DPO Programme – Module 4 (Virtual)

Number of capacity: 15

Summary

This session integrates operational data protection mechanics into board-level assurance and strategic governance. 

It focuses on Article 30 Records of Processing (ROPA), DPO obligations, documentation architecture, and compliance maturity modelling. 

A 3-hour strategic governance session covering: 

• ROPA completeness and audit utility 
• Processor listing discipline 
• DPO independence requirements 
• Caldicott Guardian interface 
• Governance documentation hierarchy 
• Training assurance evidence 
• Compliance maturity levels (1–4) 
• Board reporting structure 
• Integrated governance dashboard model 

Mapped to NHS DSPT Standards 1–3. 

Course Content

• Article 30 ROPA architecture and audit readiness
• DPO governance and independence
• Documentation and asset ownership mapping
• Compliance maturity assessment
• Annual assurance cycle design 

Expected Outcome

• Maintain an audit-ready ROPA
• Demonstrate DPO structural independence
• Articulate governance maturity at board level