-
Certificates: Certificate "Data protection officer with TÜV Rheinland-certified qualification"
Certificate "Compliance Officer with TÜV Rheinland-certified qualification" -
Examination: Practical project work with final presentations
Data protection officer with TÜV Rheinland-certified qualification
Compliance Officer with TÜV Rheinland-certified qualification -
Teaching Times: Full-timeMonday to Friday from 8:30 a.m. to 3:35 p.m. (in weeks with public holidays from 8:30 a.m. to 5:10 p.m.)
-
Language of Instruction: German
-
Duration: 8 Weeks
Data protection officer with TÜV Rheinland-certified qualification
Data protection in the company - basics (approx. 2 days)
Structure of the European General Data Protection Regulation
The Federal Data Protection Act - subject matter and objectives
GAP analysis between BDSG and GDPR
Areas of application
Definitions of terms
Principles and rights of data subjects (approx. 1 day)
Principles for the processing of personal data
Legitimate interests
Consent
Transparency requirement
Duty to inform
Rights of data subjects
Rectification and erasure
Right to object
Restrictions
Responsible persons and data processors (approx. 2 days)
Privacy by design & default, risk assessments
Order processing
Register of processing activities
Security of processing
Entry, access and access controls
Data protection impact assessment
Data protection officer (appointment, position, tasks, attitude, probationary period)
Other bodies with a data protection function
The role of the works council (co-determination)
Code of conduct, certification, pre-audit, main audit, post-audit
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Transfer of personal data (approx. 2 days)
General principles of natural transfers
Data transfers to third countries
Supervisory authorities
Responsibilities, tasks, powers
Legal remedies, liability and sanctions (approx. 2 days)
Legal remedies
Liability, fines, sanctions
Special processing situations
Final provisions
Federal Data Protection Act (approx. 1 day)
Scope of application, video surveillance of public areas
Exceptions to the rights of data subjects
DPOs of public and non-public bodies
LDAs, fine regulations, sanctions
IT security and data protection (approx. 3 days)
Network components, storage components (RAID)
Basics of access management
IT security basics
IT baseline protection standards
Risk factors
Improvement options
Other areas of responsibility (approx. 3 days)
Basics of social data protection
Basics of employee data protection
Personnel file, data access and information rights
Setting up and operating a data protection management system and SDM
The legal framework of outsourcing from a data protection perspective
Data protection in the area of marketing and advertising measures
TDDDG (approx. 1 day)
Structure and contents of the Telecommunications Digital Services Data Protection Act
Project work, certification preparation and certification exam "Data Protection Officer with TÜV Rheinland certified qualification" (approx. 3 days)
Compliance Officer with TÜV Rheinland-certified qualification
Compliance basics (approx. 1 day)
Differentiation from ethics
Importance of corporate culture
Change management for a practiced compliance culture
Historical background and international development of compliance
Compliance challenges in the context of globalized markets
Compliance as a competitive advantage
Compliance culture (approx. 3 days)
Compliance culture as an elementary prerequisite for a CMS
Values and integrity management (tone from the top/tone at the top)
Leadership commitment and awareness building
DCGK - Corporate Governance vs. Compliance Management
Code of conduct and compliance policy as the "moral backbone" of a company
Code of Conduct - manifestations and benefits - obligation or "window dressing"?
Implementation of a Code of Conduct: Employment law perspective, co-determination obligations under employment law
LkSG - Supply Chain Due Diligence Act
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Compliance risk (approx. 2 days)
Risk perception and risk psychology
Strategic risk management and enterprise risk management
Risk management as a mandatory management task §§91 and 93 AktG
Compliance risk - terminology and analysis
Compliance risk identification - top-down and bottom-up methods
Compliance risk management - procedures and instruments
Antitrust compliance (approx. 1 day)
European antitrust law under the TFEU and German antitrust law under the GWB
From the "independence postulate" to the "impact principle"
Antitrust law risks - restriction of competition by object or effect
Corruption prevention (approx. 1 day)
Corruption of public officials vs. private corruption
Relationship management, social adequacy and zero tolerance - problem outline
5-step plan
Money laundering prevention (approx. 1 day)
From the catalog of predicate offenses to the all-crime approach
Causal chain, FATF, EU directives, GWG
Obligations under the GWG and the fulfillment of due diligence and reporting obligations
Export control (approx. 1 day)
Principle of free foreign trade and associated restrictions
Basic questions of export compliance, possible legal consequences and sanctions to be observed
Internal Export Compliance Program
Compliance Organization (approx. 2 days)
Compliance as an interface task in the external and internal relationship of a company
Stakeholder analysis and the importance of the concept of corporate social responsibility for compliance management
Importance of the supervisory board in particular for compliance management
Compliance documentation: functions, security measures and documentation content
Whistleblower systems: origins, criteria, benefits, international legal framework (SOX, Dodd-Frank Act, UKBA, Sapin II)
Whistleblower systems (approx. 1 day)
GeschGehG - betrayal of secrets and whistleblowing, justification solutions §§ 138, 34 StGB, criminal law risks for whistleblowers
Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019
Whistleblower Protection Act - HinSchG 2022 - Practical relevance for companies and actual effectiveness with regard to effective whistleblower protection
Options for setting up a whistleblower system and their advantages and disadvantages
Compliance Officer (approx. 2 days)
Classification of the compliance structure, understanding of roles
CMS and Compliance Board as instruments for reducing information asymmetries and establishing effective compliance structures
Tasks and personality profile
BAFIN's MaComp as orientation for the employment contract and job description of a CO
Civil and criminal liability risks of a CO - position of guarantor under Section 13 StGB
Reflections on standing and positioning in the future
Compliance control (approx. 1 day)
Standards ISO 37301 and IDW PS 980
Implementation and testing of a CMS incentive model in accordance with BGH case law
Management and organizational specifications, as well as necessary measures for the implementation of a CMS
High-level structure and PDCA cycle as defining characteristics of ISO 37301
Adequacy and effectiveness checks, internal and external audits, certification of a CMS
Reactions to compliance violations (approx. 2 days)
Internal investigation: right or duty?
VerSanG - driver for compliance?
Conducting an internal investigation - essentials: decision-making authority, urgent measures, emergency plan, data protection, employment law, co-determination obligations, employee surveys
Sanctions and liability
Amnesty programs, termination as a last resort, alternatives: Release, reassignment, transfer, recourse claims
Liability of the management board of the AG, business judgment rule and reversal of the burden of proof
Liability of GmbH managing directors, role of D&O insurance and criminal liability insurance in cases of non-compliance
Crisis communication: principles and strategies
Project work, certification preparation and certification exam "Compliance Officer with TÜV Rheinland certified qualification" (approx. 2 days)
Changes are possible. The course content is updated regularly.
After this course, you will be prepared for the tasks of a data protection officer. You will have the necessary knowledge based on the current EU GDPR for legally compliant handling of personal data, knowledge in the area of data protection organization and IT security.
You will also be prepared for your duties as a compliance officer. You know the basics of company law and can thus minimize liability risks. You will also be familiar with the requirements of a compliance management system.
This course is aimed at specialists and managers who are responsible for data processing, e.g. employees from human resources, administration, quality management or the legal department.
The compliance officer's area of responsibility is growing all the time. Companies in the banking and financial services, insurance and service industries are therefore increasingly reliant on their services. Compliance officers are also increasingly sought after in public administrations, associations and some organizations and corporations.
Persons with additional qualifications as data protection officers act as a link between management, the works council, supervisory authorities and employees.
Didactic concept
Your lecturers are highly qualified both professionally and didactically and will teach you from the first to the last day (no self-study system).
You will learn in effective small groups. The courses usually consist of 6 to 25 participants. The general lessons are supplemented by numerous practical exercises in all course modules. The practice phase is an important part of the course, as it is during this time that you process what you have just learned and gain confidence and routine in its application. The final section of the course involves a project, a case study or a final exam.
Virtual classroom alfaview®
Lessons take place using modern alfaview® video technology - either from the comfort of your own home or at our premises at Bildungszentrum. The entire course can see each other face-to-face via alfaview®, communicate with each other in lip-sync voice quality and work on joint projects. Of course, you can also see and talk to your connected trainers live at any time and you will be taught by your lecturers in real time for the entire duration of the course. The lessons are not e-learning, but real live face-to-face lessons via video technology.
The courses at alfatraining are funded by Agentur für Arbeit and are certified in accordance with the AZAV approval regulation. When submitting a Bildungsgutscheinor Aktivierungs- und Vermittlungsgutschein, the entire course costs are usually covered by your funding body.
Funding is also possible via Europäischen Sozialfonds (ESF), Deutsche Rentenversicherung (DRV) or regional funding programs. As a regular soldier, you have the option of attending further training courses via Berufsförderungsdienst (BFD). Companies can also have their employees qualified via funding from Agentur für Arbeit (Qualifizierungschancengesetz).