LégiSchool e-learning platform is created.

Prerequisites

This training program does not require any specific prior knowledge, but is open only to qualified individuals with at least two years of professional experience (such as a bachelor’s or master’s degree in law or computer science, or significant experience in these fields).

Assessment criteria

This e-learning course includes regular quizzes and multiple-choice questions that provide learners with ongoing feedback on their progress.

Teaching materials — The LégiSchool method

This course, available through our e-learning platform, follows LégiSchool’s standard methodology. Each module is divided into several sections, and each section into several chapters. The chapter is therefore the basic unit (or “building block”) of the course.

Each chapter of a LégiSchool course will always consist of a short instructional video (averaging 10 minutes) accompanied by a course handout that summarizes in writing all the key points covered in the video. Our course materials are comprehensive and feature numerous diagrams, tables, and visuals to ensure maximum clarity.

Finally, learners are encouraged to communicate regularly with a qualified trainer by phone or email through our educational and technical support service.

Learn more

Accessibility

LégiSchool is committed to serving people with disabilities and has developed an Accessibility and Disability Charter for this purpose. All videos available as part of LégiSchool’s e-learning modules are captioned. In addition, additional accessibility features are available for people with disabilities—for example, audio recordings of quizzes and practice exams. To request these, please contact LégiSchool’s accessibility coordinator, whose contact information is provided below.

Learn more

LégiSchool's Accessibility and Disability Coordinator

67 Saint Jacques Street

Phone: 01 43 26 58 10

Email: accessibilite[at]legischool.fr

The detailed training program

Module 1: Liability of Parties and Legal Remedies

Section 1.1. – Preparing for and Handling a CNIL Audit

1.1.1.- The CNIL - Status and Powers
1.1.2.- CNIL Inspections - Procedures for Initiating an Inspection
📝 Quiz #1
1.1.3.- CNIL Inspections - Procedures and Investigative Powers
1.1.4.- CNIL Inspections - Consequences of an Inspection and Sanction Procedures
📝 Quiz #2
1.1.5.- The EDPB and Cross-Border Processing

Section 1.2. – Judicial Remedies and the Liability of the Parties

1.2.1.- Judicial remedies and the right to compensation
1.2.2.- The role of national courts and the CJEU
📝 Quiz #4
1.2.3.- Accountability
1.2.4.- The responsibility of the RT
1.2.5.- The responsibility of the ST
1.2.6.- The responsibility of the DPO
📝 Quiz #5

Section 2.2. – Regulating Contractual Relationships and International Transfers

Section 2.1. – The Legal Framework Governing Contractual Relationships Among Stakeholders

2.1.1.- The relationship from RT to ST
🔍 Case Study #1: DPA offered by a SaaS recruitment software to its clients
2.1.2.- The relationship from ST to subsequent ST
📝 Quiz #6
2.1.3.- The relationship from RT to non-conjoint RTs
2.1.4.- The relationship between conjoint RTs
📝 Quiz #7

Section 2.2. - Regulations Governing International Transfers

2.2.1.- Transfers - Concept and mapping
2.2.2.- Transfers - Adequacy decisions
📝 Quiz #8
2.2.3.- Transfers - Transfers subject to appropriate safeguards
2.2.4.- Transfers - Data Transfer Impact Assessment (DTIA)
2.2.5.- Transfers - Exceptions
📝 Quiz #9 

Disclaimer: This training course does not cover all aspects of personal data protection. In particular, please note that this training is in no way intended to prepare you for the Data Protection Officer (DPO) certification based on the CNIL standards. If you would like a comprehensive overview of personal data protection in accordance with the certification framework for personal data protection training organizations, we invite you to visit the page dedicated to our Objectif DPO training course.

Last updated on December 22, 2025